> >> I run DR-DOS. in single tasking mode. no background, nothing for a
> >> virus running on netware to get into.
>
>With the internet, the problem changes because of phenomena like JAVA,
>which is code from the server being run on your machine. If that code
>is infected, you have not 'downloaded' anything intentionally, but it
>happens in the background, which is even more obscure on a multitasking
>operating system.
i can't agree on that.... if you use a java-enabled browser and you didn't
switch the use of java off, then you downloaded intentionally the
java-code... or not ?
maybe i am wrong, but the java-code that is run in a browser is always
visible... i mean you can see that a java-applet is running.
and i doubt that java-code is *that* dangerous... in any way, when you use
java for an applet, there's always some SecurityManager running... this
SecurityManager can't be 'touched' by the code in the applet itself, so the
SecurityManager is initialized by the browser... in the applet-code you can
only make a connection to the computer-system where the applet originated
from (the server where you got the code) this can be usefull if the applet
needs to load data-files... another thing you can't do, is access the
file-system on the computer where the applet is running... But as said
these restrictions are hold by the running SecurityManager... so indeed it
is possible for an applet to write on your disk, but then you have to
manually edit some configuration file, and in that file give that certain
applet the right to read/write in some certain directory on your disk... i
believe the same goes for connections, that you can specify to which
computers/domains the applet can connect...
so i think misuse by applets isn't very straightforward... and i haven't
heard yet of 'bad' applets... if anyone knows of these applets, please let
me know, i'm interested in this..
also.... 'happen in the background'... so you don't have this on dos ??
well... i don't know the right word, but i think it's a 'key trapper' (?)
anyway, such a tsr-proggie that records all keys being pressed... can be
usefull to know password/login combinations for example... in my eyes, this
is malicious too, and it does run in a kind of background...
>With dos email tools, or non-java enabled browsers like Arachne, the
>remote server has no ability to run software on your machine. All it
>can do is send you text or graphics which are handled by the routines
>already running in your system. They are not executables.
hmm... the problem here isn't the use of an OS, but the use of software...
it's perfectly possible to make a language that can be run on a virtual
machine, use that language on the net and provide browsers that include an
interpreter for that language... even for DOS... but then indeed if you
only use software that is only able to display text, you won't be hurt by
it... i use pine as my email client under Windows, so attachments can't do
anything wrong unless i use them myself..
[snip]
>Likewise with html webpages. I can easily look at the raw html code to
>see if there's anything funny in it. Given the limited ability of
>Arachne, there is no need, cause it will not recognize anything but the
humm... can we be forced to use programs with 'limited' capabilities and to
not using new technologies which can be very useful for some matters, just
because someone might do something bad with it ?
and another thing, i've never used a virus scanner, and i already use
windows/linux/dos for 5 years... this box has a permanent internet
connection, and i do surf a lot, but my computer has never been infected
(yet)... so i think that if you're only a bit carefull and know what you're
doing, viruses are not that a threat... or maybe i am just too paranoid ?
>standard html, and that data set has no commands to write to my drive
>without me knowing about it. The only way into this computer is thru
>this keyboard. There is no way to know that with proprietary software.
Piwi
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
