RE: IE questions

Bill_Roswell_at_oxy.com
Date: 05/01/04

Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #187"

Next in thread: Sergey V. Gordeychik: "RE: IE questions"
Maybe reply: Sergey V. Gordeychik: "RE: IE questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 1 May 2004 07:27:31 -0500
To: <keydet89@yahoo.com>, <apham2575@hotmail.com>, <focus-ms@securityfocus.com>

Harlan and Andy,

ActiveX is the source of almost all IE browser malicious code. A better
solution is to turn ActiveX to prompt and educate the user only to say
yes on known web sites.

-Bill

-----Original Message-----
From: Harlan Carvey [mailto:keydet89@yahoo.com]
Sent: Friday, April 30, 2004 12:29 PM
To: Andy Pham; focus-ms@securityfocus.com
Subject: Re: IE questions

Andy,

It doesn't sound as if you need to go w/ everything,
maybe just ActiveX.

Do you have A/V software installed and updated on your
user's systems? How about IDS and egress filtering on
the infrastructure? These are some things that can
help mitigate some of the risk...

--- Andy Pham <apham2575@hotmail.com> wrote:
> Hello,
>
> I'm not sure if my first email went thru or it's
> stuck somewhere because of
> the wrong email address. Anyway, we're currently
> blocking ActiveX,
> JavaScript and active scripting in IE. It has been
> working ok for us, but
> we heard a lots of complains because the users
> couldn't get to the sites
> that require ActiveX turn on (most of commercial
> sites). So my questions
> are
>
> What are the risks of turn everything on in IE? Is
> staying current with
> service packs help? Is there any work around if we
> decide to keep
> ActiveX...off? Any suggestions are appreciated.
>
> AP
>
> p.s: And I don't want to go with Mozilla browser....
>
>
_________________________________________________________________
> Stop worrying about overloading your inbox - get MSN
> Hotmail Extra Storage!
>
http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362
ave/direct/01/
>
>
>
------------------------------------------------------------------------

---
>
------------------------------------------------------------------------
---
> 
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #187"

Next in thread: Sergey V. Gordeychik: "RE: IE questions"
Maybe reply: Sergey V. Gordeychik: "RE: IE questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IE questions
... maybe just ActiveX. ... help mitigate some of the risk... ... > I'm not sure if my first email went thru or it's ... > that require ActiveX turn on (most of commercial ...
(Focus-Microsoft)
Re: IE questions
... > I'm not sure if my first email went thru or it's stuck somewhere because of ... Anyway, we're currently blocking ActiveX, ... > that require ActiveX turn on (most of commercial sites). ...
(Focus-Microsoft)
IE questions
... I'm not sure if my first email went thru or it's stuck somewhere because of ... Anyway, we're currently blocking ActiveX, ... that require ActiveX turn on (most of commercial sites). ...
(Focus-Microsoft)
Re: SP2 and Permissions
... There is no such icon. ... "To help protect your security, ... "What's the Risk" and "Information Bar Help". ... >> followed by the lecture about the risks of ActiveX. ...
(microsoft.public.windowsxp.general)
RE: A ? activex
... The level at which active X controls are able to do things is controllable ... so the level of risk is up to you. ... Curtis Koenig ... >to play msn games on messenger you need to have activex controls enabled ...
(microsoft.public.windowsxp.security_admin)