Author: Synetech

Self-Viewing Data Files

Synetech Leave a comment

This article shows one way of creating self-viewing data files. Examples of such things include self-extracting archives and self-playing videos. Self-viewing data files are executable files that put the data and the viewing program together in a nice neat little packa-ge.

This will require two programs, the player and the creator. The player will be embedded as a resource inside the creator. The creator extracts the player (aka the “stub”) and saves it as the target file, then embeds the data file in that as a resource. The player, when run will read the data file from it’s resources and display it.

To accomplish this, there will need to be a few functions that access or manipulate resources. Here are the ones required and who the onus falls on:

StepFunctionResponsible
1Insert  viewing program as   resource into creator program   You, programmer
2Extract viewing program from resource and save to file       Creator program
3Insert  data file       as   resource into viewing program   Creator program
4Extract data file       from resource and save to file/displayViewing program

The obvious way to do this is to use the native resource functions. Unfortunately, the functions for updating resources is not available for Win9x systems, only the ones for reading them are. There is a way to add the missing support by using the MSLU but that adds to the size and requires including a DLL with the program. An easy alternative is to manually handle the “resources” by injecting them in and extracting them from the stub. This is the method used in this article. We’ll break down the work into the separate programs. First the player.

The Player (stub.exe)

Step 4
The viewing application (the stub) will need to be able to extract the data from itself. The data will be located at the end of the executable, followed by the size of the data (so that we know how much data there is), and finally a signature. Here is some (surprisingly) simple code—sans error checking—to read a chunk of plain text:

void ReadResource() {
    CFile  f;
    DWORD  sig =0;
    LONGLONG size =0;
    CString t =_T("");
    //open itself for reading
    if (f.Open(__argv[0], CFile::modeRead)) {
        //read the last 4 bytes of the file and check if it is the signature
        f.Seek(-((LONGLONG)sizeof(sig)), f.end);
        f.Read(&sig;, sizeof(sig));
        if (sig==0x12344321) {
            //read the size
            f.Seek(-((LONGLONG)(sizeof(size)+sizeof(sig))), f.end);
            f.Read(&size;, sizeof(size));
            if (size) {
                //seek to the start of the data
                f.Seek(-((LONGLONG)(size+sizeof(size)+sizeof(sig))), f.end);
                //allocate a buffer for the data and read it
                f.Read(t.GetBufferSetLength((UINT)size), (UINT)size);
                //display the read data in the edit control
                GetDlgItem(IDC_EDIT1)->SetWindowText(t);
            }
        }
        f.Close();
    }
}

Other types of data can be read in the same manner.

The Creator (create.exe)

Step 2
We can use the same technique as above to read the stub from the end of the creator program, but here is a way to do it with the normal method of using resources (which is supported):

//search for and locate the stub resource
HRSRC shstub=FindResource(NULL, MAKEINTRESOURCE(IDR_STUB), _T("BIN"));
if (shstub) {
    //verify the size of the stub
    DWORD rs=SizeofResource(NULL, shstub);
    if (rs) {
        //load the stub resource
        HGLOBAL hstub=LoadResource(NULL, shstub);
        if (hstub) {
            //lock the stub resource to get a pointer to it's first byte
            BYTE* stub=(BYTE*)LockResource(hstub);
            if (stub) {
                //create an executable file
                CFile stubf;
                if (stubf.Open("stub.exe", CFile::modeCreate|CFile::modeWrite)) {
                    //copy the stub to the file
                    stubf.Write(stub, rs);
                    stubf.Close();
                }
                UnlockResource(hstub);
            }
        }
    }
}

Step 3
The stub is now written to the disk but is just a viewer. We have to inject the data file for it to display:

//get the data to be injected (simple edit box in this case)
UpdateData();
CString  t =::GetWindowText(GetDlgItem(IDC_EDIT1));

CFile    f;
LONGLONG size=0;
DWORD    sig =0;

