Re: Spyware and Adware affect every internet user

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in
news:4bvat0F137n2jU1@xxxxxxxxxxxxxx:

Fuzzy Logic wrote:

You're wrong, these flaws are getting exploited all day long. This
has actually gone so far that Microsoft declared some of them to be
features.
References?
<http://technet2.microsoft.com/WindowsServer/en/Library/22fffeb1-66a3-4
d5c -bc12-def57c3354fa1033.mspx>

I was referring to the flaws that are getting 'exploited all day long'.

This is one.

Which is?

While this is true our locked down configuration of IE has emerged
unscathed.

Nah, you just didn't meet the right exploits yet.

But since you say they are so pervasive and we have hundreds of users using IE on a daily basis for years
you think we might encounter one?

Paranoia is a strong motivator (remember weapons of mass destruction). In reality most of these 'threats' are
overblown and can easily be thwarted with common sense and proper configuration.

For any real webbrowser you can assume that it can't be exploitable
until some vulnerability becomes public, and even then you can already
have the workaround in place, having set up some configuration to
limit the impact or not being vulnerable due to hardening.

That's the current situation for us with IE.

Wrong, as for some (even critical) vulnerabilities there are no such
things like safe configuration or workaround.

So you say. It's certainly not been my experience.

BTW, you think misusing IE as a webbrowser is a credible state?

Huh? If IE isn't a web browser I'm not sure what it is? It may not be a web browser that YOU approve of but it's
still a web browser none the less.
.

Relevant Pages

  • [NEWS] CBOS Web-based Configuration Utility Vulnerability
    ... CBOS Web-based Configuration Utility Vulnerability ... Multiple vulnerabilities have been identified and fixed in the Cisco ... No other releases of CBOS software are affected by this vulnerability. ... When the Cisco 600 series router is accessed via telnet via multiple ...
    (Securiteam)
  • RE: SecureIIS - protecting IIS
    ... How would you patch/harden your server ... Subject: SecureIIS - protecting IIS ... >::$DATA .asp file view source vulnerability. ... Actually a good configuration would have performed very well here. ...
    (Focus-Microsoft)
  • [NEWS] D-Link Access Point DWL-900AP+ TFTP Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... vulnerability that could be exploited by a potential intruder to gain full ... - The network configuration data. ... the critical data) could be accessed world-wide. ...
    (Securiteam)
  • Re: Port forwarding not working
    ... WAN Configuration ... Enable auto reconnect to ISP when lauching web browser? ... name and password to the router administration web configuration page. ...
    (microsoft.public.windows.server.networking)
  • Re: Spyware and Adware affect every internet user
    ... removes the offending code. ... vulnerability is discovered. ... IE is 100% insecure, independent of configuration, without a new ... functionality or security requirements must be very low. ...
    (comp.security.misc)