Re: Windows 98 box is 'owned'; Re:
From: GuidoZ (uberguidoz_at_gmail.com)
Date: 10/15/04
- Previous message: Atom 'Smasher': "RE: centrally monitored "keylogger""
- In reply to: Ansgar -59cobalt- Wiechers: "Re: Windows 98 box is 'owned'; Re:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Oct 2004 10:09:46 -0700 To: security-basics@securityfocus.com
> My suggestion was meant to be used in addition to deploying some other
> browser and/or mail client. That way they can use IE only for the
> application and are forced to use the other browser for browsing the
> web.
I realized that, unfortunately I didn't express the problem I saw very
well. =P My fault.
It's hard to completely explain the ActiveX component without
revealing too much (security/privacy wise), which is limiting the
information I can put out to the world. (After all, I'm already
concerned about it.) I like the idea and will give it a try, although
I'll bet it will cause a problem with the way they link to the
database through the ActiveX component. (It sends them through a VPN
off to a data warehouse.) I'll bust out Poledit and see what harm it
causes. Thanks for the suggestion - I had dismissed it before thinking
it would break other aspects, but now that you got me on that path
again, it just might work.
Thanks for all the help - looks like wheels are finally starting to
turn on both ends of this problem. ;) (The java solution was accepted
- now we just have to wait for them to develop it. They estimated 4-6
months so I'm stuck with ActiveX and IE until then.)
> Regards
> Ansgar Wiechers
Again, appreciate the intelligent replies.
-- Peace. ~G On Wed, 13 Oct 2004 02:41:00 +0200, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote: > On 2004-10-08 GuidoZ wrote: > > On Fri, 8 Oct 2004 21:26:46 +0200, Ansgar -59cobalt- Wiechers wrote: > >> On 2004-10-08 GuidoZ wrote: > >>> I'm open to other ideas too from anyone - the situation in a > >>> nutshell is an orgranization I support needs to migrate away from > >>> IE. (The users really can't handle the spyware and such, no matter > >>> how hard I try to educate and prevent.) The only thing holding them > >>> back from switching is a proprietary ActiveX application that they > >>> use to interface with their data warehouse. > >> > >> I would try to lock down IE and limit access to localhost and the > >> data warehouse host by setting the proxy to 127.0.0.1:9 except for > >> localhost and the data warehouse host. These settings can be enforced > >> through group policies or local policies (if you don't have a Windows > >> 200[03] domain controller at hand). That way they could use IE for > >> the data warehousing application, but not for surfing the web. > > > > While that would work quite well, unfortunately they also need to surf > > the web. (Email too.) Hence why I'd like to get them away from IE. > > Give them a browser they can use, but is less likely to be hijacked > > every time I leave their workplace. =/ > > My suggestion was meant to be used in addition to deploying some other > browser and/or mail client. That way they can use IE only for the > application and are forced to use the other browser for browsing the > web. > > Regards > Ansgar Wiechers > -- > "Those who would give up liberty for a little temporary safety > deserve neither liberty nor safety, and will lose both." > --Benjamin Franklin >
- Previous message: Atom 'Smasher': "RE: centrally monitored "keylogger""
- In reply to: Ansgar -59cobalt- Wiechers: "Re: Windows 98 box is 'owned'; Re:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