//open the player file
if (f.Open("myfile.exe", CFile::modeReadWrite)) {
    //we need to check if there's already something there
    //read the last 4 bytes from the player file and check if it's a signature
    f.Seek(-((LONGLONG)sizeof(sig)), f.end);
    f.Read(&sig;, sizeof(sig));
    if (sig
==0x12344321) {
        //there's already a resource there, so we'll have to replace it
        //read the size of the existing resource
        f.Seek(-((LONGLONG)(sizeof(size)+sizeof(sig))), f.end);
        f.Read(&size;, sizeof(size));
        if (size) {
            //add the size of the size and signature
            size+=sizeof(size)+sizeof(sig);
            //truncate the file, leaving just the stub
            f.SetLength(f.GetLength()-size);
        }
    }

    //seek to the end of the file
    f.Seek(0, f.end);
    size=t.GetLength();
    //write the data file to the stub
    f.Write(t.GetBuffer(), (UINT)size);
    //write the size of the data
    f.Write(&size;, sizeof(size));
    //write the signature
    sig=0x12344321;
    f.Write(&sig;, sizeof(sig));

    f.Close();
}

Step 1
Finally, we need to insert the stub into the creator program. If you are using the resource method, then it can be added as any other resource, making sure to use type BIN and using stub.exe as the source. If you are using the manual method, then you will need to manually append stub.exe to creator.exe, add the size of stub.exe, then the signature.

Now, just compile stub.exe, then creator.exe. Run the creator program and create some data. Click the export player button, and select the filename to save. The creator will read the stub, save it to disk, and inject the data. Now run the self-contained data/viewer file. It will extract the data from itself and display it.

Note: there are a couple of drawbacks to using this method. First, while it works, it is not part of the PE format standard. Future revisions of the PE format may break this, especially with the crackdown on code execution. Another potential problem is that some virus scanners may detect the modification of an executable as suspicious activity and thus have a bad reaction, causing itchy, watery eyes and a runny nose. The virus scanner can be circumvented however, by writing the stub to a non-executable file (say myfile.bin), then renaming it after the data has been injected.

Quieter, Smoother Computer

Synetech Leave a comment

Most computers come with fans to keep them running cool enough to avoid problems. Unfortunately, fans have moving parts, move fast, and stir air. All this results in quite a bit of noise which can cause headaches, not to mention being down right annoying. It also causes a lot of vibration which further adds to the noise, headaches, and annoyance. Some people get rid of their fans and use alternative cooling methods, however most of these are just too expensive for the regular computer user, and worse, too complicated. Good computer cases will come with rubber feet instead of the hard plastic ones that cheaper cases have. The rubber feet will absorb the vibrations instead of passing them to the desk, floor, or whatever surface the computer rests on. If your case does not have rubber feet, then you can add them if you are comfortable/able to open the case. If not (or even if your case does have rubber feet), there is a quick, easy, and cheap trick that can help to reduce vibration which will result in less noise and provide quieter, smoother computing environment.

Simply place a couple of foam-rubber mouse-pads beneath the computer. You’ve probably got a few lying around somewhere, or can easily buy a couple for under a dollar. The design does not matter, so you can get generic ones for less. The thick, foam-rubber kind work best, although even the thin rubber kinds are better than nothing. In either case, you just slip in under the computer to cushion it from the desk, making sure that the rubber side faces the computer. Even better, fold it in half (rubber side out), and you’ve got a vibration damping, noise canceling, double-cushioned, non-slip shim between the computer and the desk.

*UPDATE*
Here is a blog entry which says pretty much the same thing and includes pictures.

Tip: Smooth Mouse Scroll Wheel

Synetech Leave a comment

Here’s a tip for those with scroll mice. Take the clicker out of the wheel. Scroll mice usually accomplish the clicking of the scroll wheel by means of a spring or metal stick that press inside the wheel. Take this out, the wheel will turn nice and smooth. It may take a little getting used to, but it will soon feel great.

