Are you *sure* your PC isn't running server software?
It used to be that DOS/Windows machines were fairly safe as they ran
no server software by default. You had to have a user smart enough
to know how to start up some server program (provided they had one),
yet dumb enough not to understand the security hole they just opened.
Windows for Workgroups, Windows95, and WindowsNT change that. They
all come with some server type applications setup by default, so I
hear. Your blanket statement doesn't cover as much ground as it used
to. At the same time, if you know what you are doing, you can shut
down these server type programs. I don't know what I'm doing with
Windows-version-of-the-month, so I'll stop here.
Garry
Garry .
Garrett @
abii .
com
----------
From: firewalls-owner
To: Lynda Meyer
Cc: firewalls
Subject: Re: your mail and client security
Date: Thursday, August 17, 1995 2:47AM
Return-Path: <firewalls-owner @
GreatCircle .
COM>
Date: Thu, 17 Aug 1995 02:47:42 -0400 (EDT)
From: Michael Dykman <mdykman @
cujo .
icom .
ca>
To: Lynda Meyer <lmeyer @
nette .
com>
cc: firewalls @
GreatCircle .
COM
Subject: Re: your mail and client security
In-Reply-To: <Pine .
OSF .
3 .
91 .
950817081504 .
4319C-100000 @
einstein .
technet .
sg>
Message-ID: <Pine.BSD/ .
3 .
91 .
950817023246 .
4383D-100000 @
cujo .
icom .
ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: firewalls-owner @
GreatCircle .
COM
Precedence: bulk
----------------------------------------------------------------------------
--
Please correct me if I'm wrong but the reason a TCP/IP client is
safe
from data theft is because the client software is not designed to handle
requests for data. It wouldn't know what to do with a file request packet
as
only servers are designed to interpret them. Of course, theirs always the
possibility that the client could be a trojan for a hidden server with an
agenda, but it couldn't be too hard to track to track down the souce code
for a client and compile it yourself.
|
|
