fff@uunet.uu.net (04/06/91)
I know that this is the kind of question that only a novice would ask. Well, I am a *rank* novice in Usenet, UUCP, and telecommunications in general. Please bear with me. The question is: If I connect to a site where I always initiate the call, only exchange email and receive netnews, am I subject to receiving a virus. My modem is never left on and the port is not enabled for a login. If the answer to the above is yes, how can I protect my system. Any help would be greatly appreciated. Frank Fiamingo
pandy@vipunen.hut.fi (Pandy Holmberg) (04/11/91)
pcsbbs!fff@uunet.uu.net writes:
I know that this is the kind of question that only a novice would ask.
Well, I am a *rank* novice in Usenet, UUCP, and telecommunications in
general. Please bear with me. The question is:
If I connect to a site where I always initiate the call, only exchange
email and receive netnews, am I subject to receiving a virus. My
modem is never left on and the port is not enabled for a login.
The answer is NO. As long as you just use your computer as a terminal.
As soon as you start downloading files, the danger appears...
And how to protect yourself against viruses, well, my friend, I
wouldn't know, since I do not know what kind of computer you use...
Tsaukki says
Pandy
--
"All things are possible except skiing through a revolving door."
*******************************************************************************
/! ! Andreas "Pandy" Holmberg pandy@hut.fi
/_!_! Helsinki University of Technology pandy@spiff.hut.fi
/ ! ! Faculty of Electrical Engineering pandy@otax.hut.fi
/ ! ! s37775d@taltta.hut.fi
*******************************************************************************
news@umd5.umd.edu (USENET) (04/11/91)
Pandy Holmberg writes: >pcsbbs!fff@uunet.uu.net writes: > >> I know that this is the kind of question that only a novice would ask. >> Well, I am a *rank* novice in Usenet, UUCP, and telecommunications in >> general. Please bear with me. The question is: >> >> If I connect to a site where I always initiate the call, only exchange >> email and receive netnews, am I subject to receiving a virus. My >> modem is never left on and the port is not enabled for a login. > >The answer is NO. As long as you just use your computer as a terminal. >As soon as you start downloading files, the danger appears... HOLD IT! IF he uses his computer only as a terminal then he is safe. However, it is not clear that is what he does. He mentions USENET and UUCP. He says that he initiates the call to exchange email and netnews. He says that the port is not enabled for login. That implies to me that he is running his own Unix machine and uses UUCP to send and receive email and netnews. That means that he is transferring files. Even worse it means that he allows "rmail" and "rnews" to be remotely executed on his machine. I don't know what software and version he is running, but it is possible that there may be deliberate or accidental trapdoors in that software. Just after the Internet worm incident, there was some discussion on whether or not something similiar to the sendmail or fingerd attack could take place via UUCP. I don't remember the conclusion, but I wouldn't want to guarantee that he is safe. If he is concerned, taking a few minutes to look at the source code for "rmail" and "rnews" would not be unreasonable. Bill Bogstad
p1@arkham.wimsey.bc.ca (Rob Slade) (04/11/91)
pcsbbs!fff@uunet.uu.net writes: > If I connect to a site where I always initiate the call, only exchange > email and receive netnews, am I subject to receiving a virus. My > modem is never left on and the port is not enabled for a login. Actually, your question, even as specific as you have made it (and thank you for all the details you *have* given) is not completely straightforward. First point: what is your local machine? If it is a PC, and you are using it just as a terminal, you should be almost completely safe. I say "almost", because there are instances of codes imbedded in text that can gain "access" to the low levels of your machine, but they would be very much subject to the specific terminal program you are using, and the configuration both of it and of your PC. As these codes have so far been seen only in "trojan" situations, and given the configuration specific nature, this is highly unlikely to be of concern to you. If you are using a workstation, and connecting in a network or pseudonetwork configuration (I am extrapolating from your comment about the port not being enabled for a login) you may possibly be at greater risk If you are simply using a terminal, you may still be subject to a "denial of access" viral situation, although you would be safe from local data loss. Some terminals (and I won't go into details because they are available in back issues of VIRUS-L) will accept text as commands to "remap" the keybaord, and then to "send" the remapped commands. These "new" commands can, of course, be of the nature of "forward this message to everyone I know", and thus create a mail virus. ============= Vancouver p1@arkham.wimsey.bc.ca | "Is it plugged in?" Institute for Robert_Slade@mtsg.sfu.ca | "I can't see." Research into (SUZY) INtegrity | "Why not?" User Canada V7K 2G6 | "The power's off Security | here."