Re: All patches, but still exploited
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 04/12/04
- Next message: Roger Abell [MVP]: "Re: All patches, but still exploited"
- Previous message: Greg: "Re: All patches, but still exploited"
- In reply to: Greg: "Re: All patches, but still exploited"
- Next in thread: Terry Liu [MSFT]: "RE: All patches, but still exploited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Apr 2004 09:36:47 -0700
"Greg" <nospam@nospam.com> wrote in message
news:OirOUOFIEHA.3248@TK2MSFTNGP12.phx.gbl...
> "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
> news:40971695.92643173@msnews.microsoft.com...
>> On Sun, 11 Apr 2004 15:32:55 -0700, "Greg" <nospam@nospam.com> wrote:
>> Then you have to accept the risks involved with your choices. Namely,
>> removing added security protection from IE and using the Administrator
>> account while doing so.
>>
>> Jeff
>
> Nice, but that's not acceptable. I NEVER had this problem with Windows
> XP,
> which I ran since the January before it was public. What exactly makes IE
> under Windows 2003 more at risk? Why shouldn't Microsoft be responsible
> for
> flaws in THEIR software? Avoiding the flaws and blaming a Web surfer is
> NOT
> the way to resolve probelms. If this was the case then why has Microsoft
> released patches to fix security flaws in IE?
>
> Don't attack me. I posted here to find out if there was specific MS link
> to
> provide them with URLs that they can investigate for a possible flaw in
> IE,
> not to be told that it's my fault because I didn't use extra heavy duty
> annoyance protection.
>
>
Greg,
OK, let us buy into IE having been the entry vector.
I am not sure whether IE in XP as compared to W2k3 has
any exposures that differ, and I tend to believe that if IE was
the entry then this would have happened had you been using
IE is XP.
Past success is not a valid predictor for future safety as things
are constantly changing (or to rephrase, that you had no issues
in XP is only a historical statement and cannot be used to infer
that IE in W2k3 is the issue). For this reason I have resored to use
of Qwik-fix from www.pivx.com for a long time when I am in need
of IE usage. It does break some functionality, but it also does
stay ahead of the MS patch rate for its bundled IE functionality.
Let me say one last time however that having a restricted account,
and then R-shift R-click IE to RunAs launch it (and new window then
to get a few browser windows) is only a small annoyance for the
added safety it brings compared to surfing as an admin.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCDBA, MCSE W2k3+W2k+Nt4
- Next message: Roger Abell [MVP]: "Re: All patches, but still exploited"
- Previous message: Greg: "Re: All patches, but still exploited"
- In reply to: Greg: "Re: All patches, but still exploited"
- Next in thread: Terry Liu [MSFT]: "RE: All patches, but still exploited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
