And this is the main reason why even if ISP's find that someone's computer is downloading CP, they should not automatically jump to the conclusion that their CUSTOMER is downloading CP, especially if they have a wireless router (even if it is passworded, it can STILL be broken into given enough time) or more than one person in their home.
Even with an anti-virus software installed on your computer and an anti-malware software installed, it is still very possible for a computer to be infected by malware/spyware/viruses that are not on the list yet.
To be blunt, it is just impossible to prove whether someone whose computer was downloading CP or anything else illegal was doing it by their command or by the command of a virus that was unknown or unknown at the time that the CP downloading supposedly took place.

God, what a nightmare for that guy! I'm glad he was vindicated and can sleep well now, even if he is out of a job.

Anyone should be responsible for their computer. If someone else takes over your computer and hacks a government (or anyone else's) system through it, you should be liable (at least partially) for the damage caused, because of your negligence. It's like if someone took your gun and shot someone (self) because it was improperly secured.
If he just got a computer that was administrated by the company's IT department, it's their fault that they didn't care enough to secure the computer they should look after. They should get fired in the end.

That's like saying if someone steals your car and runs over people, you're in the §hit.

so if that was you, your response in court etc would be "I done it" and get sent off to prison for some virus maker's idea of a joke? If anything like that happened to you i don't think you'd want to be responsible for it

So you say that you may hack whatever you want, download and distribute porn etc. from your computer, then just install some virus on it and claim it wasn't your fault at all?
That's just ridiculous!

If anything the person responsible for making the virus should be prosecuted, who would make a virus to do such a thing. And i am against piracy etc but you don't always get a virus from that just a dodgy web page is enough

Where exactly do you think he got the virus from if not on a porn site.

From what i've learned, viruses on web pages don't come from legit sites like google and msn...

Only "underground" sites with suspicious content try to hack into your computer to get a return ($) for their content.

In the end, this wouldn't have happened if he had used Firefox.

ZOMG!

With sudden surge of XSS compromised sites recently, not to mention it has been going on for years, people are just plain stupid to even think that by avoiding "underground"/"bad" sites they are immune. From what rock did this people crawl out from?

Another ZOMG! True, your chances of being compromised are a lot smaller. But that's all. FF still has bugs. Heck any software has bugs. "Hackers" knows a lot more bugs/loopholes about a certain software than the developers of that software.

I'm betting this kind of people are already infected, only they are so full of themselves to think they are above the problem.

I suspect it was a virus in his brain.

Seatrotter, I understand what you are saying but what I was implying is that the probability of this happening with firefox were pretty thin.

Considering this :
-How likely is it to have your computer infected by a virus that downloads child pornography, not likely.
-How likely it is if you use Firefox, even less likely.

So less likely than not likely, is pretty close to not happen no ?

I'm a bit sensitive to semantics(?) today so although you didn't mention the words "never"/"impossible"/etc, "wouldn't have happened" is pretty much clear on where it stands.

While we're at it, I'd like to rephrase about "Hackers" and bugs: "Hackers" can compromise a software/system in ways developers couldn't have thought of or thought highly unlikely.

As for the possibility of being in a situation you mentioned, "close to" is what it is. Let's put it in another perspective. Let's say that the chances it can happen is 1:1,000,000. Almost unlikely to happen but when you consider the population w/ a computer connected to the net, you're talking about a great deal of people getting screwed.

I think a lot of people are just too wrapped-up on the concept that a virus "downloading" p3d0 p0rn on someone's computer would only happen if that person is being blackmailed. Seriously, has anyone who thought so, also considered that the virus is not "downloading" it but "storing" it (yeah, semantics) for distribution. Why? Do you want to get caught distributing something illegal? If you have a brain, you wouldn't want it traced back to you. Solution? Use zombie computers to distribute your wares.

poor windows users. linux rocks

linux... as long as you don't completely trust your linux setup, know how to probe deeply into your system and know how look for "anomalies", frequently doing so, and have a bootable cd loaded w/ security tools to frequently scan your setup for god-like rootkits (in case you've gotten too complacent/arrogant), then I guess your all set. but then again, you can also do these w/ other platforms.

Well said. +2

I'm stuck with my "not happening" thing.

In addition of getting infected by a child pron downloading trojan, and using Firefox, the event itself was pretty unlikely. I explain.

So, from what the story tells :
The infected computer was inside a corporate site.
The computer that was infected had a antivirus installed.
The antivirus itself, wasn't up to date due to a negligent IT staff.
The guy that normaly worked on that computer was suspected of downloading porn.
He got caught.
He got fired.
He got accused in court.

So, tell me, how many guys are in this situation ? 1 million ? Probably more like 100 to be generous.

Considering there are 1,173,109,925 Internet users in the world.
http://en.wikipedia.org/wiki/List_ [...] rnet_users

100/1,000,000,000(I rounded)* 1/1,000,000 =

1/10,000,000,000,000 So to me, i'ts pretty unlikely.

To be fair, the probability of that specific event happening was already small. And the story doesn't even say if he was actually using Firefox. I was just stating firefox in my initial text because I just downloaded the new version.

1. Why the hell did they go through his browser cache?
2. Why the hell did he not goto Tools > Options > Privacy > Check "Always clear my private data..." ?

Oh man! People are just trying to be know-all.

First of let's make things simple by focusing on getting infected, by just browsing, w/ a malware that turns your computer into a zombie (a lot of people just can't seem to separate their "this-person-is-guilty" emotions w/ other facts).

Being inside a corporate network means jack-sh!t nothing if people inside these corporate netowrks can browse the internet. Remember that numerous legitimate sites are being compromised daily, to serve malware.

