|
-
March 25th, 2006, 06:48 AM
#11
How can it be more securable?
The thing is that IE can be restricted by the local/domain security policy in ways that Firefox can not be.
And opera is not the fastest browser... I believe that honor goes to Links... 
-
March 25th, 2006, 07:22 AM
#12
Hmmm,
The thing is that IE can be restricted by the local/domain security policy in ways that Firefox can not be.
And the downside is that it is always "on" doing, or potentially enabling, God knows what. Also, the amount of control depends entirely on the operating system that you are running.
OK, as I see it the fundamentals are:
1. Do not run services you do not need.
2. Do not enable functionality that you do not need.
3. Do not run applications that you do not need.
That is not based on security, it is how you would get optimum performance and stability in the first instance.
We are then left with two $64,000 questions:
1. If the functionality is dangerous and should be switched off or restricted, why is it there in the first place?
2. Why do Microsoft issue so many security patches if it is merely a configuration issue?
-
March 25th, 2006, 07:20 PM
#13
And the downside is that it is always "on" doing, or potentially enabling, God knows what. Also, the amount of control depends entirely on the operating system that you are running.
It is the system shell. It will always be on if you want the computer to do anything. It is irrelevant whether you use IE for browsing, you still use IE unless you completely remove the system shell and use a different one. (Not a good idea, Windows was not designed for anything but Explorer)
OK, as I see it the fundamentals are:
1. Do not run services you do not need.
2. Do not enable functionality that you do not need.
3. Do not run applications that you do not need.
There is a bit more than that?
That is not based on security, it is how you would get optimum performance and stability in the first instance.
I believe stability to be a facet of proper security.
1. If the functionality is dangerous and should be switched off or restricted, why is it there in the first place?
Your car can go far past the speed limit, why should it be able to if you can never go that fast? The reason that the functionality is there even if it should not be used, is simple. It is needed in some cases. System updates and AV scans work much better as an ActiveX function rather than a Java applet. And vbs scripts can be used for system administration just as easily as they can be used for exploit code. But your average user cannot use these things effectively, ergo, they should be disabled (Either the scripting or the user, I don't care which).
2. Why do Microsoft issue so many security patches if it is merely a configuration issue?
How many of those patches are rendered meaningless by a proper configuration? A home user should only be vulnerable to kernel exploits if properly configured.
-
March 25th, 2006, 08:02 PM
#14
It is the system shell. It will always be on if you want the computer to do anything. It is irrelevant whether you use IE for browsing, you still use IE unless you completely remove the system shell and use a different one. (Not a good idea, Windows was not designed for anything but Explorer)
Exactly, and that is the bit I have the beef about. I believe it should be integrated , not embedded . Remember, it would be MS to MS so should give better performance than a third party stand alone.
With the three "facets" I picked on I was considering something that held good for a stand alone machine that was not at risk. No network, no internet, limited applications, say a control box for a mass spectrometer.
Stability is indeed a part of the broader concept of "security" because it is the security of the organisation's data which are part of its assets.
Your car can go far past the speed limit, why should it be able to if you can never go that fast?
Bad analogy mate, the answer is "marketing bullcrap and bragging rights"..............it is just a male pen1$ substitute. Operating systems and browsers have yet to become so AFAIK 
You are going at things from the wrong end IMO.
But your average user cannot use these things effectively, ergo, they should be disabled
You must remember in the past you had to deliberately download and install the "clever bits" from the CD? That is the way to go, or supply the system with them disabled by default. Probably a mixture of the two?
How many of those patches are rendered meaningless by a proper configuration? A home user should only be vulnerable to kernel exploits if properly configured.
The answer is "none" if you are honest. Microsoft don't spend all that money on patches and taking crap if they could get away with that argument. It all boils down to what a home user is given "out of the box"...........M$ want to dumb things down, so be it.............this is the consequence?
Also, you have to realise that there are still a lot of home users Worldwide who do not have an operating system that even supports "proper configuration" as I imagine you mean it. I have no idea about XP Home but anything before it certainly has not.
You must realise that to the home and SOHO user the computer is like a microwave, a TV, an elecric drill.................they take it out of the box and use it "as is" ..........and that is the status that needs looking at.
-
March 25th, 2006, 08:25 PM
#15
Bad analogy mate, the answer is "marketing bullcrap and bragging rights"..............it is just a male pen1$ substitute. Operating systems and browsers have yet to become so AFAIK
You haven't seen Noia's e-penis script?
Also, you have to realise that there are still a lot of home users Worldwide who do not have an operating system that even supports "proper configuration" as I imagine you mean it. I have no idea about XP Home but anything before it certainly has not.
You must realise that to the home and SOHO user the computer is like a microwave, a TV, an elecric drill.................they take it out of the box and use it "as is" ..........and that is the status that needs looking at.
So we should just pander to their ignorace as if it were unchangeable?
And NT4-XP has had the tools. I do not know about anything before NT4.
-
March 25th, 2006, 08:30 PM
#16
Originally posted here by nihil
[B]Exactly, and that is the bit I have the beef about. I believe it should be integrated , not embedded . Remember, it would be MS to MS so should give better performance than a third party stand alone.
What operating system doesn't ship with a browser... in the Linux case.. who about Window Managers?
