Re: All patches, but still exploited
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 04/12/04
- Next message: David Cross [MS]: "Re: How to create a Enterprise CA certificate template in vbscript"
- Previous message: Terry Liu [MSFT]: "RE: All patches, but still exploited"
- In reply to: Greg: "Re: All patches, but still exploited"
- Next in thread: Greg: "Re: All patches, but still exploited"
- Reply: Greg: "Re: All patches, but still exploited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Apr 2004 03:08:28 -0700
If I understand you correctly:
You are saying that if you surfed the websites using default settings on XP
that it would not be exploited, but surfing the same website using default
settings on Windows Server 2003 with IE Hardening turned off would be
exploited?
Please do verify that all your IE settings between the two systems are the
same... since it's the same IE6 browser bits in both.
Finally, running IE on a server is discouraged for the exact reason that
you've experienced. Personally, I run a server as an unprivileged User with
IE Hardening enabled, and I use RUNAS in a window as administrator to do all
my admin-related work.
As for IE Hardening -- it isn't that hard to use it to browse frequent sites
(on XP Pro, I run IE even more locked down than WS03's IE Hardening, and
after initial ramp-up, it's not hard at all). It's for browsing those
random, only-once websites that the popup can get laborious, but honestly,
that is by-design for IE Hardening and suggests that your browsing pattern
is insecure.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Greg" <nospam@nospam.com> wrote in message news:OirOUOFIEHA.3248@TK2MSFTNGP12.phx.gbl... "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message news:40971695.92643173@msnews.microsoft.com... > On Sun, 11 Apr 2004 15:32:55 -0700, "Greg" <nospam@nospam.com> wrote: > Then you have to accept the risks involved with your choices. Namely, > removing added security protection from IE and using the Administrator > account while doing so. > > Jeff Nice, but that's not acceptable. I NEVER had this problem with Windows XP, which I ran since the January before it was public. What exactly makes IE under Windows 2003 more at risk? Why shouldn't Microsoft be responsible for flaws in THEIR software? Avoiding the flaws and blaming a Web surfer is NOT the way to resolve probelms. If this was the case then why has Microsoft released patches to fix security flaws in IE? Don't attack me. I posted here to find out if there was specific MS link to provide them with URLs that they can investigate for a possible flaw in IE, not to be told that it's my fault because I didn't use extra heavy duty annoyance protection.
- Next message: David Cross [MS]: "Re: How to create a Enterprise CA certificate template in vbscript"
- Previous message: Terry Liu [MSFT]: "RE: All patches, but still exploited"
- In reply to: Greg: "Re: All patches, but still exploited"
- Next in thread: Greg: "Re: All patches, but still exploited"
- Reply: Greg: "Re: All patches, but still exploited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
