On Sun, 28 Jan 2001 15:45:15 -0000, Ben A L Jemmett wrote:
>> I run DR-DOS. in single tasking mode. no background, nothing for a
>> virus running on netware to get into.
> Huh? A virus running on NetWare?
No, I did not capitalize it. maybe shouldda been more explicit.
simply generic, referring to virus transfer across file sharing on a
network or having infected executables running.
With regards to the vulnerablity of dos in particular, there are two
ways for a system to get infected; formerly it was thru infected disks
as on a sneaker net. As the BBS world expanded, infected files got
downloaded off those networks.
With the internet, the problem changes because of phenomena like JAVA,
which is code from the server being run on your machine. If that code
is infected, you have not 'downloaded' anything intentionally, but it
happens in the background, which is even more obscure on a multitasking
operating system.
With dos email tools, or non-java enabled browsers like Arachne, the
remote server has no ability to run software on your machine. All it
can do is send you text or graphics which are handled by the routines
already running in your system. They are not executables.
Networks of course, routinely use executables running on a host ported
to terminals. Infect the host, and you can infect all the hard drives
on all the terminals. No network, no host, no problem.
A dos os does not download software I dunno know about. no .ini files,
no .dll, no nuttin. When I download, it is either mail, files that I
choose to download, or perhaps an html webpage. In any case, whatever
it is doing, it aint doing anything I cant see happening. Mail is just
ascii text on this screen, and there aint nuttin any hacker can do to
it that will run or infect my system. with files or attachments, I can,
and do, look them over, and routinely run a scanner on them. the scan
only hasta check that one piece of software, not the whole damn system.
Likewise with html webpages. I can easily look at the raw html code to
see if there's anything funny in it. Given the limited ability of
Arachne, there is no need, cause it will not recognize anything but the
standard html, and that data set has no commands to write to my drive
without me knowing about it. The only way into this computer is thru
this keyboard. There is no way to know that with proprietary software.
DR-DOS COMMAND.COM runs about 67k, IBMDOS & IBMBIO another 55k, and
EMM386 180k, ... the whole operating system even with VDISK and the
NWCACHE all totals less than 500k. That's not a lot for a scanner to
look thru, and you cannot change a single byte, much less a hundred or
so for sabotage software, without it getting kinda obvious.
.
uncopywritten- do what you will with it.
-- Arachne V1.68, NON-COMMERCIAL copy, http://arachne.cz/
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