Of course you should realize that the clicking serves a function: to limit the movement of the wheel. If the scroll wheel is too loose, it may spin out of control without it, but normally it won’t. In fact, in some mice, the clicker may cause unwanted scrolling, so removing the clicker will eliminated that.

(The little metal stick inside my mouse broke recently, and I panicked because it was a fairly new, expensive mouse, but before I knew it I was hooked—pun intended. I never want to use a clicker again.)

Outlook Express Folder Compaction Error

Synetech Leave a comment

If you get the following message for FOLDERS.DBX when trying to “compact all folders” in Outlook Express

The folder is currently in use by Outlook Express or by another application.

there is a simple solution. The error message is deceptive since the actual cause has nothing to do with being in use. The problem occurs when you try to compact all folders and not all folders are actually present on disk. This can happen if a .DBX file got deleted somehow (for example if you decided to save some space by deleting the .DBX files of empty folders.) When OE tries to compact, it checks the folders.dbx file to see what .DBX files to expect, and when it can’t find one, it complains with the inaccurate message above.

The fix is simple, just replace or recreate the files. The easiest way to do this is to simply open the missing folders in OE because it will automatically create a .DBX file if one does not exist.

If you do not know which ones are missing, you can click on “Local Folders”, press the * key on the keypad to expand all branches, then click on each and every folder—you could also use the Down key instead of clicking, but then you have to wait a second on each folder for OE to open them, clicking opens them instantaneously.

After you’ve ensured that all .DBX files exist, you can successfully compact all folders.

Registry Cleaners/Repairers: Caveat Usurpator

Synetech Leave a comment

The registry is where Windows keeps most of it’s settings. It is also where most programs keep their settings. Ever since it was introduced in Windows 95, it has been a mysterious place where some people have dared to venture in the hopes of finding computing treasure. There are all kinds of articles on how and where to make modifications and tweaks to improve system performance, increase stability, add new features, and other enhancements to the OS.

One aspect of the registry that has been popular is the concept of cleaning or repairing it. The idea that it can get cluttered with traces of old, uninstalled programs, invalid file references, corruption, and manipulation by nasty programs, and that cleaning these out and repairing them, will help a system run better. There is of course truth in this, and making sure that the registry is free of debris is certainly a good thing. Unfortunately, doing so requires some skill and more patience than even the best of us have. It is now a vast storage with more entries than there are stars in the sky. A proper audit would take far too long. As a result, numerous programs have been written to help automate this process. They scan the registry for what they consider to be problems and list them for the user, eager to delete them. Unfortunately, few if any such programs does the job adequately or even properly. Most of them do little more than look for references to files that do not exist. Some will check other components as well, but searching for missing files tends to be the most popular function of these programs.

Modifying the registry is not always as hazardous as some would have you believe. There are plenty of changes that can be done or undone safely. Of course there are some which can make it extremely difficult to fix and can potentially require reinstalling the OS. Making changes to entries without noting what the previous value was, or deleting entries altogether, is an irreparable operation and so must be done carefully. The better cleaner/repair tools will allow you to back up the entries they modify before altering them, but some do not; be vary wary of these.

Another thing to look out for when using a registry cleaner/repair utility is whether or not it provides detailed explanations of the entries it deems problematic. If all it gives is a one-line reason (eg: missing file/invalid entry/etc) or says nothing at all, then you should be extremely careful. A proper utility will give you the option of viewing a thorough explanation of why they flagged an entry as being bad, and what it means. That way you can examine it and determine if it really is a problem or not.

