Re: Are Java and JavaScript really so malicious for Windows system



"fluidly unsure" <dripping@xxxxxxxxxxxxxx> a écrit dans le message de news: TyTif.19399$BZ5.10825@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. The animation/scripting in IE is so powerful that it is an easy to
exploit. This is getting better, but holes still need plugging.

Other browsers have parallel compabilities (scripting, binary extensions).

2. The animation/scripting in IE is so powerful that once the bad guys
get in, the game is over and you lost.

Whatever the browser, once you break out of the sandbox, your account is compromized.


3. Scripting is not easy to get around in IE. In FF it is much easier to
turn off Java/JavaScript/SW_Installation/plugin/extension. It can be
done, but only by jumping through hoops with regedits and the like. I
wish MS focused on ease-of-security in addition to ease-of-use.

Very difficult registry hack: set the security zone to High for Internet sites.


4. IE's model is too integrated with the OS kernel. If IE is corrupted,
the whole OS can be also. In FF, crashes (it does occur) have never
taken one of my machines down. XP is definitely better here than
previous releases, but still not perfect.

IE is integrated with the OS in the same sense as a standard library is part of the OS. It's not part of the kernel, and doesn't give special privileges to applications using it.


Let me know how you do that. My users are not always as cooperative as
yours seems to be.

Use a firewall box between your network and the outside?

As for running as a restricted user, I think most admins agree that while
that is practical on Linux, on Windows it's largely unworkable. You'd
spend half your time just logging-on and logging-off again and again.

I'm running as a limited user. The user experience can be improved (runas is not very user-friendly), but it's not that much trouble.


.