Virus Attack!

[Greg Woods]

In article <35900005 at webb> webb at webb.applicon.UUCP writes:
>....
>The benefits offered by USENET are so hard to define concretely, but the
>risk of a virus is very real, and a manager asked to choose between them 
>might justifiably decide not to take the risk.  
>  There has been no official announcement from our management yet, so I have
>nothing to report, but I would like to hear what is going on at other sites.
>Anyone thinking of dropping off the net?

USENET mail is not very virus prone.  Sure, you can forge mail, and in some
cases read other's mail, but sending a worm or virus through the mail is
another thing entirely.  I've heard quite a bit about various rmail
bugs, but have yet to have it demonstrated that a carefully administered
machine can lose a copy of its passwd, L.sys, or Systems files because
of these bugs.  Please, no stories about long gone bugs (except a sites
that are too backward thinking to upgrade).

USENET news, on the other hand, is not quite so secure.  If not
carefully administered, it can pose considerable risk, even in some
default configurations.  NEVER run ANY kind of shell archive through a
real shell running as any priveledged user, or as a user with anything
to lose.

Any uucp connection, no matter how secure, involves the transfer of
files.  Any poorly designed installation is prone to resource hogging.
Of course, if you can spoof another machine, you can attack with the
permissions of the spoofed machine.  NO dialup uucp connections should
be considered trusted.

When you get right down to it, USENET is no less secure than most postal
services.  The value of open communications CAN be demonstrated, and it
DOES have its costs.  Almost always they are well worth paying.
-- 
						Greg Woods.

UUCP: utgpu!woods, utgpu!ontmoh!woods, lsuc!gate!woods
VOICE: (416)443-1734 [h], (416)595-5425 [w]  LOCATION: Toronto, Ontario, Canada