Search Our Essay Database

Essay Instructions: This Wikipedia article below will serve as my case study for my paper. For supplementary material, please read Wikipedia entries on computer viruses, spyware, Trojan horses, and computer insecurity. I have attached all this info below for you and will also email the same info. You may also want to conduct a search for additional material.

I need the paper to be at least 1,500 word analysis of the malware case. APA style.

In your analysis, explain how the problem of malware qualifies as a problem of "many rules" and how it qualifies as a problem of "many hands". What moral principles, values, or rules should have been considered by the people involved? Who should be held responsible for the perpetuation of malware? What rules, regulations or procedures can you recommend so that similar incidents can be avoided in the future? You should make use of the malware case materials, other course readings from Weeks Three and Four. Please make sure that you fully acknowledge all sources.

Defination:
Malware is software designed to infiltrate or damage a computer system, without the owner's informed consent. There are disagreements about the etymology of the term itself, the primary uncertainty being whether it is a portmanteau word (of "malicious" and "software") or simply composed of the prefix "mal-" and the morpheme "ware". Malware references the intent of the creator, rather than any particular features. It includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other U.S. states [1].
Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful bugs.
In computer security, computer virus is a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an "infection", and the infected file, or executable code that is not part of a file, is called a "host". Viruses are one of the several types of malicious software or malware. In common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware; viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware.
While viruses can be intentionally destructive, for example, by destroying data, many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. A time bomb occurs during a particular date or time, and a logic bomb occurs when the user of a computer takes an action that triggers the bomb. The predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources.
Today, viruses are somewhat less common than network-borne worms, due to the popularity of the Internet. Anti-virus software, originally designed to protect computers from viruses, has in turn expanded to cover worms and other threats such as spyware, identity theft and adware. Included in the many types of viruses are:
Trojan horses
A Trojan horse is just a computer program. The program pretends to do one thing (like claim to be a picture) but actually does damage when one starts it (it can completely erase one's files). Trojan horses cannot replicate automatically.
Worms
A worm is a piece of software that uses computer networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew.
E-mail viruses
An e-mail virus will use an e-mail message as a mode of transport, and usually will copy itself by automatically mailing itself to hundreds of people in the victim's address book.
A computer virus will pass from one computer to another like a real life biological virus passes from person to person. For example, it is estimated by experts that the Mydoom worm infected a quarter-million computers in a single day in January of 2004. In March of 1999, the Melissa virus spread so rapidly that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be dealt with. Another example is the ILOVEYOU virus which occurred in 2000 and had a similarly disastrous effect.
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:
In the field of computing, the term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.
In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet. Spyware can collect many different types of information about a user. More benign programs can attempt to track what types of websites a user visits and send this information to an advertisement agency. More malicious versions can try to record what a user types to try to intercept passwords or credit card numbers. Yet other versions simply launch popup advertisements.
This article is about computer system security. For Odysseus' subterfuge in the Trojan War, see Trojan Horse.
In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.
Often the term is shortened to simply trojan, even though this turns the adjective into a noun, reversing the myth (Greeks, not Trojans, were gaining malicious access).
There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.
Example of a simple Trojan horse
A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer.
[edit]
Example of a somewhat advanced Trojan horse
On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type.
When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.
[edit]
Types of Trojan horses
Trojan horses are almost always designed to do various harmful things, but could be harmless. They are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:
? Remote Access Trojans
? Data Sending Trojans
? Destructive Trojans
? Proxy Trojans
? FTP Trojans
? security software disabler Trojans
? denial-of-service attack (DoS) Trojans
Some examples are:
? erasing or overwriting data on a computer.
? encrypting files in a cryptoviral extortion attack.
? corrupting files in a subtle way.
? upload and download files.
? allowing remote access to the victim's computer. This is called a RAT. (remote administration tool)
? spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'.
? setting up networks of zombie computers in order to launch DDoS attacks or send spam.
? spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
? make screenshots.
? logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
? phish for bank or other account details, which can be used for criminal activities.
? installing a backdoor on a computer system.
? opening and closing CD-ROM tray.
? harvest e-mail addresses and use them for spam.
[edit]
Time bombs and logic bombs
"Time bombs" and "logic bombs" are types of trojan horses.
"Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer.
[edit]
Droppers
Droppers perform two tasks at once. A dropper performs a legitimate task but also installs a computer virus or a computer worm on a system or disk at the same time.
[edit]
Precautions against Trojan horses
Trojan horses can be protected against through end-user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damage to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden, it is harder to protect yourself or your company from it, but there are things that you can do.
Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:
1. If you receive e-mail from someone that you do not know or you receive an unknown attachment, never open it right away. As an e-mail user you should confirm the source. Some hackers have the ability to steal address books, so if you see e-mail from someone you know, it is not necessarily safe.
2. When setting up your e-mail client, make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this, it would be best to purchase one or download one for free.
3. Make sure your computer has an anti-virus program on it and update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on; that way if you forget to update your software you can still be protected from threats
4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense "close the hole" that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches, your computer is kept much safer.
5. Avoid using peer-to-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because they are generally unprotected from viruses and Trojan Horse viruses spread through them especially easily. Some of these programs do offer some virus protection, but this is often not strong enough.
Besides these sensible precautions, one can also install anti-trojan software, some of which is offered free.
[edit]
Methods of Infection
The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.
Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse.
Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment.
For this reason, using Outlook lowers your security substantially.
Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.
A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.
[edit]
Well-known trojan horses
? Back Orifice
? Back Orifice 2000
? Beast Trojan
? NetBus
? SubSeven
? Downloader-EV
Many current computer systems have only limited security precautions in place. This computer insecurity article describes the current battlefield of computer security exploits and defenses. Please see the computer security article for an alternative approach, based on security engineering principles.
Contents
[show]
?

