[669] in Intrusion Detection Systems
POINTCAST - Could it be a Trojan Horse?
daemon@ATHENA.MIT.EDU (Messages Roswell)
Mon Mar 18 23:20:04 1996
Date: Mon, 18 Mar 1996 15:33:03 -0600
From: Messages_Roswell@oxy.com (Messages Roswell)
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
There is a new web site http://www.pointcast.com which provides a
program file pcninstl.exe. You download pcninstl.exe and run the
program on your PC from Windows 95 or Windows 3.1
PCN is a program that interfaces to the Internet using port 80 and
provides you customizable up-to-the minute downloads of news
headlines, stocks, customizable sports, customizable weather,
customizable financial, Internet access (HTTP only with this release)
and personal (horoscopes and lotteries). You can click on the dynamic
advertisements and go directly to their web page. PCN even turns into
a dynamic screen saver with your specific preference. Periodically,
you are informed that there is an upgraded version, would you like to
down load; automatic upgrades. PointCast Network is currently in
Beta 0.9, is FREE and they say it will continue to be free, support by
advertising commercials. Does this sound too good to be true???
Well, Maybe it is too good to be true. This program becomes a proxy
operator for you. Downloading, through your firewall, whatever it
decides should be downloaded, data, new executables, etc. What is to
prevent a hacker (or cracker if you like that term better) from
offering a similar product which captures you PC keystrokes and scans
your hard drive and uploads information, accesses your LAN or PC
functions, or destroys PC files and data.
Even worse what if a hacker breaks into the PointCast Web site after
it has successfully distributed its product to millions of Internet
users? Are you sure you trust PointCast enough to perform that next
automatic upgrade?
What about other proxy type programs, such as CompuServe's WinCim? It
appears that any type of user proxy program opens the door that most
of us have closed using firewalls.
What are you thoughts and comments? Do you have any concerns with
products like this? How do you or your company handle these products?
Thanks,
Bill Roswell
Occidental Petroleum Corporation
email Bill_Roswell@oxy.com or email Messages_Roswell@oxy.com
