Re: upgrading to IE6 on w2k servers
From: Ant (cable78_at_gmail.com)
Date: 07/30/04
- Previous message: Handy, Mark (IT): "RE: AD in the DMZ . . . OK?"
- Maybe in reply to: Juan B: "upgrading to IE6 on w2k servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 12:53:47 -0500 To: security-basics@securityfocus.com
I wholeheartedly agree. Using IE for anything but updates on a server
is just asking for trouble. Even when doing Windows updates, I would
recommend testing them on another box first. I have had too many
updates hose my workstation to trust Windows updates without testing
them first.
On Fri, 30 Jul 2004 21:32:56 +0800, Ian Dexter R. Marquez
<iandexter@gmail.com> wrote:
> On Thu, 29 Jul 2004 10:10:28 +0300, Alexandros Papadopoulos
> <apapadop@alumni.carnegiemellon.edu> wrote:
> > On Tuesday 27 July 2004 20:10, Ansgar -59cobalt- Wiechers wrote:
> > > On 2004-07-27 Juan B wrote:
> > > > I want to know why is it recommended to upgrade my servers to IE6.
> > > >
> > > > I didnt find any reason at all !!! ( from the security point of
> > > > view..).
> > >
> > > From a security point of view, the recommended upgrade would be to
> > > install some other browser, not to upgrade IE.
> > >
> > > But there are some reasons for upgrading, e.g.:
> > >
> > > - Product lifecycle
> > > - OE 6 allows for displaying mails as plaintext
> >
> > No security conscious person would use Outlook Express to read email on
> > a server. Come to think of it, no such person would use OE, period.
> >
> > > - Better cookie-handling
> > > - You need at least IE 5.5 to manage a SUS through its web-frontend
> > > ...
> > >
> > > > I only found thie line in lits of site "it is recommended to update
> > > > to IE6". but why ?
> > > >
> > > > why I need to upgrade ?
> > > > I have IE5 on the servers and I surf the net from those servers.
> > >
> > > You shouldn't misuse servers as desktops.
> >
> > I second that. The only web connection a server should make is to
> > windowsupdate.com (if you don't have an internal SUS server).
> >
>
> During a Microsoft event here in the Philippines, IIRC, the Microsoft
> evangelist specifically said that Windows Server 2003 comes with a
> lower version of IE because one should never surf the Web on a server
> in the first place, and the only thing you want to do with IE (in a
> server) is for updates.
>
> --
> Ian Dexter R. Marquez
>
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Handy, Mark (IT): "RE: AD in the DMZ . . . OK?"
- Maybe in reply to: Juan B: "upgrading to IE6 on w2k servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
