[4226] in WWW Security List Archive
Re: WWW TOPIC: protection against invasions?
daemon@ATHENA.MIT.EDU (Speedy)
Fri Jan 31 20:52:58 1997
Date: Fri, 31 Jan 1997 18:02:23 -0500 (EST)
From: Speedy <vc51680@pegasus.cc.ucf.edu>
Reply-To: Speedy <vc51680@pegasus.cc.ucf.edu>
To: Jay Heiser <Jay@homecom.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <32F0E845.63B5@HomeCom.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Thanks you for your help & comments
and Thanks to everyone else who has and are responding to my questions, I
may not be able to respond to each and everyone of you. So please know
that I do appreciate your advice and comments and expertise on these
issues.
I've made a good living writing code for big software companies,
But I am NO security expert! However, I have been toying with the
idea of starting my own computer software developement company based on
"PC applications" from home. So, I'm concerned about working really hard
to develope something new (& if I did just happen to luck out and hit on a
really good concept - then to have it stolen would be a totally bummer
wouldn't it?). Currently I'm running Win95, and was also considering
parition off an area to install Linux, so I don't lose all touch with
UNIX. I agreed that not too many people would be interested in my
personal data which would be just be boring and not worth the time to get
it, even scarier if they did put the time into it! *LOL*
All they'd find would be homework assignment as I have quit my
software enginneer job and gone back to school full time hoping to
become a MASTER of something??? :)
> I tend to discount these problems. Are you regularly backing up your
> hard drives? Are you protecting yourself against viruses with
> up-to-date anti-virus software (I prefer real-time protection vs. scanning at
> bootup)? If you aren't doing this, then you are not demonstrating
> concern about security.
>
Yes, I do backups!
My backup drive has just been replaced after a belly up period
and I also discovered that all my old backups were done using
incompatable software for the tape drive (they may and may not
be readable)....the software I was using is the one that they sent
to me with the hardware and it appeared to work until I needed it!!!!
Was I a bit upset? YEAP I SURE WAS! I'm still not recovered completely
from that one.
I've just update my anti-virus software, and yes your right I should
run it real-time and all the time (which I don't currently do as often
as I should).
> The idea that the web will invade the personal sanctity of your home PC
> makes
> for fun creepy stories, but in practice, it isn't happening. It makes
> great press, but in the grand scheme of things, it represents a pretty
> low
> security risk. Much better to address real security concerns than to
> waste
> time & resources chasing possible future attacks. I agree that beta
> testing
> represents a significant risk. I think its exponentially greater than
> the
> risk of surfing the web from home.
> You cannot detect the presence of a sniffer with another sniffer unless
> you
> catch it communicating with its owner. I have difficulty envisioning a
> sniffer attack against a home user, unless they are running a
> multi-user,
> multi-tasking OS. UNIX and routers are sometimes possessed by
> sniffers.
> What machines do you have at home? I have difficulty imagining Win95
> or
> a Mac hosting an unwanted sniffer and I'm unaware of such an attack as
> having occured. I can envision NT hosting a parasite sniffer, but I'm
> unaware
> of it ever having happened.
I've heard rumors of such "software sniffering programs" riding in piggy
back on other software downloaded from the net & that's why I'm concerned.
I'm tring to separate facts from fiction and to learn what I should be
watching for and what is just plain over paranoid fiction and what is not.
> I think it would be easier to e-mail you a trojan horse then to steal
> your data
> through the web. Don't execute stuff in e-mail and be very careful
> with
> MS-Word docs.
Very Good advice!
Thanks again, everyone is being very helpful in pointing out areas
of concern against areas of fiction. I do really appreciate it!
Thanks
Speedy