The vast majority of these registry fixing applications return more false positives than they do genuine items to fix. There are numerous reasons why they can report a false positive:

MRUsA lot of apps keep track of files that have been opened with them and often the file no longer exists because they were temporary, moved, renamed, etc. So when the cleaner checks the MRU, it sees a file reference but the file is not there, so it complains.
Variables in filenamesMost of these types of apps are not capable of handling filenames that have variables in their path. For example while %systemroot%\explorer.exe is an existing file, the cleaner will nag that it can’t find it.
Other types of unsupported file pathThese apps usually only support simple filepahts (eg: c:\folder\file.exe) so they choke on other types of filenames like network paths (eg: “\\somecomputer\folder\file.exe”). Services often use this format: “\??\c:\myservice\service.sys” which they can’t read. URLs are another that can’t be checked by them. Some may, but most don’t support relative paths: “system32\blah.exe”.
Empty keysWhen some cleaners find an empty key(s) they figure that it’s just residue from an uninstalled program, and thus obsolete. This may be the case but no necessarily. It could just be that the app has not yet been run since installation, that the app hasn’t had reason to write to it yet, or that it uses the key itself as data: perhaps keeping a version number in the keyname, or using the fact that the key exists at all to indicate that the app is installed. Obviously removing it even though it’s empty, would mess things up.
Hidden/system files/folderSome of these apps are unable to determine if a file or folder exists if it is a hidden or system file/folder even if it does.
Special formatSome programs have entries that are in their own special format (eg: “something”=”c:\blah|The Blah Game|3|always”). These apps won’t be able to parse the value and identify just the file/folder part. (They should not be messing around with things they can’t handle anyway.)
Temp filesThere are often traces of temporary files, Internet caches, etc. left behind for a while. For example a browser may keep a list of it’s temporary files. When the user clears them out, they are still listed until the browser overwrites them with new entries, so the cleaner nags. Of course if the use cleared them through the browser, it should have wiped them from the registry as well, but the user may have manually cleared them or use another tool. In this case it’s perfectly fine since they are temp files, but the registry entries are still there. And, since the cleaner can’t tell the difference between an important file and a temp file, it complains about all.
Icon indexesPlain icon files (icon.ico) have a single icon while DLLs, ICLs, EXEs, and such may have more than one. In this case the specific icon inside is indicated in this manner: “c:\folder\icons.dll,32”. This means that the target is the 32nd icon in the file icons.dll. Almost all of these cleaners are unable to handle this and can’t find the file.

As you can see, the results from these apps are not very reliably and you should be wary of what they report. Not all of the entries they flag will be problems so you should examine them before making any changes. You should be aware that even if you run these programs immediately after a fresh installation of Windows, they will find quite a lot of things to complain about.

That’s not to say that you should not use these programs at all; they definitely have their use, just be careful. The best advice is to limit yourself to items you know for sure are incorrect, such as those for a program you have uninstalled, or for a file you deleted. If you are unsure about something, leave it be at least until after you have looked it up, and always make a backup (export a .REG file) so that you can recover from any mistakes.

Forever Lights: One Caveat

Synetech Leave a comment

Forever Lights are a great, brilliant invention. In fact, any invention that uses alternative forms of energy are wonderful; hand-cranks, solar cells, magnets. Forever Lights—and their knock-offs—are flashlights which use one or more super-bright white LEDs instead of incandescents, which allow it to create pure, white (or bluish) light that remains cool and does not create heat, while also lasting—for all intents and purposes—forever without fear of burning out. Furthermore, Forever Lights use rechargeable lithium ion batteries instead of single-shot alkalines. Finally, the rechargeable batteries are recharged, not by plugging it into an outlet, but by simply shaking it. They have a powerful magnet inside which when shaken, passes through a tightly coiled wire. The magnetic field from the magnet passing through the coil creates electricity which charges the batteries.

To top it all off, if you get a good one (knock-offs are of poorer quality) they will also be waterproof. This makes these perfect for underwater use like in scuba diving or cave diving. A problem that many divers have feared is their flashlight batteries dying while they are down there (or other cave spelunkers above ground). With this, they just shake it a bit and they’ve got light again; wonderful. Nicer models even allow you to choose from using a single LED for less light up to three for a whole lot of light.

This is truly a brilliant device which uses human power instead of electricity. Another such device I’ve seen use a crank type device. These are great because they do not cost money for electricity or batteries, but also because since they use human power which when combined with the physical law that energy cannot be created or destroyed, just changed in it’s form, means that it is a productive way to burn off some fat.

