RE: New IE flaw and exploit sites/migration to non-MS browser

At Friday, March 31, 2006 3:08 PM, Susan Bradley, CPA aka Ebitz - SBS
Rocks [MVP] wrote:

Is it IE that's insecure? Or how the workstations are setup in the
first place?

Both. I remember back to using IE version 1 and having to maintain web
developer desktops with multiple versions of IE and Netscape. IE/Windows
has always had more insecure defaults, more bugs and vulnerabilities,
and caused more problems than any of the other browsers.

In hindsight, Windows 2000/XP/2003 should never have been released while
effectively requiring users to be local admins on the box (and despite
what the official guidelines say, there are too many cases of even
Microsoft software assuming that you're local admin to hide the fact
that these platforms have NOT been designed with LUA in mind).

This problem bites the users of any browser, and adjusting current
versions of Windows to run LUA is difficult, frustrating, and expensive
in time. A lot of smaller companies just don't have the time or
knowledgeable resources to do it properly -- and the OS should be doing
it for them.

--
Devin L. Ganger Email: deving@xxxxxxxxxx
3Sharp LLC Phone: 425.882.1032 x 109
15311 NE 90th Street Cell: 425.239.2575
Redmond, WA 98052 Fax: 425.702.8455
(e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Relevant Pages

  • RE: New IE flaw and exploit sites/migration to non-MS browser
    ... painfully long list of apps before they could migrate to LUA. ... you compare the level of awareness about LUA in the Windows ... The point is that IE *at that time* was less secure than its ... installation for workstations that has been floating around ever since ...
    (Focus-Microsoft)
  • Re: New IE flaw and exploit sites/migration to non-MS browser
    ... There are already many third party LUA community web sites that are telling folks how to rip out the UAC settings in Vista. ... We have to get the rights off the desktops so that folks can't have the ability to willy nily install stuff. ... you compare the level of awareness about LUA in the Windows ...
    (Focus-Microsoft)
  • Re: users and local Admins
    ... Windows 2000 to Windows 2003. ... Each user account in the domain is member of the Local Administrators ... accounts from Local Admins in desktops and laptops. ... If you want official advice from Microsoft, ...
    (microsoft.public.security)
  • Re: View an security log on an Windows XP Pro client
    ... It was enabled within GPO link and no groups were in the policy. ... You could also try other accounts that are local admins on the box to see if there is some specific issue with the group membership. ... Our domain contains all Windows 2003 domain controllers. ... We have a global security group that is in the local administrator group on the Windows XP Pro Service Pack 2 client. ...
    (microsoft.public.windows.server.active_directory)
  • Re: attempting an actual game...
    ... >>> That is hardly going to get you anywhere towards the playable tetris I ... > you could use Lua Player for Windows, then you have one source file (but ... if you like) and game logic is more than the rest setup code: ...
    (comp.games.development.programming.misc)