Re: Are Java and JavaScript really so malicious for Windows system
From: fluidly unsure (dripping_at_mailinator.com)
Date: 11/29/05
- Next message: S. Pidgorny
: "Re: CRL caching and smart card logon" - Previous message: Steven L Umbach: "Re: Change Administrator Password when expired"
- In reply to: Alun Jones: "Re: Are Java and JavaScript really so malicious for Windows system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Nov 2005 07:37:23 GMT
Alun Jones wrote:
> Ian wrote:
>
>>IMHO, enforcing a company policy that Internet Explorer shall only be
>>used on trusted sites would be far more effective. Other sites would be
>>accessed with Firefox, Mozilla or Opera.
>
>
> Why? How do these browsers secure you in a way that Internet Explorer
> doesn't? More precisely, other than "we haven't yet seen as many
> vulnerabilities", what makes you think these browsers are inherently more
> secure? Please point to technology and process, rather than statistics and
> history.
>
1. The animation/scripting in IE is so powerful that it is an easy to
exploit. This is getting better, but holes still need plugging.
2. The animation/scripting in IE is so powerful that once the bad guys
get in, the game is over and you lost.
3. Scripting is not easy to get around in IE. In FF it is much easier to
turn off Java/JavaScript/SW_Installation/plugin/extension. It can be
done, but only by jumping through hoops with regedits and the like. I
wish MS focused on ease-of-security in addition to ease-of-use.
4. IE's model is too integrated with the OS kernel. If IE is corrupted,
the whole OS can be also. In FF, crashes (it does occur) have never
taken one of my machines down. XP is definitely better here than
previous releases, but still not perfect.
> I would suggest enforcing a company policy that only trusted sites will be
> allowed. Full-stop. No "unless you're using a browser that's not seen as
> much action".
Let me know how you do that. My users are not always as cooperative as
yours seems to be.
>>As for running as a restricted user, I think most admins agree that while
>>that is practical on Linux, on Windows it's largely unworkable. You'd
>>spend half your time just logging-on and logging-off again and again.
>
> And a dozen years ago, when I started writing WFTPD, "Windows is too
> unstable to use as an FTP server".
>
> Fight the evil, don't perpetuate it. Insist on applications that work
> without being administrator.
Agreed!
Unfortunately there are so few. But there seems to be a push at MCP.COM
to show developers how to do this.
Aaron Margosis's utility (MakeMeAdmin) seems to be a good step in the
right direction.
>
> Alun.
> ~~~~
> [Please don't email posters, if a Usenet response is appropriate.]
-- Liquid
- Next message: S. Pidgorny
: "Re: CRL caching and smart card logon" - Previous message: Steven L Umbach: "Re: Change Administrator Password when expired"
- In reply to: Alun Jones: "Re: Are Java and JavaScript really so malicious for Windows system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