To date, FireFox, like any software, has a history of bugs/security issues that has allowed it to be compromised w/o the user knowing it. It is more secure than some other browsers but that doesn't mean there isn't a way to compromise it in a practical manner (as opposed to just theoretical).

That is just FireFox. What about the other software that is commonly used that is integrated to a browser, such as Adobe Flash? You turn off your flash plugin and disables javascript? So what? Javascript and Flash alone are so heavily used today in services and websites that a lot of people just can't afford to completely turn them off, even manage when to turn it on/off.

And how did you come to that computation 1/1,000,000 scaled to 1,000,000,000 isn't 1/10,000,000,000,000. When you're scaling up (from 1,000,000 to 1,000,000,000) the result will be more not less. Conversely, scaling down will result to less not more. Also the example probability (1/1,000,000), will always be the same no matter what the actual number is. Think of it as percentage. 50% will always be 50%. Why? because it is the result of a computation from a given set of data. If the sample data is 100 out of 200, and you use a bigger sample data, you'll still get roughly the same proportion. 10,000 out of 20,000. Going back, 1/1,000,000 will always be that. What you will get if you include an actual sample data is an actual data, not some new proportion. 1,000,000,000? Out of that population, you'll get 1,000. True? 1,000/1,000,000,000 = 1/1,000,000. That's 1,000 users infected out of 1,000,000,000.

As for the antivirus, improperly configured means more than outdated virus definition. If that AV has some protection against tampering w/ the system, an improperly configured AV could also mean that it wasn't enabled. Even if you have an updated AV, all it takes is a new/variation type of packing/encrypting for malware (plus an anti-debug mechanism) to defeat signature and behavioural detection. And if its payload is a hardened rootkit, you're screwed.

I don't care if the guy is actually guilty or not (though just because someone d/l'd pr0n doesn't unequivically mean that person d/l's ch!ld pr0n. simple logic. also, if you've been around the corner for some time you'll notice that not all perverts are turned on by ch!ld pr0n), but saying that he can not be a victim of malware is just living in a fantasy (especially when "use firefox" gets thrown a lot so easily).

I understand that you're not a big Firefox fan and that you like to argue. You're probably also one of thoses "People how are trying to know-all", as I am.

Just to make it clear. I did not scale 1/1,000,000 to 1,000,000,000.

Because considering there might be only 100 person ( I understand that this is purely an impression, make it 10 000 if you want) in the world that conrespond to those criterias :
The infected computer was inside a corporate site( behind a good firewall I assume)
The computer that was infected had a antivirus installed.
The antivirus itself, wasn't up to date due to a negligent IT staff.
The guy that normaly worked on that computer was suspected of downloading porn.
He got caught.
He got fired.
He got accused in court.

It means that the probability of you (or me) being one of them is 10 000/1 000 000 000.

Now regardless of me (or you) being one of these 10 000 unlucky persons, you have a probability of 1/1,000,000 of being infected by a virus that downloads child porn while using firefox.

So to fit in these 3 categories at once you have to multiply the probablities.

If you have 100 people, 50% of them are blond, 30% of them are women and 25% have blue eyes.

What's the probability of finding a Blond woman with blue eyes ?
50/100*30/100*25/100 = 37500/1,000,000 or 3,75%

That said, I completely agree with you that it's a dream to think that using firefox would prevent all malware.

It's just that the guy has already so unlucky to be caught in this situation that all he needed was little more luck (like 0,00001%) and maybe this wouldn't have happened at all.

It's been nice, arguing with you.

Good day.

I may also be "People how are trying to know-all", but at least I set a clearer boundary on what I know and up to what point. Let's take for example the stance on browser. I'm an Opera user. Although I rarely suggest to people to use Opera, I wouldn't say something like "In the end, this wouldn't have happened if he had used Opera." I'd say something like "Try Opera, it's more secure." or "With Opera, he could have avoid being infected." Also I wouldn't confuse "pretty unlikely" to "not happening". Remember, your target audience are those who aren't that conscious about security or "tech-savvy" (otherwise, you wouldn't need to say such statements) and those choice of words will seed arrogance. To them "not happening" is the same as "never gonna happen".

For the probabilty arguement, I guess I was wrong to say that you scaled. Unfortunately for you, you made a fatal mistake of broadening the scope of the probability beyond what the initial argument was. Remember, the initial arguement (where the example 1/1,000,000 prob was used) was about a specific malware and while using FF. You then mixed that up w/ things completely irrelevant to getting infected, such as getting caught, fired, and accused in court. W/o those irrelevant parameters, you be getting something much, much higher/bigger. Now, if the initial arguement was about the guy, then it would make sense. And while at it, people will I agree when I say that we both are guilty of using fantasy-level optimism in getting infected. The chances are actually much higher than what were given as examples.

So it has to end, huh? Sorry it was you that I had to argue w/ (I'm not much into arguing anyway, as I find it too tedious to register just to post a comment) since I've got too light of a load of work these days . Yeah, the guy was pretty unlucky (to be caught, since no doubt a lot are in the same situation as he is, only the employer is not that vigilant in persuing an investigation).

To other readers, when it comes to the browser, yes, use FireFox. Use Opera. Safari? Apple refused to fix a bug so, no. Both are more secure than IE, just don't get too complacent. Always stay vigilant, even if browsing just "safe" sites.

Thanks for keeping your cool and being a sport.

Have a nice day too

Tons of people could be infected with this virus and storing pedo pron. The difference would only be that the infected systems haven't been detected by the company, nor would this one if there wasn't the excessive traffic but not all traffic is as closely monitored.