GENERAL WARNING
Tom Neff
tneff at bfmny0.BFM.COM
Fri Sep 28 15:50:05 AEST 1990
It's true that freely exchanged executable binaries are a terrific
virus/Trojan vector. This is a lesson people in the PC world (well,
SOME people) learned a long time ago. The apparent convenience of
pre-compilation is so alluring that it obscures the risks.
That's one reason why distributing most binaries via Usenet news is a
sucky idea. But nobody is acting very worried about the burgeoning
trade in anon-FTP binaries. Personally I wouldn't touch anything
UPLOADED to an FTP site by some other anonymous user. I wouldn't worry
so much about using stuff which the original author, or his responsible
representative, makes available at a primary distribution site --
because there is some implicit accountability.
However, forgeries and FTP hacking are possible and people should
exercise vigilance, even within their own sites. Suppose I uploaded a
Trojan horse program (which masqueraded as graphic shuttle tracking
software) to some NASA site and then forged a Usenet announcement
telling everyone this wonderful new program was available for FTP.
Almost nobody would question the bona fides of either the article or the
program. The program could propagate widely and wreak havoc, and
tracing me would be a fair piece of work.
It'll probably take a couple of real nasty incidents (don't look at me!)
to wise people up. It did in the PC world.
--
To exit -- [__] Tom Neff
press <Enter>. [__] tneff at bfmny0.BFM.COM
More information about the Alt.sources.d
mailing list