From: lmauro AT scientist DOT com (Leo Mauro)
Subject: RE: Windows98 + inetutils
1 Oct 1998 08:04:31 -0700
Message-ID: <001201bdece3$420dbd90$1e6e31cf.cygnus.gnu-win32@leo-nt.rd.telesystech.com>
References: <13841 DOT 2852 DOT 122713 DOT 320606 AT frodo DOT xionics DOT com>
Mime-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
To: <gnu-win32 AT cygnus DOT com>

On Tuesday, September 29, 1998 12:30 PM, Steve Morris wrote:

[SNIP]
> I need better security when my box is on the net whether it is
> UNIX, NT or Win 95.

Regretfully, there is no way to secure a Win9x box.  There is no concept
of an "user" under Win9x -- the login dialog is only used to select a
profile
and a few other odds and ends, and has no effect whatsoever on file
protection.  The same goes when you "log in" via some telnet daemon.

No matter what name you "log in" with, you have full and unrestricted
access to every file.  This, of course, negates any possible security even
if you use some password file for authentication (for telnet, for instance):
once an user is in, there is nothing stopping him/her from changing the
file and/or adding backdoors.  The sense of security one may feel from
the fact that someone needs a password to log-in is a false sense of
security at best.

If this "security" is enough for you, then that's OK with me.  But I myself
wouldn't sleep peacefully if my systems were so fragile (and I just
mentioned
one fragility -- there are many more).

Leo Mauro
Principal Scientist
TeleSys Technologies, Inc.

-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request AT cygnus DOT com" with one line of text: "help".