[edit]
Security and systems design
Most current real-world computer security efforts focus on external threats, and generally treat the computer system itself as a trusted system. Some knowledgeable observers consider this to be a disastrous mistake, and point out that this distinction is the cause of much of the insecurity of current computer systems - once an attacker has subverted one part of a system without fine-grained security, he or she usually has access to most or all of the features of that system. [citation needed] Because computer systems can be very complex, and cannot be guaranteed to be free of defects, this security stance tends to produce insecure systems.
The 'trusted systems' approach has been predominant in the design of many Microsoft software products, due to the long-standing Microsoft policy of emphasizing functionality and 'ease of use' over security. [citation needed] Since Microsoft products currently dominate the desktop and home computing markets, this has led to unfortunate effects. However, the problems described here derive from the security stance taken by software and hardware vendors generally, rather than the failing of a single vendor. Microsoft is not out of line in this respect, just far more prominent with respect to its consumer marketshare.
It should be noted that the Windows NT line of operating systems from Microsoft contained mechanisms to limit this, such as services that ran under dedicated user accounts, and Role-Based Access Control (RBAC) with user/group rights, but the Windows 95 line of products lacked most of these functions. Before the release of Windows 2003 Microsoft has changed their official stance, taking a more locked down approach. On 15 January 2002, Bill Gates sent out a memo on Trustworthy Computing, marking the official change in company stance. Regardless, Microsoft's latest operating system Windows XP is still plagued by complaints about lack of local security and inability to use the fine-grained user access controls together with certain software (esp. certain popular computer games).
[edit]
Financial cost
Serious financial damage has been caused by computer security breaches, but reliably estimating costs is quite difficult. Figures in the billions of dollars have been quoted in relation to the damage caused by malware such as computer worms like the Code Red worm, but such estimates may be exaggerated. However, other losses, such as those caused by the compromise of credit card information, can be more easily determined, and they have been substantial, as measured by millions of individual victims of identity theft each year in each of several nations, and the severe hardship imposed on each victim, that can wipe out all of their finances, prevent them from getting a job, plus be treated as if they were the criminal. Volumes of victims of phishing and other scams may not be known.
Individuals who have been infected with spyware or malware likely go through a costly and time-consuming process of having their computer cleaned. Spyware and malware is considered to be a problem specific to the various Microsoft Windows Operating Systems, however this can be explained somewhat by the fact that Microsoft controls a major share of the PC market and thus represent the most prominent target.
[edit]
Reasons
There are many similarities (yet many fundamental differences) between computer and physical security. Just like real-world security, the motivations for breaches of computer security vary between attackers, sometimes called hackers or crackers. Some are teenage thrill-seekers or vandals (the kind often responsible for defacing web sites); similarly, some web site defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. An example of the latter is Markus Hess who spied for the KGB and was ultimately caught because of the efforts of Clifford Stoll, who wrote an amusing and accurate book, The Cuckoo's Egg, about his experiences. For those seeking to prevent security breaches, the first step is usually to attempt to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it. The precautions required for a home PC are very different for those of banks' Internet banking system, and different again for a classified military network. Other computer security writers suggest that, since an attacker using a network need know nothing about you or what you have on your computer, attacker motivation is inherently impossible to determine beyond guessing. If true, blocking all possible attacks is the only plausible action to take.
[edit]
Vulnerabilities
To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. These threats can typically be classified into one of these seven categories:
[edit]
Exploits
Software flaws, especially buffer overflows, are often exploited to gain control of a computer, or to cause it to operate in an unexpected manner. Many development methodologies rely on testing to ensure the quality of any code released; this process often fails to discover extremely unusual potential exploits. The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file.
[edit]
Eavesdropping
Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system (ie, with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware such as TEMPEST. The FBI's proposed Carnivore program was intended to act as a system of eavesdropping protocols built into the systems of internet service providers.
[edit]
Social engineering and human error
A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as Social engineering.
[edit]
Denial of service attacks