Windows - Internet Explorer
Mac OS X - Safari
Console Linux - Lynx / Links (Btw Synja, you should have said Lynx was the fasted browser.. not Links)
Gnome - Firefox Chrome
KDE - Konqueror
I find nothing wring with IE's coexistance with Windows... Does that mean I use it... not very often (However, IE 7 looks promising) but I do use it.. more for it's embedded features actually... I use Dave's Quick Search Bar which is basically a website that displays as a search bar on your task bar... very handy... very convenient.
Bad analogy mate, the answer is "marketing bullcrap and bragging rights"..............it is just a male pen1$ substitute. Operating systems and browsers have yet to become so AFAIK
That's an awful explanation... Cars go fast because speed limits vary, because some places don't have speed limits, because some people race their cars for sport, because increased speed saves time, because having variable speed allows you more control...
The answer is "none" if you are honest. Microsoft don't spend all that money on patches and taking crap if they could get away with that argument. It all boils down to what a home user is given "out of the box"...........M$ want to dumb things down, so be it.............this is the consequence?
MS doesn't want it that way.. the home user wants it that way... I just had this sort of argument at work... MS caters to corporate and enterprise environments.. where they know the machines will be properly secured (or it's the fault of the admin)... the home user wants things simple.. How much business would they lose if you had to log out and log in as another user to install a game, or if you couldn't access all of your system as a single user... That's what keeps alot of people from switching to *nix and MS knows it.. so they are giving the users what they want.. it's smart business.. Car Manufacturers still put ashtrays in their cars even though they know that cigarettes kill.. where's the difference...
Also, you have to realise that there are still a lot of home users Worldwide who do not have an operating system that even supports "proper configuration" as I imagine you mean it. I have no idea about XP Home but anything before it certainly has not.
Any system can be properly configured... It's just a matter of knowing what steps to take and how difficult it is... besides.. XP itself is how old now.. if you're running something older... that's your fault.. it's like running a 25 year old car and wondering why it breaks down... That's not the manufacturers fault... that's the drivers fault for still driving it... Yet a car enthusiast (much like the computer enthusiast) can keep it running for quite a bit longer because they know the things they can do under the hood to make it stand up and stay together.
You must realise that to the home and SOHO user the computer is like a microwave, a TV, an elecric drill.................they take it out of the box and use it "as is" ..........and that is the status that needs looking at.
This comment here renders your comment that "that none of these patches are rendered useless by proper configuration"... most of Microsofts loopholes, vulns and exploits can be 100% eliminated by proper configuation... end user don't care about doing that.. so microsoft is kind enough to release the updates and patches... sometimes they are necessary but quite often they are simply released to make the life of people simpler.
MS is doing really well since they announced their security initiative and I'm really tired of people running it into the ground.... People don't like the company.. that's fine.. say you don't like the company... don't try and beat them to the ground behind lies and mis-truths... it just hurts your case.. it doesn't support it.
Peace
HT
-
March 25th, 2006, 08:35 PM
#17
(Btw Synja, you should have said Lynx was the fasted browser.. not Links)
I realized that after I posted... I'm just so used to using Links... Much better interface, and better rendering.
-
March 25th, 2006, 09:36 PM
#18
So we should just pander to their ignorace as if it were unchangeable?
Exactly so, that is how Microsoft and Mackintosh sell it. Sale Of Goods (implied terms) Act...........the product must be of merchantable quality and fit for purpose. "Passing off" is an offence. You buy a COTS product and you are entitled to expect it to work as advertised.
And NT4-XP has had the tools. I do not know about anything before NT4.
They don't support it. And remember that NT4 ran alongside Win95, Win 98 and Win98SE. Win ME was contemporary with Win NT5 (2000).
What operating system doesn't ship with a browser... in the Linux case.
As far as I am aware Windows is the only one that ships with an embedded browser which was what my point was about.
I find nothing wrong with IE's coexistance with Windows
Neither do I, but it should be integrated rather than embedded...........and I have the grey hairs to back that distinction up Hey, MS Office is integrated isn't it?
Incidentally, this is the way that MS intend to go. Please believe me that embedded applications are a real horror story, particularly as the mothership gets more and more complex. With an integrated system, you can develop the two in parallel, and re-integrate.
Now, if IE is extracted from the shell, MS would have the opportunity of just buying Mozilla or Opera and start afresh. If you follow the market over the years you will see that is how they operate?
Any system can be properly configured..
I eagerly await your tutorial "How to security harden DOS 5.0" with bated breath 
Sure, Microsoft is as pure as the driven snow, well...............keeps us in jobs doesn't it?
-
March 25th, 2006, 10:11 PM
#19
I eagerly await your tutorial "How to security harden DOS 5.0" with bated breath
Wow... is that a challenge?
I guess I have to find a copy of DOS 5
-
March 25th, 2006, 11:00 PM
#20
I guess I have to find a copy of DOS 5
Hmmm..................I have several,
The point is that up until XP, MS were running a domestic (effectively stand alone) range of home products, and their commercial line. Now, if someone spends the equivalent of $5,000 over here, they expect it to last, and probably at least 10 years, particularly if they don't use it that much.
You have to remember that prices in Europe are much higher than the USA, and we have very strong consumer protection laws.
In a lot of places we don't have a "throwaway" society...................we make things last, and would not waste money on upgrading a perfectly functional operating system.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
