Checksum: 26444 Path: utzoo!utgpu!woods From: woods@gpu.utcs.toronto.edu (Greg Woods) Date: Sun, 13-Nov-88 20:54:59 EST Message-ID: <1988Nov13.205459.23921@gpu.utcs.toronto.edu> Organization: Elegant Communications, Inc. Newsgroups: comp.unix.wizards Subject: Re: Virus Attack! Summary: Don't critisize USENET! References: <35900005@webb> Reply-To: woods@gpu.utcs.Toronto.EDU (Greg Woods) In article <35900005@webb> webb@webb.applicon.UUCP writes: >.... >The benefits offered by USENET are so hard to define concretely, but the >risk of a virus is very real, and a manager asked to choose between them >might justifiably decide not to take the risk. > There has been no official announcement from our management yet, so I have >nothing to report, but I would like to hear what is going on at other sites. >Anyone thinking of dropping off the net? USENET mail is not very virus prone. Sure, you can forge mail, and in some cases read other's mail, but sending a worm or virus through the mail is another thing entirely. I've heard quite a bit about various rmail bugs, but have yet to have it demonstrated that a carefully administered machine can lose a copy of its passwd, L.sys, or Systems files because of these bugs. Please, no stories about long gone bugs (except a sites that are too backward thinking to upgrade). USENET news, on the other hand, is not quite so secure. If not carefully administered, it can pose considerable risk, even in some default configurations. NEVER run ANY kind of shell archive through a real shell running as any priveledged user, or as a user with anything to lose. Any uucp connection, no matter how secure, involves the transfer of files. Any poorly designed installation is prone to resource hogging. Of course, if you can spoof another machine, you can attack with the permissions of the spoofed machine. NO dialup uucp connections should be considered trusted. When you get right down to it, USENET is no less secure than most postal services. The value of open communications CAN be demonstrated, and it DOES have its costs. Almost always they are well worth paying. -- Greg Woods. UUCP: utgpu!woods, utgpu!ontmoh!woods, lsuc!gate!woods VOICE: (416)443-1734 [h], (416)595-5425 [w] LOCATION: Toronto, Ontario, Canada