[Dshield] He thinks he is bulletproof, is he?
loki at psu.edu
Thu Dec 4 13:29:46 GMT 2003
Personally I think He's got something going there. I don't think he is any
grave danger, at least any that's been used in the past 5 years. Everything
nowadays is for win2k and XP. Unless someone nukes him.
I don't see any danger, and I think that he's probably smarter than the
rest, although he sounds like my College Advisor with the 16megs of Ram
Don't fix it unless its broken.
At 01:01 AM 12/4/2003, you wrote:
>I belong to a group that occasionally sends emails containing proprietary
>commercial information from person to person for comment. Recently while
>seeking evaluations of a data base program I learned we have a person in
>the group who uses a machine with only 16 megs or RAM and who removed
>(more or less completely) Internet Explorer from his Windows 95 machine
>seven or eight years ago and he has no AV and no firewall. Since MS
>alerted us to the RPC vulnerability
>(http://www.microsoft.com/technet/security/bulletin/MS03-026.asp) I have
>been trying to get him to upgrade his machine, obtain anti virus software
>and firewalls, or at least get any required patches. This is his latest reply.
>"I rarely do Windows. I do them at times when I need to view
>an MS-Word document with all its pretty fonts and formatting
>and/or lines and and boxes and images. If I just need to know
>only what the document says I use a program named Antiword to take
>a look at it. Antiword does a great job of converting MS-Word to
>plain text. Antiword is free and you can download versions of it
>for almost all operating systems including even DOS.
>Other times when I do Windows are those times when it is really
>important for me to take a look at web pages infested with lots
>order to get any information from them. None of my DOS-based browsers
>of the Unix text browser known as "Lynx" does a great job of getting
>into https SSL web pages. I have it installed on my machine. For
>doing web-browsing to display inline graphics I use a DOS browser known
>as Arachne. It displays web pages just as well as MSIE and NetScape
>browser-specific proprietary HTML tags. Also Arachne doesn't do SSL.
>used the Lynx browser on several occasions for doing online shopping
>and ordering merchandise by using a secure web page.
>I have the understanding that as long as I am using a DOS-only machine
>there is no way a hacker could invade my machine while I am online
>without my noticing that something very bizarre and fishy is happening
>inside my system.
>For going to web pages with my Windows 95 machine I use the Opera
>browser. It isn't as bloated as the current versions of MSIE and
>NetScape and it runs fine on systems having only 16MB of memory.
>I never use a Windows machine for doing email. When I am at a public
>terminal running a Windows machine I do my email by running Pine on
>my Unixish shell account. I can get into my shell account on the remote
>computer by running a Java Applet that does SSH which I can access from
>a web browser. When I finish my session the Java Applet self-destructs,
>BTW, I have never received from anyplace on the internet a virus or
>a worm capable of infecting a DOS system. I have received thousands of
>viruses and worms that are capable of infecting Windows 32 bit systems
>only. That is why I don't do my email with a Windows system."
>I suspect he is very vulnerable to something, but lack enough root
>knowledge of TCP/IP and DOS to speak with certainty. I agree he is safer
>than many, even safer than some with firewalls and AV software in that
>most virus writers these days don't seem to be expecting a DOS based
>machine, but I suspect he isn't as malware proof as he thinks. He on the
>other hand believes he is completly bullet proof to all forms of malware
>and probe/infection attempts. I'd like a second opinion.
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list