- From: "Lionel Fourquaux" <use-reply-to@xxxxxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 15:27:07 +0100
"fluidly unsure" <dripping@xxxxxxxxxxxxxx> a écrit dans le message de news: TyTif.19399$BZ5.10825@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. The animation/scripting in IE is so powerful that it is an easy to exploit. This is getting better, but holes still need plugging.
Other browsers have parallel compabilities (scripting, binary extensions).
2. The animation/scripting in IE is so powerful that once the bad guys get in, the game is over and you lost.
Whatever the browser, once you break out of the sandbox, your account is compromized.
Very difficult registry hack: set the security zone to High for Internet sites.
4. IE's model is too integrated with the OS kernel. If IE is corrupted, the whole OS can be also. In FF, crashes (it does occur) have never taken one of my machines down. XP is definitely better here than previous releases, but still not perfect.
IE is integrated with the OS in the same sense as a standard library is part of the OS. It's not part of the kernel, and doesn't give special privileges to applications using it.
Let me know how you do that. My users are not always as cooperative as yours seems to be.
Use a firewall box between your network and the outside?
As for running as a restricted user, I think most admins agree that while
that is practical on Linux, on Windows it's largely unworkable. You'd
spend half your time just logging-on and logging-off again and again.
I'm running as a limited user. The user experience can be improved (runas is not very user-friendly), but it's not that much trouble.
- From: fluidly unsure
- From: Mister Kurtz