I don’t think it’s possible anymore to conclude that
because “X’s computer did this” that “X did this”.

I say that for several reasons.

First, the rampant proliferation of malware is amazing.
I think at this point, the authors of viruses/worms/spyware/
adware/whatever are churning out new releases faster than
others are figuring defenses.

Second, the reactive nature of most of those defenses (e.g. signatures
in anti-virus databases) means they’ll always be behind.

Third, the poor design and implementation of many heavily-used
pieces of software (Outlook comes to mind immediately) guarantees
malware authors a steady supply of holes to exploit.

Fourth, as we all sadly know, anti-virus/anti-spyware/anti-*
programs are often out-of-date or not used or disabled.

Fifth, contemporary malware is increasing tenacious, and takes
active steps to avoid countermeasures. Personally, I think the
concept of “removing” a virus or spyware was always silly:
the only way to fix a compromised system is to wipe the drives
and restore from known-good media. To me, this isn’t just
a best practice, it’s the only practice. Anything else is just
wishful thinking.

The combination of all these factors and others is why enormous
numbers of systems (overwhelmingly Windows boxes) have been
compromised. The much-discussed recent NYT piece quotes an
estimate of 70M; I think it’s about 5 times that. But whatever the
exact number, it’s something in the neighborhood of 10e8.

That’s a lot of zombies.

The new owners of those boxes can do anything they want with
them — including using them to host kiddie porn web sites, to
send out spam promoting those sites, to host DNS for those sites,
and thus to run their entire illicit operation entirely on other
folks’ hardware and network connections. It’s not much a step
from there to using those same systems to implicate their former
owners.

(Am I saying that’s what happened in this case? No. I’m just saying
that it’s well within the realm of possibility.)

Night Owl: “Who decides what’s moral(?)”

You do.

Can you handle the responsibility?

That is the difference between legality and morality. The law can tell you how you must behave to be accepted in a society, but it has no place prescribing what you may think or judge as right and wrong. Or would you rather have your private thoughts and behaviours dictated by some nanny-state socialist who thinks an imaginary man in the sky who only speaks to them should have the last word on it?

“…that people usually reject Christianity, yet somehow expect to maintain “morals”.”

Religion is not the definition of morality. Religion attempts to prescribe morality. In some case it does a very good job, for example where it basically says “treat others as you would would want them to treat you”. In other respects it totally fails, such as where it says “Any woman who touches a man without his permission should have her throat cut”. I highly recommend you study morality/ethics in the context of such thinkers as Plato, Spinoza, Bentham etc.

I deal with it on an almost daily basis. From the article it seems likely that the teacher went to the hairstyling website and that installed spyware via a drive-by download. You know, you go to a website and it’s just “Here ya go. A great big bundle of spyware. No license agreement or pesky yes/no popups to agree to, we’ll give it to you anyways.”

Remember those? Yeah, they still happen. Not as much thanks to security patches, but at the time this event probably occurred they would have been more common. Truthfully, I have to blame the school’s system administrators. Certainly they share the blame. For one, there was no filtering software installed at the proxy. For a school, I find this an inexcusable lapse. For another from the description it seems likely it was a drive by download (see above). Many of the flaws exploited by those were patched in various security updates from MS. Anyone want to be the school wasn’t keep up on their updates? I know I’ve had to clean the crap out of the student computers in my mother’s classroom at school. The system was woefully behind on updates. Put it this way, the system got infected with one of the MSBlast type variants a good year or two after that virus first came out. If the computer wasn’t patched, that further takes the fault off the teacher.

This is madness and showcases beautifully the judicial systems inability to deal with technological cases requiring knowledge not immediately available to them

I would be worried (if I lived in the US) if this is representative of a lot of other types of cases (complex fraud for example) which also require a detailed knowledge to understand

I do security (end user security) its my job and yes MS systems are the most consistently compromised systems on the market – whether that is due to numbers, inherent flaws or whatever I’ll leave to others to decide but personally for all its flaws I still like XP

Any system that is infected with anything more serious than a bog standard worm should be rebuilt – sorry it’s true. The amount of times I have seen machines that support have spent hours on removing infections become reinfected a few days later is… well its a lot ;0)

The problem lies not just in removing hidden malware but in any little changes it may have made to your machine to make it more vulnerable – your virus checker doesn’t usually spot these

Admittedly its not always possible to rebuild every time due to manpower but I try to get my teams to work on a two strike basis as a minimum – 2nd infection and its rebuilt every time

I’ve seen so many bots that can do exactly what is mentioned – surf themselves etc its not funny, most of the time they do this it’s not even to attract you to the sites but to earn the creator pay-per-click revenue

One of my friends got into severe trouble last year when his girlfriend went into his history and found some NASTY porn sites in there but he’d never even seen a pop-up. Turns out he’d managed to get a worm which was opening internet sites quietly in the background, and it wasn’t until I showed her the times of the access and that he’d apparently been surfing for hot goat action while they were both at our house having a barbecue that she finally put the frying pan down ;0)

As for surfing for hairdressing – it’s not a crime surely? And how many sites thrive on misspellings to get bisiness?

