Re: Spyware and Adware affect every internet user

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in
news:4bsq8dF12npofU1@xxxxxxxxxxxxxx:

Fuzzy Logic wrote:
Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in
news:4bsma8F12kspqU1@xxxxxxxxxxxxxx:

Fuzzy Logic wrote:

Many of these 'flaws' have been around for quite some time and
amazingly no one has taken advantage of them (mostly becuase they
are too obscure to do so).
You're wrong, these flaws are getting exploited all day long. This
has actually gone so far that Microsoft declared some of them to be
features.

References?

<http://technet2.microsoft.com/WindowsServer/en/Library/22fffeb1-66a3-4d5c
-bc12-def57c3354fa1033.mspx>

I was referring to the flaws that are getting 'exploited all day long'.

Of course if you visit malicious, pornographic or malware sites
you may wish to use another browser besides IE
Every website including third-party content is malicious. Google
is, the Microsoft website is, Slashdot is, I guess even
ubuntu-forums.com is.

You obviously have a different defintion of malicious than I do.

No. Any malicious guy can buy some adspace from an advertiser and put
his content in there. We've seen this with the IFrame vuln., the WMF
vuln. and certain ActiveX vulnerabilities widespread.

Hello and welcome to the internet!

While this is true our locked down configuration of IE has emerged unscathed.

(though I would be nervous regardless of the browser I was
using).
Why? No webbrowser needs to be exploitable in first place. Well,
but IE.

Of course they don't need to be exploitable, they just are. That's
because none of them are or ever will be perfect.

But you know the difference between being potentially exploitable with
currently no problem known and always being exploitable by design, for
sure known?

And, another good keyword for you: reliability

Your point?

IE is unreliable because of known unfixed and unfixable problems, you
must reasonably assume that it will get exploited whenever possible.

Again that may well be true buy for some reason we have been running for years without an incident. I
guess we just lucked out with our configuration?

For any real webbrowser you can assume that it can't be exploitable
until some vulnerability becomes public, and even then you can already
have the workaround in place, having set up some configuration to limit
the impact or not being vulnerable due to hardening.

That's the current situation for us with IE.
.

Relevant Pages

  • Re: M$ attack on Common Sense
    ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
    (comp.os.linux.misc)
  • Re: M$ attack on Common Sense
    ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
    (alt.computer.security)
  • Re: M$ attack on Common Sense
    ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: M$ attack on Common Sense
    ... Windows vulnerabilities get more press because more people ... They're reporting attacks on servers at e-business sites. ... The report about e-business servers running Linux being attacked would ... it is) have flaws and vulnerabilities that allow viruses and malware to ...
    (comp.os.linux.misc)
  • Re: M$ attack on Common Sense
    ... Windows vulnerabilities get more press because more people ... They're reporting attacks on servers at e-business sites. ... The report about e-business servers running Linux being attacked would ... it is) have flaws and vulnerabilities that allow viruses and malware to ...
    (alt.computer.security)