Denial of service attacks differ slightly from those listed above, in that they are not primarily a means to gain unauthorized access or control of a system. They are instead designed to overload the capabilities of a machine or network, and thereby render it unusable. This type of attack is, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only of small pieces of code. Distributed denial of service attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers") are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. There are also commonly vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.
[edit]
Indirect attacks
Attacks in which one or more of the attack types above are launched from a third party computer which has been taken over remotely. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such as the tor onion router system.
[edit]
Backdoors
Methods of bypassing normal authentication or giving remote access to a computer to somebody who knows about the backdoor, while intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing "legitimate" program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the prescense of other programs, users, services and open ports. It may also fake information about disk and memory usage.
Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.
See also: Category:Cryptographic attacks
[edit]
Reducing vulnerabilities
Computer code is regarded by some as just a form of mathematics. It is theoretically possible to prove the correctness of computer programs (within very limited circumstances) though the likelihood of actually achieving this in large-scale practical systems is regarded as unlikely in the extreme by most with practical experience in the industry -- see Bruce Schneier et al.
It's also possible to protect messages in transit (ie, communications) by means of cryptography. One method of encryption ?the one-time pad ?has been proven to be unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis (See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.
Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.
In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it's usually possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Extremely few, if any, attackers would audit applications for vulnerabilities just to attack a single specific system. You can reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.
[edit]
Security measures
A state of computer "security" is the conceptual ideal, attained by the use of the three processes:
1. Prevention,
2. Detection, and
3. Response.
? User account access controls and cryptography can protect systems files and data, respectively.
? Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering.
? Intrusion Detection Systems (IDS's) are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
? "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored.
Today, computer security comprises mainly "preventive" measures, like firewalls or an Exit Procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet, and is normally implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel) to provide realtime filtering and blocking. Another implementation is a so called physical firewall which consists of a separate machine filtering network traffic. Firewalls are common amongst machines that are permanently connected to the Internet (though not universal, as demonstrated by the large numbers of machines "cracked" by worms like the Code Red worm which would have been protected by a properly-configured firewall). However, relatively few organisations maintain computer systems with effective detection systems, and fewer still have organised response mechanisms in place.
[edit]
Difficulty with response
Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult for a variety of reasons:
? Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other anonymising procedures which make backtracing difficult and are often located in yet another jurisdiction. If they successfully breach security, they are often able to delete logs to cover their tracks.
? The sheer number of attempted attacks is so large that organisations cannot spend time pursuing each attacker (a typical home user with a permanent (eg, cable modem) connection will be attacked at least several times per day, so more attractive targets could be presumed to see many more). Note however, that most of the sheer bulk of these attacks are made by automated vulnerability scanners and computer worms.
? Law enforcement officers are often unfamiliar with information technology, and so lack the skills and interest in pursuing attackers. There are also budgetary constraints. It has been argued that the high cost of technology, such as DNA testing, and improved forensics mean less money for other kinds of law enforcement, so the overall rate of criminals not getting dealt with goes up as the cost of the technology increases.
[edit]
Further reading
There are operating systems designed specifically with security in mind, such as the operating system OpenBSD, which is widely considered one of the most heavily code-audited operating systems available.
There is an extensive culture associated with electronic security; see electronic underground community.
[edit]
See also
? Computer forensics
? Computing
? Cryptography (aka cryptology)
? Data remanence
? Defensive programming
? Full disclosure
? Hacking
? Protection ring
? Physical security
? RISKS Digest
? Security engineering
? Software Security Assurance
? Data recovery
? Microreboot
? Restartability
? Crash-only software
? Antivirus software
? OpenAntivirus
? Computer virus
? Spyware
? Adware
? Worms
? Trojan horse
? Malware
? virus hoax
? List of computer viruses
? List of computer virus hoaxes
? List of trojan horses
? Timeline of notable computer viruses and worms
? Turing completeness
? Black hat
? Security through obscurity
? Spam
? Melissa worm, ILOVEYOU
? Category:Spyware removal ? Programs that find and remove spyware
? Palm OS Viruses


