[Am-info] BBC's GO Digital program

Geoffrey esoteric@3times25.net
Mon, 06 May 2002 09:51:42 -0400 

John Poltorak wrote:

> If I start up OS/2 and connect to the Internet and just start browsing 
> using Netscape, I have very little, if any, chance of being hacked.

Note, your statement was absolute, not 'very little.'

> This 
> is not the case with Windows XP, which, AFAIUI starts a web server in the 
> background by default which is open to Nimda and CodeRed. And 
> supposedly there are plenty of vulnerabilities in MS Internet Explorer 
> which could allow a remote hacker to take over your system.

I don't disagree, noting that I indicated that M$ products appear to 
invite such problems.

> I do run a Web server and I see remote systems attempting to infect my 
> system with Nimda and CodeRed, but they simply cannot be successful since 
> they only work on IIS.

As do I.

> I also get plenty of email viruses, but they are harmless to my system and 
> are unlikely to get passed on to anywhere else unless I run a mailing 
> list.

Again, as do I.

> AFAIAC my system is immune and I don't need to do anything specific like 
> run the latest Anti-virus software to make it so. Neither do I need to 
> spend any time apply daily Microsoft patches the plug the security holes.

Nothing personal, but then you are being quite foolish.  I have two M$ 
OS's that periodically run on my network.  They are far removed and 
protected from the internet by my firewall and ids setup.  Even if they 
were not on this network, I would still have my firewall and ids in 
place.  Don't think for a minute that crackers are only focused on M$ 
OS's.  I guarantee you there are some out there looking for OS/2 
exploits, just as there are ones out there looking for Linux, *BSD, 
plan9, 'name any other OS I've not named' exploits.

> 
> Of course, I could be being very complacent, so please tell me what 
> measures I need to be taking to keep the hackers at bay.

A firewall and an ids, particuliarily if you are on the internet for 
extended time or have an 'always' on connection (dsl, cable..)


>>-- 
>>Until later: Geoffrey		esoteric@3times25.net
>>
> 
> 


-- 
Until later: Geoffrey		esoteric@3times25.net

I didn't have to buy my radio from a specific company to listen
to FM, why doesn't that apply to the Internet (anymore...)?