Re: Newbie Question: Windows Explorer

From: Duane Arnold (darnold92@Insightbb.com)
Date: 10/04/02 

From: "Duane Arnold" <darnold92@Insightbb.com>
Date: Fri, 04 Oct 2002 11:51:22 GMT

There is a File Object in Active Server Page (Web programming) will allow
one do to many things on a client machine. Such as list a drive's directory
or determine what drive letters a machine has, etc. etc. So it's a little
more then "c:\" in the URL Box but you're close in the fact that Security
Sites play the little security issue game.

It's been a long time since I have been on a Win9.x machine but doesn't it
have Security on drive or directory you can control to deny or allow access
like NT, 2K and XP? One could delete or control the EVERYBODY account to
prevent things such as the OP is worried about.

I do this on my FTP directory site so you should be able to prevent this
from happening on any drive or directory. Don't know about 9x series
anymore.

Duane :)

"Tony Whitmore" <tony_whitmore@nospamhotmail.com> wrote in message
news:UCen9.2435$Fv2.236341@wards...
> Any firewall should highlight unknown applications asking for permission
and
> so it is more a case of whether you want to allow it access or not. Under
> Win98 explorer.exe and iexplore.exe are essentially the same application
> (although they are seperate executables) and work in much the same way.
This
> allows you to type a URL into the Explorer address bar and access a
website,
> and enter "c:\" into the Internet Explorer address bar and access your
hard
> disk contents. The one application changes into the other when you try it.
> If you enter a URL into Explorer and it wants to access the internet to
> fetch it, that seems sensible. After all, how else can it get the remote
> webpages? If you want to stop explorer.exe from accessing the internet,
> don't enter URLs into the address bar, and set your firewall to block
> outgoing connection attempts.
>
> However, if you allow explorer.exe to access the net then that doesn't
mean
> it is acting as a server, allowing your information to be served to the
> internet. If you are worried about this you could configure your firewall
to
> allow explorer.exe outgoing rights only. Then it could fetch webpages
quite
> happily. I suspect that some of the people who have talked about the
> "potential abuse" aspect of firewalling explorer.exe have been tricked by
a
> website that has used IEs features to show an Explorer window in their
> website, with the contents of your hard disk. Although it is worrying, it
IS
> just a trick. There are several "security" sites out there which use it.
>
> Cheers,
>
> Tony Whitmore
>
>
> "Larry G" <thelarry_g3@yahoo.com> wrote in message
> news:anjddb$el9ac$1@ID-37509.news.dfncis.de...
> > I've tried two firewalls so far: ZoneAlarm and Outpost. On both of
these,
> > whenever I connect to a webpage *Windows Explorer*, the file manager
> > (explorer.exe) asks for permission to access the 'net whenever I wish to
> > access a webpage. If I deny it permission, I cannot access websites.
> >
> > I've been told that many people deny *Windows Explorer*, the file
manager,
> > access to the 'net with firewalls because if you give them permission,
> this
> > opens up your whole hard drive to potential abuse. Others seem
nonchalant
> > about this question, and matter of fact that explorer.exe should access
> the
> > 'net because it is part of MS integrated browser with the OS.
> >
> > So, which is it? Is it normal for *Windows Explorer* to request
> permission
> > to access the 'net when going to websites? I would have thought it
would
> be
> > Internet Explorer (iexplore.exe) that would request the permission.
Some
> > people say that they can deny *Windows Explorer* access to the 'net, and
> > still go to websites on IE. However, I cannot. I've checked for
trojans,
> > and my system is reported clean. Am I still adequately protected with a
> > firewall if I grant it permission?
> >
> > Thanks for any clarifications on this subject. Am I still protected by
> the
> > firewall, if I grant *Windows Explorer* access to the internet in order
to
> > go to websites on IE.
> >
> > Running:
> > Windows 98SE
> > Compaq 5834
> >
> > Larry
> >
>
>

Relevant Pages

  • Re: Newbie Question: Windows Explorer
    ... don't enter URLs into the address bar, and set your firewall to block ... > asks for permission to access the 'net whenever I wish to ... I cannot access websites. ... > I've been told that many people deny *Windows Explorer*, the file manager, ...
    (comp.security.firewalls)
  • Re: A FREE, EASIER alternative to Remote Desktop....
    ... for permission to get through your firewall during installation or at the ... So yeah - it may be "easier", but it does mess with your firewall. ... LogMeIn is compatible with all known firewalls and broadband routers. ... files to communicate over the Internet." ...
    (microsoft.public.windowsxp.work_remotely)
  • Security (antivirus & firewall) & IIS
    ... I've got XP Pro on my home PC on which I use IIS to develop websites, ... IIS now works fine, but my PC is obviously very open to attack. ... I've got XP's firewall, which is not that user friendly - it's blocked ... I had Norton Internet Security ...
    (microsoft.public.inetserver.iis)
  • RE: Media Guide Wont Work
    ... I had the same problem with you.It is simple;you have stopped internet ... permission to your media player.If you have a firewall application other than ...
    (microsoft.public.windowsmedia)
  • Firewall
    ... certain outside or web sources (internet ... option "permission" does not do the trick) how do I ... deactivate the firewall? ...
    (microsoft.public.win2000.security)