Past readings and links, if they can fit into this paper:

Introduction

During this unit we will begin to consider some of the moral dilemmas encountered in the realm of computing by computer technology and content creators, computer technology and content users, public officials, and ordinary citizens. None of the issues that we discuss will be easy -- if they were easy, they would not be dilemmas.
We cannot expect to know what is right and wrong in the world of computing (or any other realm of human activity) if we do not possess a capacity for moral reasoning, a kind of activity which can be usefully distinguished from moral knowledge or, simply, "morality."

Very briefly, morality is the basic content of our moral beliefs (for instance, the idea that killing and theft are wrong). There are many sources of moral beliefs, including religious teachings, social norms, secular traditions, negotiated settlements, etc. Sometimes moral knowledge is "sanctified" in a moral code. The Ten Commandments is one example of one such code. It has been argued that the Bill of Rights is another such code.

Moral reasoning, in contrast, is the process of examining and justifying moral beliefs (for instance, explaining WHY theft and killing are wrong, whether they are ALWAYS wrong, and whether they are sometimes morally OBLIGATORY -- such as stealing to feed starving children or killing in self-defense). There are at least three different aspects to moral reasoning:

First, moral reasoning entails the study and development of one's ethical standards. Common sources of moral beliefs, including emotions, laws, and social norms, can deviate from what is truly ethical. Therefore, it is necessary to examine periodically one's ethical standards to ensure that they are reasonable and well-founded.

Second, moral reasoning also involves studying our personal conduct, and striving to ensure that we, and the institutions we help to shape, live up to moral standards that are reasonable and solidly-based.

And, third, moral reasoning encompasses the ability to offer moral reasons to others, justifying one?s behavior and the policies that one supports, as well as the ability to examine critically justifications given by others for their behavior and the policies they support. From this point of view, moral reasoning is a social activity -- not one that individuals practice in solitude.

We will be relying on five different moral theories to help us resolve morally problematic situations involving computer and computer network technology:

1) Deontology is a theory of rights -- according to this theory, certain actions (like murder and torture) are prohibited because they violate rights.

2) Utilitarianism (or consequentialism) is a theory of outcomes -- according to this theory, no action (even murder and torture) can be automatically rejected because they may in certain situations enable us to produce good results.

3) Fairness (or justice) is a theory that says we should treat people as they deserve, which places a presumption upon equality -- unless there is a valid reason for treating people unequally. There are many different kinds of equality -- including economic, social, and political.

4) Virtue is a theory that asks us to live according to the best/most noble human qualities, i.e., courage, generosity, tolerance, self-control, etc. Of course different cultures view different qualities to be best and most noble.

5) Common Good is a theory that asks is to consider the general welfare of the entire community, rather than our own self-interest. Of course, there are different ways to define and delineate community (e.g., local, national, global, virtual) and most people belong to more than one community.

If you have already taken either The Global Challenge or The Life of the Mind, you will hopefully recognize some of these concepts. However, no one should panic or feel discouraged if these are new ideas. We will be spending Weeks Three and Four reviewing these moral theories and applying them to some relatively simple case studies. In future weeks, we will use these theories to delve into a variety of more complicated economic, social, political, global, and educational issues related to the use of computers and computer networks.


