Re: Newbie Question: Windows Explorer
From: Tony Whitmore (tony_whitmore@nospamhotmail.com)Date: 10/04/02
- Next message: EricL: "NBG800 Hackers Test."
- Previous message: Leonid Rosenboim: "Re: Near and far dmz (is this model secure)"
- In reply to: Duane Arnold: "Re: Newbie Question: Windows Explorer"
- Next in thread: Duane Arnold: "Re: Newbie Question: Windows Explorer"
- Reply: Duane Arnold: "Re: Newbie Question: Windows Explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tony Whitmore" <tony_whitmore@nospamhotmail.com> Date: Fri, 4 Oct 2002 16:19:47 +0100
Hi Duane,
We haven't been in the same thread for a while - nice to hear from you! The
security features you're thinking of (denying EVERYBODY) are part of the
NTFS file system, and so aren't present on Win9x based machines.
The security scare trick (the "I can see your hard disk on my webpage"
trick) I was thinking about was discussed on this thread:
http://tinyurl.com/1sdw although the site hosting it has disappeared I'm
sure that others out there are still using it. Astalavista.com had it at one
point. A few posts in this group have discussed it, including smug comments
from Linux users for whom it didn't work ;-)
I don't know much about ASP but would blocking explorer.exe prevent the
potentially abusive drive controls from working? That was the issue in the
original post.
Cheers,
Tony
"Duane Arnold" <darnold92@Insightbb.com> wrote in message
news:_gfn9.38832$Pz.33051@rwcrnsc51.ops.asp.att.net...
> There is a File Object in Active Server Page (Web programming) will allow
> one do to many things on a client machine. Such as list a drive's
directory
> or determine what drive letters a machine has, etc. etc. So it's a little
> more then "c:\" in the URL Box but you're close in the fact that Security
> Sites play the little security issue game.
>
> It's been a long time since I have been on a Win9.x machine but doesn't it
> have Security on drive or directory you can control to deny or allow
access
> like NT, 2K and XP? One could delete or control the EVERYBODY account to
> prevent things such as the OP is worried about.
>
> I do this on my FTP directory site so you should be able to prevent this
> from happening on any drive or directory. Don't know about 9x series
> anymore.
>
> Duane :)
>
> "Tony Whitmore" <tony_whitmore@nospamhotmail.com> wrote in message
> news:UCen9.2435$Fv2.236341@wards...
> > Any firewall should highlight unknown applications asking for permission
> and
> > so it is more a case of whether you want to allow it access or not.
Under
> > Win98 explorer.exe and iexplore.exe are essentially the same application
> > (although they are seperate executables) and work in much the same way.
> This
> > allows you to type a URL into the Explorer address bar and access a
> website,
> > and enter "c:\" into the Internet Explorer address bar and access your
> hard
> > disk contents. The one application changes into the other when you try
it.
> > If you enter a URL into Explorer and it wants to access the internet to
> > fetch it, that seems sensible. After all, how else can it get the remote
> > webpages? If you want to stop explorer.exe from accessing the internet,
> > don't enter URLs into the address bar, and set your firewall to block
> > outgoing connection attempts.
> >
> > However, if you allow explorer.exe to access the net then that doesn't
> mean
> > it is acting as a server, allowing your information to be served to the
> > internet. If you are worried about this you could configure your
firewall
> to
> > allow explorer.exe outgoing rights only. Then it could fetch webpages
> quite
> > happily. I suspect that some of the people who have talked about the
> > "potential abuse" aspect of firewalling explorer.exe have been tricked
by
> a
> > website that has used IEs features to show an Explorer window in their
> > website, with the contents of your hard disk. Although it is worrying,
it
> IS
> > just a trick. There are several "security" sites out there which use it.
> >
> > Cheers,
> >
> > Tony Whitmore
> >
> >
> > "Larry G" <thelarry_g3@yahoo.com> wrote in message
> > news:anjddb$el9ac$1@ID-37509.news.dfncis.de...
> > > I've tried two firewalls so far: ZoneAlarm and Outpost. On both of
> these,
> > > whenever I connect to a webpage *Windows Explorer*, the file manager
> > > (explorer.exe) asks for permission to access the 'net whenever I wish
to
> > > access a webpage. If I deny it permission, I cannot access websites.
> > >
> > > I've been told that many people deny *Windows Explorer*, the file
> manager,
> > > access to the 'net with firewalls because if you give them permission,
> > this
> > > opens up your whole hard drive to potential abuse. Others seem
> nonchalant
> > > about this question, and matter of fact that explorer.exe should
access
> > the
> > > 'net because it is part of MS integrated browser with the OS.
> > >
> > > So, which is it? Is it normal for *Windows Explorer* to request
> > permission
> > > to access the 'net when going to websites? I would have thought it
> would
> > be
> > > Internet Explorer (iexplore.exe) that would request the permission.
> Some
> > > people say that they can deny *Windows Explorer* access to the 'net,
and
> > > still go to websites on IE. However, I cannot. I've checked for
> trojans,
> > > and my system is reported clean. Am I still adequately protected with
a
> > > firewall if I grant it permission?
> > >
> > > Thanks for any clarifications on this subject. Am I still protected
by
> > the
> > > firewall, if I grant *Windows Explorer* access to the internet in
order
> to
> > > go to websites on IE.
> > >
> > > Running:
> > > Windows 98SE
> > > Compaq 5834
> > >
> > > Larry
> > >
> >
> >
>
>
- Next message: EricL: "NBG800 Hackers Test."
- Previous message: Leonid Rosenboim: "Re: Near and far dmz (is this model secure)"
- In reply to: Duane Arnold: "Re: Newbie Question: Windows Explorer"
- Next in thread: Duane Arnold: "Re: Newbie Question: Windows Explorer"
- Reply: Duane Arnold: "Re: Newbie Question: Windows Explorer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
