Xref: utzoo comp.unix.admin:1529 comp.unix.sysv386:6761
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!olivea!mintaka!spdcc!rbraun
From: rbraun@spdcc.COM (Rich Braun)
Newsgroups: comp.unix.admin,comp.unix.sysv386
Subject: Re: Questions about UNIX viruses
Message-ID: <7233@spdcc.SPDCC.COM>
Date: 8 Apr 91 18:23:38 GMT
Followup-To: comp.unix.admin
Organization: Kronos Inc., Waltham, Mass.
Lines: 35

uunet!bria!mike writes:
>How to achieve absolute security:
>
>	Never purchase a computer; ...
>
>The point I'm making (while being a wise-ass in the process) is that there
>is no way to truly protect your machine.  If someone wants to do you damage
>badly enough, they will find a way.
>...
>My personal recommendation is: do what is reasonable (passwords, etc.)
>and don't worry too much about it.

This is not particularly helpful advice when trying to justify modems,
Internet connections, electronic mail, etc. to a conservative executive.
A case in point:  Oracle only got its electronic mail systems up and
running within the past year or two.  Their original policy was to
restrict access, for security reasons.  Digital still has a policy of
restricting all Internet communications except those going through a
single bottleneck.

Out in the real world, at real companies, security is still a major
issue.  Telling an executive to "do what is reasonable and don't worry"
just isn't going to give the engineer what he wants:  instant communi-
cations access to other folks who can answer his questions.

Some companies, like BBN, open up the floodgates and allow anyone on
the Net to beat on their software.  That's in their interest, because
they are in the business of selling well-tested network software.  Most
others do not share that level of disregard for data security.

I've gotten a couple of personal e-mail responses letting me know of
published accounts regarding Unix and network security.  One of them is
the June 1990 issue of Unix World, which I'll have to go investigate.

-rich