3.2 Critical Questions
This week we will consider several important questions different moral theories and the applicability to moral dilemmas in computing. Please keep these questions in mind as you complete the required readings and prepare to participate in class discussion.
? What is utilitarianism? How do utilitarians resolve moral dilemmas? What are the main strengths and limitations of utilitarian arguments?

? What is deontology? How do deontologists resolve moral dilemmas? What are the main strengths and limitations of deontological arguments.

? What is virtue ethics? How do virtue ethicists resolve moral dilemmas? What are the main strengths and limitations of virtue-based arguments?

? What is the common good? How do we determine the common good? How do we decide whose good "counts"?

? What is fairness? How do we decide what is fair in different cases?


3.3 Required Readings

Markkula Center for Applied Ethics at Santa Clara University, "A Framework for Thinking Ethically": http://www.scu.edu/ethics/practicing/decision/framework.html

Markkula Center for Applied Ethics at Santa Clara University, "Calculating Consequences": http://www.scu.edu/ethics/practicing/decision/calculating.html

Markkula Center for Applied Ethics at Santa Clara University, "Rights": http://www.scu.edu/ethics/practicing/decision/rights.html

Markkula Center for Applied Ethics at Santa Clara University, "Ethics and Virtue": http://www.scu.edu/ethics/practicing/decision/ethicsandvirtue.html

Markkula Center for Applied Ethics at Santa Clara University, "Justice and Fairness": http://www.scu.edu/ethics/practicing/decision/justice.html

Markkula Center for Applied Ethics at Santa Clara University, "The Common Good": http://www.scu.edu/ethics/practicing/decision/commongood.html

These excellent "mini-essays" do a fine job of introducing the these major ethical theories. Please read each of them carefully and post questions and requests for clarification on the discussion board.



Case: MP3s on Campus
http://ethics.sandiego.edu/resources/cases/Detail.asp?tfm_order=ASC&tfm_orderby=Category&ID=35

Case: Unauthorized Downloads
http://ethics.sandiego.edu/resources/cases/Detail.asp?tfm_order=ASC&tfm_orderby=Category&ID=95





There are faxes for this order.

Essay Instructions: Dear Sir/Madam:
First of all, thanks a lot for helping me in developing my research proposal. I attach you down this page what I have in mind for my research proposal. Please develop it to sound more academic to get approval. Feel free to edit/alter/ omit what is unnecessary in this first draft. I have proposed it to one school. They liked it but they said "it needs more depth and references". The research proposal should be around 900 words. If you have any question, please do not hesitate to contact me.

Name: Hassan M. Alhassan

Degree applying for: Ph. D. in Education/TESOL


Title:
The relationship between IPA ESL learners' attitudes toward using language computer program and their overall achievements

Introduction (50 words):

Attitude plays a significant role in our lives as teachers and learners. It affects both instructors and students' conception of new technology used in teaching English as a second language. According to such perception and attitude toward new computer program used, e.g. Longman interactive study, Dynamic English, etc. in the learning process, learners' overall achievement and success are determined.

Problem Statement (250):

IPA, the Institute of Public Administration, is a governmental organization on charge of training and developing government's employees and young Saudi high-school graduates. It offers a variety of different three years programs in banking operations, office management, accounting, sales, marketing, etc. English is an obligatory course for the previous programs. Our students must study English for one academic year and successfully graduate upon completion. After graduation from the ELC, they enroll in their majors where English is used as the main language for communication and text book content.

To enhance and develop our learners' proficiency in English, IPA spends millions on English language computer programs. However, the outcomes are not as expected. Our learners at the ELC are not benefiting well in using the English computer programs. Moreover, the learners have negative attitudes when using these programs. Consequently, the ELC teachers are not satisfied with the students' performance. Why we are having such difficulties in making use of these computer programs? This is one of the main objectives of the proposed study.

Significance(100):

The purpose of this study is to investigate what the reasons are hindering our students from appropriately using, and learning from the computer programs. It will diagnose an ongoing problem, suggest solutions for it, and evaluate the whole process. It is also going to save the efforts, time and money allocated for these programs with no return. In other words, efficiency at the ELC will be promoted. Moreover, IPA does not function in isolation. The other educational and training organizations, domestically and internationally, have definitely similar difficulties. Therefore, the outcomes of this study will be of a great help and guidance for other academic institutions around the world.

Research Questions

To what extent does the ELC students' attitude toward computer program affect their overall achievements?