There is one warning about the Forever Light however. Because they use powerful magnets to create the electricity for the batteries, they cannot be used while working in or around computers, televisions, or any other device that uses magnets itself. You could very well wipe or at least corrupt disks or distort screens. For these tasks, a more traditional form of light is required but for everything else, Forever Lights are marvelous.

No Such Thing As a Complete and Equal List

Synetech 1 Comment

I have always had trouble with equally balanced lists; probably due to my obsessive compulsive disorder. A couple of years ago, I was auditing a University course (I believe it was a software project management course) when as usual, my mind wandered. After many years of trying to force it, it finally dawned on me that trying to make a perfectly symmetrical and complete list is literally impossible, it cannot be done, ever.

What does a complete list mean? Let’s use an example to define it. A good example is billing. When entertainers perform shows with more than one star, one of them must get “top billing”, that is, one of their names must come before the other; this is just the nature of a list. There is no way to list both names at the same time—just try to tell someone who the stars of the show are by saying both of their names simultaneously; you must say one before the other. Top billing is desirable because it implies importance. As a result, many co-stars end up arguing, even fighting over who gets top billing.

One solution is to give one top-billing, then follow it up by giving the other one top-billing. That way they each get top-billing. This does not work however because now one of them got top-billing first which is itself like saying that that person was more important, which is why they got it first.

You might propose to just balance it out by giving the second person top-billing first, in the next run, followed by the first person, and repeating, but this just ends up repeating itself. Let’s represent this with symbols:

The original list with one name listed first:
AB

The first solution, with the second person getting top-billing, but second:
AB , BA

The second attempt, with the second person getting top-billing first but in the second run:
AB,BA ; BA,AB

The third attempt, the second person gets top billing but again in the second half:
AB,BA;BA,AB – BA,AB;AB,BA

One more try before giving up:
AB,BA;BA,AB-BA,AB;AB,BA * BA,AB;AB,BA-AB,BA;BA,AB

As you can see, once the list has begun and one item is listed before another, there is no way that the list can be completed and symmetrical/balanced; you just get stuck in a recursive loop that grows forever. This is due to the nature of linearity. No matter what you do, A is the first item in the list and always will be! You could reverse the list so that B comes first or append the new items to the front instead of the back, but then we are in the same situation with all the symbols alternating yet never perfect:

AB
BA , AB
AB,BA ; BA,AB
BA,AB;AB,BA – AB,BA;BA,AB
AB,BA;BA,AB-BA,AB;AB,BA * BA,AB;AB,BA-AB,BA;BA,AB

Things get much worse with more than two symbols. The only list(s) that can be perfect are lists with only one symbol: A, AA, AAA, AAAA, and so on.

Unfortunately, there is no way to equally credit two performers, and there is no way to list two equal items. Even if you move into more dimensions there is still no way to present more than one item simultaneously.

Easy Rootkit Detection

Synetech Leave a comment

An easy way to detect most rootkits is to use an old technology: DOS.

Most (read, pretty much all) rootkits require some sort of file component. In fact all malware requires some sort of file to be loaded to perform it’s malfeasance. This is because malware is just software that does bad things and software means files. Even worms and other memory-resident applications require files at some point. This is why rootkits hijack directory listing commands to hide themselves.

So, how do you find files when they are being hidden? One way is to check the drive at a low-level, viewing the disk directly instead of using a file listing command. You can look at the disk and see if the entries in the cluster match up with the directory listing. This is a common method but has it’s drawbacks. For one thing, a decent rootkit would be able to hijack sector-level disk access and hide it’s entries just as it does with a directory listing command. Another problem is that it is difficult to use and can be unreliable.

Another easy to use method is to get a directory listing from within Windows, then boot into DOS mode and get another one, then compare the two. There are few if any DOS rootkits, but more importantly DOS is a lightweight, easy to control environment that can fit on a single floppy. This is important, because it means that you can ensure the integrity of a DOS boot disk because a minimal system needs just four files taking no more than 200KB. Make sure that the boot disk is reliable by making it from a secure system and then write-protecting it. Another option is to use a CD, for example a Windows 95/98 CD which allow you to boot to DOS.

