Completely ridiculous...
There is no justification for asserting control over resources that are not yours!! If someone steals something from you, do you have the right to break into their house and steal it back? No, you do not... You need to provide evidence and proof, then the state will get it back. Too many legal problems with this... If your neighbor is playing his music too loud, do you have a right to go over to his house and smash his stereo? No, you do not. You call the authorities and they get them to turn it down or they get fined...
Not to mention the legal loopholes in this idea!
What defines a malicious process and who defines it?
Where is the line drawn when killing that process and who draws that line?
If in the process of "shutting down" a malicious process are you prepared to bear the cost of the business functionality you just killed with the process? I didn't think so...

What it really comes down to is this... We live in a society where it is NOT acceptable to take the law into your own hands, plain and simple, and that's what strikebacks are really about...
What needs to happen is there needs to be a way for people to report this activity to a place that will address the issue immediately... if there are enough reports, then the provider from where it is originating should get fined. If that provider chooses to pass that cost onto the actual customer, then so be it... if people have to start paying for their insecure systems you just might see more people practicing due diligence. Maybe that's not the solution... but allowing a Wild West atmosphere most definitely is not.

Contrary to what Mr. Mullen says, this is not about Information Technology.
This is about the rule of law.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/134/17603#17603