To what extent do the ELC teachers' attitudes toward computer programs influence the learners' attitudes and perceptions of these programs?

These two major questions raise other implied ones:

a. Is there a relationship between the learners' attitudes and their success in using and benefiting from the computer programs?

b. Is there a relationship between the teacher' attitudes toward computer programs and the learners'?

c. Which one influences the other?

e. Is the general attitude negative? What triggers such attitude? And what can we do to alter it?

f. What are the pedagogical implications resulting from the outcomes of the previous inquiries?

Proposed Methodology and Research Design (250 words)

Proposed time frame (50 words, or what you think is Adequate )

Refernces (20):

Regards,

Hassan M. Alhassan




There are faxes for this order.

Essay Instructions: Goedel,Escher&Bach: An Eternal Golden Braid, Douglas Hofstadter,1999,
"Will a computer program ever write beautiful music?" pg 767-677

Essay Instructions: Good evening. We are divided into groups for this "group project" in this class with each group assigned a set of cases to write on. Each person in the group must write on one particular case and then compare it with the others. I will first here provide the general info on the paper. Then I will follow with my case that I need to write on. Then I will include the other cases as part of the paper is to compare/contrast (see general instructions) for reference. I will then be faxing the summaries put together by the other member of my group as well as faxing the hard copy of our chat discussion on the project. For this project my team is the "Blue Team." I just wanted to tell you as some of the information references our team. Thank you for your hard work on this project for me. If it wasn't for work, I'd be doing this myself.

GENERAL PAPER INFORMATION:
* Each member of a team will be asked to select a case assigned to the group and write an essay that:
a) discusses the Rule(s) of law in the case as it relates to our assigned reading;
b) the case issues as they influence (or are influenced by) our society:
c) the Court's conclusions and whether you agree with them; and
(d) compare and contrast your case with the other cases
assigned to the group.

* Each response should be double spaced in Microsoft Word.

* I encourage each group to discuss their assigned cases.

* Group Chat:
The group chat is necessary to be able to write the portion of your paper that is the compare and contrast discussion. Share your research and observations on your case.
Keep in mind, these are actual cases. Unfortunately, our judiciary doesn't always write these things as an exciting read. Try not to get bogged down by administrative or procedural discussions that detract from the larger issues we are reading about.

MY CASE STUDY:
Case 3: Injunction Issued Under Digital Millennium Copyright Act Anticircumvention Provisions; No Exceptions Shown; No Fair Use Defense Available; Enforcement Not
Unconstitutional Under First Amendment.

Universal City Studios, Inc. v. Reimerdes,
82 F. Supp. 2d 211 (S.D.N.Y. 2000).

FULL CASE http://www.law.uh.edu/faculty/cjoyce/copyright/release10/Universal.html

SYNOPSIS:
The district court granted the motion picture studios a preliminary injunction enjoining the information service providers from providing DeCSS circumvention technology or their Internet web sites that permits users to decrypt and copy plaintiffs? copyrighted motion pictures from digital versatile disks (?DVDs?). The CSS (Content Scramble System) is an encryption-based security and
authentication system used to provide access control and copy protection to inhibit the unauthorized reproduction and distribution of motion pictures released in DVD format. The DeCSS is a software utility developed from ?hacking? the CSS that enables users to break the CSS copy protection system and hence make and distribute digital copies of DVD movies. In so ruling the district
court applies the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA). The plaintiffs do not argue that the DeCSS technology infringes their copyrights, but rather that the DeCSS technology offered by the defendant circumvents their copyright protection system and thus facilitates infringement. The defendants asserted that the ISPs are not proper parties, the DeCSS falls within one or more exceptions to DMCA?s anti-circumvention provisions and is therefore not illegal, the application of the DMCA to prohibit posting of the DeCSS technology violates defendants? First Amendment rights, and a preliminary injunction would constitute an unlawful prior restraint on protected speech. The court dismissed each of the asserted defenses. Here it was undisputed that the DeCSS defeats CSS and decrypts copyrighted works without
the authority of the copyright owners. The court determined that the service provider exemption in Section 512(c) only provides protection from liability
for copyright infringement. This service provider exemption does not apply to circumvention products and technologies prohibited by the DMCA. The court also determined the reverse engineering exception does not apply because, among other reasons, the exception permits reverse engineering of copyrighted computer programs only and does not authorize circumvention of technological systems that control access to other copyrighted works, such as movies. The encryption research exception was also found inapplicable. There was no suggestion that any defendant was engaged in good faith encryption research. Most importantly, the court determined that the fair use defense does not apply to
anticircumvention cases under the DMCA because Congress did not so provide in the DMCA. The court also ruled that enforcement of the DMCA anticircumvention provisions does not violate the First Amendment, and application of the DMCA anticircumvention provisions to prohibit the production and distribution of the DeCSS circumvention technology does not violate the First
Amendment. Furthermore, the court determined the prior restraint doctrine does not require denial of the preliminary injunction.