To check for a Windows rootkit:

  1. Open a command prompt with the cmd command.

  2. Get a directory listing with dir c:\/s/a/o>d:\windir.txt.

  3. Reboot into pure DOS mode (do this ASAP after the previous step.)

  4. Get another directory listing with dir c:\/s/a/o>d:\dosdir.txt.

  5. Compare the two files (eg: WinDiff d:\dosdir.txt d:\windir.txt).

Obviously there will be some differences, since files are normally created, changed, and deleted while shutting down Windows. You’ll have to use your best judgement and possibly a reference or the Internet to determine which files that are different are malicious. To minimize the noise, make sure to clean up any temporary files and such before getting the listing.

If there is no rootkit, then the two listings should be more or less the same. If there is a rootkit present, then the DOS listing will reveal the hidden rootkit files.

One drawback to this method is that the built-in DIR command returns the directory listings in different formats in Windows and DOS. As a result, it will be difficult to do a straight comparison of the two listing files. For example this is a listing made in Windows:


 Volume in drive C is C-Windows
 Volume Serial Number is 0123-4567

 Directory of C:
Mar.03.03  03:03am           233,632 ntldr
Mar.03.03  03:03am            47,580 ntdetect.com
Mar.03.03  03:03am               193 boot.ini
Mar.03.03  03:03am              Windows
Mar.03.03  03:03am              Program Files
Mar.03.03  03:03am              Documents and Settings
               3 File(s)         48,638 bytes
               3 Dir(s)     123,456,789 bytes free

and the same in DOS (with DOSLFN for long file names on the right):


 Volume in drive C is C-WINDOWS  
 Volume Serial Number is 0123-4567
 Directory of C:
NTLDR              233,632  03-03-2003  03:03 ntldr
NTDETECT COM           502  03-03-2003  03:03 ntdetect.com
BOOT     INI           502  03-03-2003  03:03 boot.ini
WINDOWS                03-03-2003  03:03 Windows
PROGRA~1               03-03-2003  03:03 Program Files
DOCUME~1               03-03-2003  03:03 Documents and Settings
         3 file(s)         48,638 bytes
         3 dir(s)     123,456,789 bytes free

The formats are quite different and will require some reworking to make a comparison easy. One solution is to use a third party directory listing program instead of the built-in dir. A third party dir would give the listing in the same format in both Windows and DOS, just make sure that it can list anything, and everything (including hidden files, system files, volumes, etc.)

All software is limited and hackable, and malware is no different. With a little thought and the right tools, even a rootkit can be ferreted out.

No Evidence of Time Travel, Still Possible? Maybe

Synetech 1 Comment

It occurred to me yesterday that I obviously will never acquire the ability to time travel (at least into the past) since I have no evidence of it. After all, if I ever do acquire the ability, then it does not matter at what point I do so (age 30, 60, 100, etc.) since whenever it does happen, I can always go back to any point in the past. The reasoning is that if I do acquire the ability to go back (presumably to help myself make my—uh, our—life better, fix a mistake, etc.), then I would have done so and would know it. It does not matter if it happens tomorrow or 50 years from now; either way if I go back to my past then it has the same effect. Yet, I have never been visited by myself and so I clearly do not ever acquire the ability in my lifetime.

However, that reasoning falls apart because there is no guarantee that if I did acquire the ability, that I would come back to this point or any previous point in my life. It is entirely possible that for example, in 10 years I get the ability and then I come back in time tomorrow morning. Just because I have up until now, never been visited by my future self, does not mean that I do not ever acquire the ability, since I did not need to come back this far. Tomorrow morning however is a different story, something may happen tomorrow morning which requires my intervention and so I will be visited by myself and thus know for sure that I do eventually come across the time-travel technology.