So yes unless there is more hidden evidence lots of room for reasonable doubt

As for the comment “State Prosecutor David Smith said he wondered why Julie Amero didn’t just pull the plug on her classroom computer” – come on be honest if it was you would you not be tempted to try to close down all the windows quickly and delete the history and keep quiet in case anyone thought you’d done it deliberately? Lots of people do and if I thought they were handing out 40 year penalties I’d probably panic myself!

Either way – 40 years (anything above community service actually) is ridiculous and the type of reactionary sentencing I would expect from a military junta not a major super power

The judge needs locking up not the teacher – rant over ;0)

If a computer doesn’t have sufficent adware protection, you can get caught in a porn site loop. I’ve had that happen to me several time on computers that didn’t have proper protection, and I’d go to one innocent site and BAM!, hundreds of porn pop-ups would, heh, pop-up. I’d have to shut the comp down and restart to get rid of the crap. I’m glad to say that now those paticular computers now have good adware and virus protection.

I think the judge that convicts this person should go to jail and be sued, until they have proper evidence that this woman was purpously looking at the poor then there shouldnt even be a case, the most that should happen in a case like this is the teachter should be lightly monitored for a limited period of time by some authority, but thats the MOST that should EVER happen in a case like this, if at all. But the small minded judge (evidently totally igonorant to computers) wants to sentence a teacher to 40 years in prison for something the computer itself could of done, such as a script or a virus or a trojan or most of all SPYWARE, lets face it folks the computer has the capabiltiy to do things without your action due to malicious codes that are loaded onto your computer just by surfing the internet, or perhaps a hacker could of planted the codes or software there, take it from me the computer has the capability to pop up unwanted pages without your consent, this teacher innocent until proven quilty, how do you know that someone else didnt put this stuff on here computer. This kinda stuff has happened to me just by simply surfing the internet and i know good and well that i didnt put anything on my computer to make porn pop up.

WHY MAKE SUCH A BIG DEAL OVER PORNOGRAPHY!!???

40 YEARS!!? YOU HAVE GOT TO BE *U**ING
$#I&ING ME!!! *Sigh

I don’t see why she should even be punished for such an event. They didn’t see pictures of people getting their heads blown off or instructions on how to snap someone’s neck,so why get so riled up over this. I see no harm in showing a pre-teen pornography, and it isn’t as if they were harmed in any way.

It may have been hard-core type pornography,but sex is a fact of life,it is violence that is unneccessary,so why punish her especially to the point it is portrayed as to be worse than stabbing someone?

If she was to stab or brutally injure another person instead of showing pornography to pre-teens,she wouldn’t have gotten in so much trouble.

Those pre-teens were not harmed in any way.
(maybe unless they were tought to be)

The teacher is not a criminal or a pervert,
(Even if she likes hardcore pornography)
but she is a victim of a screwed up justice system that lets clowns like OJ simpson get away.
(“If I did it” OJ Simpson? It should really be called
“If I didn’t do it,and said I did because I wish I’ve done it,but I’ve somehow got her blood on my clothes.”)

Sunbel software and other security specialists are helping compile an appeal case for the teacher involved

http://www.theregister.com/2007/02/04/teacher_conviction/

Some interesting facts that I couldn’t find in the original posts

1) The PC involved was running Windows 98 SE
2) The PC was running IE5
3) The PC was running a very out of date virus checker
4) The teacher had been TOLD not to turn off or log off the machine, since as she was a teaching sub someone else would have had to log it back on for her as she did not have a log on
5) The evidence from the defense security experts was deemed unadmissable as the prosecution argued there had not been full disclosure

it goes on…

Basically the judge should be sent down, as should the prosecutor, as should the investigator, as should the schools IT dept… the one person who should clearly not be serving any time is the teacher. I hope that after more sensible head prevail she is released to sue the hell out of them

On another note – the middle school where this occured now states that they have “installed security software and a filtering system”. Unless they have also upgraded their OS this means little – any school running Win98 and allowing access to the internet by children from such a system is negligent in my opinion. So if your kid goes to Kelly Middle School you should be contacting your school governors (if not outright assaulting them for lack of due care)

Is this a sick joke? She could have killed and raped her whole classroom and probably have gotten less time. What the fuck is wrong with the world right now.