SOME LINKS ASSOCIATED WITH MY CASE - CASE #3: (JUST FYI - YOU CAN USE THEM OR NOT USE THEM)
http://www.tomwbell.com/NetLaw/Ch07/Universal.html
http://www.cs.princeton.edu/courses/archive/spr01/frs136/dvd/dvd-mpaa-3-mo.htm
http://www.silha.umn.edu/spring2001.htm
http://laws.lp.findlaw.com/2nd/009185.html
http://www.cs.princeton.edu/courses/archive/spring01/frs136/dvd/20010119_ny_eff_appeal_brief.html
http://www.bc.edu/schools/law/lawreviews/meta-elements/journals/bclawr/44_2/06_FMS.htm


OTHER "BLUE TEAM" CASES:
Blue Team Case 1: Circumvention of Technology Access Control Measures and Copy Protection Measures Likely to Violate Digital Millennium Copyright Act.
RealNetworks, Inc. v. Streambox, Inc., 2000 WL 127311 (W.D. Wash. Jan. 18, 2000) (settled).

Full Case: http://www.law.uh.edu/faculty/cjoyce/copyright/release10/Real.html

Synopsis:
The district court granted RealNetworks an injunction enjoining the defendant from manufacturing, importing, licensing or marketing versions of the Streambox VCR product or similar products that circumvent RealNetworks? technological security measures or versions of the Streambox Ferret product or similar products that modify RealNetworks? RealPlayer program, including its interface, source code or object code. Using RealNetworks? Secret Handshake proprietary protocol and copy switch, owners of audio and video content can prevent unauthorized copying of their content. The RealNetworks digital rights management technology allows users to adopt various e-commerce methods of distribution, including allowing users to listen to, but not record, music that is on sale, either at a website or in a retail store. It also enables users to listen to content on a ?pay-per-play? basis. The Streambox VCR device mimics a RealPlayer and circumvents the Secret Handshake authentication procedure that a RealServer requires before it will stream content and ignores the Copy Switch used to determine whether the user is allowed to make a copy. The Streambox VCR circumvents both the access control and copy protection measures. The Streambox VCR enables users to make digital copies of content that the copyright owner has indicated should not be copied. The court determined that under the Digital Millennium Copyright Act (DMCA) the Secret Handshake authentication procedure that must take place between a Real Server and
a Real Player before the Real Server will begin streaming content to an end-user appears to constitute ?technological measure? that ?effectively controls access? to copyrighted works. The term ?circumvents? in the DMCA includes ?avoiding, bypassing, removing, deactivating or otherwise impairing? the protective technological measure. The Streambox VCR meets the test for liability under the DMCA because at least a part of the Streambox VCR is designed to circumvent the access control and copy protection methods that RealNetworks affords to copyright owners. Streambox is not entitled to avoid the circumvention DMCA claim based on fair use grounds because the copyright owners have made it clear through their adoption of RealNetworks technological protective measures that they do not want their content copied. RealNetworks showed the court that it would likely suffer irreparable harm if the Streambox VCR device is distributed. RealNetworks also demonstrated that it was likely to succeed on is contributory/vicarious infringement claims with respect to the Streambox Ferret product.

Blue Team Member Case #2:

Likely Violation of Digital Millennium Copyright Act
Anticircumvention Provisions Shown.
CSC Holdings, Inc. v. Greenleaf Electronics, Inc., 2000 WL 715601 (N.D. Ill. June 2, 2000).