The point is that while there is no current evidence to support the idea that I will ever be able to travel back in time, it does not rule out the possibility since I may just not need to come back this far. This is truly the definition of “you never know what the future holds”, since for all I know, tomorrow I may be visited by myself from the future. It’s impossible to completely rule that out without entirely disproving the possibility of time travel altogether.

Protect the Mislead

Synetech Leave a comment

I stumbled across this interesting piece of American law today:

95

Subtitle B—Truth in Domain
Names
SEC. 521. MISLEADING DOMAIN NAMES ON THE INTERNET.
 (a) IN GENERAL.—Chapter 110 of title 18, United
States Code, is amended by inserting after section 2252A
the following:
‘‘§ 2252B. Misleading domain names on the Internet
 ‘‘(a) Whoever knowingly uses a misleading domain
name on the Internet with the intent to deceive a person
into viewing material constituting obscenity shall be fined
under this title or imprisoned not more than 2 years, or
both.
  ‘‘(b) Whoever knowingly uses a misleading domain
name on the Internet with the intent to deceive a minor
into viewing material that is harmful to minors on the
Internet shall be fined under this title or imprisoned not
more than 4 years, or both.
 ‘‘(c) For the purposes of this section, a domain name
that includes a word or words to indicate the sexual con-
tent of the site, such as ‘sex’ or ‘porn’, is not misleading.
 ‘‘(d) For the purposes of this section, the term ‘mate-
rial that is harmful to minors’ means any communication,
consisting of nudity, sex, or excretion, that, taken as a
whole and with reference to its context—

96

 ‘‘(1) predominantly appeals to a prurient inter-
est of minors;
 ‘‘(2) is patently offensive to prevailing stand-
ards in the adult community as a whole with respect
to what is suitable material for minors; and
 ‘‘(3) lacks serious literary, artistic, political, or
scientific value for minors.
 ‘‘(e) For the purposes of subsection (d), the term
‘sex’ means acts of masturbation, sexual intercourse, or
physcial contact with a person’s genitals, or the condition
of human male or female genitals when in a state of sexual
stimulation or arousal.’’.
 (b) CLERICAL AMENDMENT.—The table of sections
at the beginning of chapter 110 of title 18, United States
Code, is amended by inserting after the item relating to
section 2252A the following new item:

‘‘2252B. Misleading domain names on the Internet.’’.

It’s from the PROTECT act (Prosecutorial Remedies and Other Tools to end the Exploitation of Children Today Act of 2003). It’s an interesting piece of law which makes it illegal to create a domain name that purposely misleads people, especially children into going to and viewing objectionable websites. First of all, it’s interesting to note how stuffy old congress men and women discuss things like sex and especially how they define it (it’s fascinating that these days it even has to be defined at all, thanks Clinton!) Unfortunately this law did little to change the most famous of misleading sites, WHITEHOUSE.COM. Furthermore, any savvy lawyer could easily circumvent the law and get their defendant off.

Let’s take whitehouse.com for example. It used to be a porn site but is now a “free speech forum” where they criticize the government. The current site does not violate the PROTECT act but the previous porn site did. Clearly that porn site had nothing to do with the American government and many a school-child had gone there to do some research for their civics class only to be exposed to hard-core pornography (not even the kind where the private parts were covered up by little stars, bars, or text). If it had gone to court however, a half-decent lawyer could easily have gotten them acquitted by arguing that whitehouse.com was not misleading since they do their shooting in an actual white house. Even better, they could have changed their logo to a little white house to strengthen their case.

Now let’s try an even stronger example. Ostensibly a domain like arnoldschwarzenegger.com would have to be about one thing and one thing only: Arnold Schwarzenegger, the man, the actor, the governor, the TERMINATOR! Any other site would be misleading. Yet, a guy could easily go and legally change his name to Arnold Schwarzenegger (names are not copyrightable), then open a porn site with that domain. He would not be prosecutable under the PROTECT act because he is not misleading since that’s his name. It’s “Arnold Schwarzenegger’s Porn Site”.

With a little bit of thought, even an eighth-decent lawyer could easily get around this law.