You mean that the Windows version actually bases its authentication on something more robust than the source IP, a low port number, and who you claim to be and that it doesn't send potentially sensitive traffic over the wire in the clear?

Yes. From the docs:

TCP/IP Remote Utilities

The tools described in this appendix allow a network administrator to manage network computers from a distance. Many are similar to UNIX utilities. In This Appendix:

• Finger
• Ftp
• Rcp
• Rexec
• Rsh
• Telnet
• Tftp

Note: All passwords used by Windows networking services are encrypted. However, the Ftp, and Rexec connectivity tools all rely on cleartext password authentication by the remote computer. Cleartext passwords are not encrypted before being sent over the network. This enables another user equipped with a network analyzer on the same network to steal a user's remote account password. For this reason, choose different passwords from those used for Windows 2000–based computers or domains when connecting to non-Microsoft remote computers with the Ftp, Rexec, or Telnet tools. Note that the protocols themselves prohibit encryption; cleartext passwords are not a standard that Microsoft encourages.

Erm . . .

However, the Ftp, and Rexec connectivity tools all rely on cleartext password authentication by the remote computer. Cleartext passwords are not encrypted before being sent over the network. This enables another user equipped with a network analyzer on the same network to steal a user's remote account password.

And reading what I presume to be the rshsvc docs says that it depends on the same "if it looks like the right host come on in" access checks that the original forms provide. Once you let one user in passwordless through a .rhosts you've put a screen door that anyone that can spoof traffic can open.

It's a network hygiene thing; 99.9% of the time it may be find that you leave your car unlocked because you park in a private deck, but by refusing to take a trivial step (getting in the habit of locking your car; installing something that's not an open vulnerability waiting to happen) you've only got yourself to blame that one time when a miscreant makes it past the other layers.

Live dangerously if you like, just be careful cavalierly advising others to do the same without letting them know there's risks involved. That's all.

The cake is a lie.
The cake is a lie.
The cake is a lie.

Microsoft® Windows® Services for UNIX 3.5 has nothing to do with the TCP/IP Remote Utilities. Nothing. Compeletely different animals for entirely different purposes. The former has to operate as the *nix tools do, in order that it can iteroperate with them. The clue is in the title.

The rsh that comes with OS uses the same NT Auth mechanism used by the OS itself. That is, you have to be authorised at the domain, subject to all the same controls, restrictions and ACLs as if you were stting at the machine itself. Identical.

Once you let one user in passwordless

It's a network hygiene thing;

Live dangerously if you like, just be careful cavalierly advising others to do the same without letting them know there's risks involved. That's all.

None of this applies....... to the native rsh utility. None. Not one iota. Zip. Nadda.

When you know what you are talking about (win32!!!!!!!), then give me lectures on the subject.

---

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

"Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."