Full Case: http://www.rsarosdy.com/2000WL715601.txt

Synopsis:
The court granted plaintiff?s motion for a preliminary injunction prohibiting the use of pirate decoders to fraudulently obtain cable services. The plaintiff employed encoding or ?scrambling? as the primary security method to prevent subscribers from receiving programming services for which they have not paid. The defendants engaged in the business of selling for profit unauthorized ?pirate? cable decoding devices for use with Cablevisions?s cable systems. The plaintiff sought injunctive relief under 47 U.S.C. ?? 553 et seq. of the Communications Act and the Anticircumvention provisions of the Digital Millennium Copyright Act, 17 U.S.C. ?? 1201 et seq. The court determined the Plaintiff had demonstrated that defendants were likely to have violated Section 17 U.S.C. ? 1201 prohibiting the circumvention of technological measures which are designed to control access to a copyrighted work.

Blue Team Member Case #4 : Modifications To Meet Customers Requirements Exempt From Copyright Infringement Due to Scenes A Faire Doctrine
Computer Management Assistance Company v. Robert F. De Castro, Inc., 220 F. 3d 396 (5th Cir. 2000).

Full Case: http://www.ip-surveys.com/cma.htm

Synopsis: The Fifth Circuit affirmed the district court?s ruling in favor of the defendants finding no copyright infringement, trade secret misappropriation of trade
secrets and unfair competition. CMAC obtained a copyright for its ACCESS computer program for the picture framing industry. ACCESS is a front-end pricing program. The court applied the abstraction-infiltration method to determine whether FACTS infringed ACCESS. There were no literal similarities between IMC?s FACTS and CMAC?s ACCESS. The court found the expressive
similarities were filtered out of the computer program based on the scenes a faire doctrine. Here the court found the similarities were dictated by external factors
or particular business practices. The modifications IMC performed to the generic FACTS software were dictated by the business practices and demands of De Castro and, therefore, were ruled to fall within the scenes a faire exception. IMC adopted FACTS to fit De Castro?s needs. FACTS was not shown to be substantially similar to ACCESS. CMAC did not demonstrate that FACTS is
substantially similar to ACCESS or that the defendants has misappropriated substantial elements of the ACCESS program. Similarly, CMAC?s proof was lacking on its trade secret misappropriation and unfair trade practices
claims. There was no proof that IMC?s programmers actually saw CMAC?s ACCESS source code. Here the unfair trade practices claim was not preempted by Section 301 of the Copyright Act. There were no facts shown to bring the case within the unfair trade practices statute.

Blue Team Member Case #5:
Napster?s System for Exchanging MP3 Files Not Eligible
For Safe Harbor Protection Under Section 512(a) of the
Digital Millennium Copyright Act.
A&M Records, Inc. v. Napster, Inc., 2000 WL 573136 (N.D. Cal. May 12, 2000).

Full Case: http://www.ce9.uscourts.gov/web/newopinions.nsf/4bc2cbe0ce5be94e07a37b9/c4f204f69c2538f6882569f100616b06?OpenDocument

Synopsis: The district court denied Napster?s motion for summary adjudication of the applicability of the safe harbor provision of the Digital Millennium Copyright Act, 17 U.S.C. ? 512(a). Napster operates a peer-to-peer system to permit users to exchange MP3 files stored on their own computer hard-drives directly, without payment. The MP3 files are actually transmitted over the Internet rather than through the Napster system even though the process could not be effected but for the Napster server. Section 512(a) of the DMCA establishes five conditions for business activities to fall within the safe harbor provisions. The Plaintiffs allege that Napster does not perform the function protected by Section 512(a) because the infringing material is not transmitted or routed through the Napster System.
Another factor was that Napster did not implement a copyright compliance policy after the litigation had been instituted. Napster expressly denied that the
transmission of MP3 files ever passes through its servers. The court determined under these circumstances Section 512(a) does not protect the transmission of MP3 files. Napster does not perform the passive conduit function eligible for protection under Section 512(a). Therefore, Napster?s motion for summary judgment was denied.

Follow-up message to BLUE TEAM:
Hello, everyone! Here is an interesting article on MP3s.
http://www.cnn.com/2003/TECH/ptech/10/01/popsci.mp3.essentials/index.html


NOW YOU HAVE ALL THE CASES. REMEMBER PLEASE THAT MY CASE IS CASE #3. I WILL FAX THE REST OF THE INFORMATION ASAP.

THANKS AGAIN!
There are faxes for this order.