The thing is that IE can be restricted by the local/domain security policy in ways that Firefox can not be.Quote:
How can it be more securable?
And opera is not the fastest browser... I believe that honor goes to Links... ;)
Printable View
The thing is that IE can be restricted by the local/domain security policy in ways that Firefox can not be.Quote:
How can it be more securable?
And opera is not the fastest browser... I believe that honor goes to Links... ;)
Hmmm,
And the downside is that it is always "on" doing, or potentially enabling, God knows what. ;) Also, the amount of control depends entirely on the operating system that you are running.Quote:
The thing is that IE can be restricted by the local/domain security policy in ways that Firefox can not be.
OK, as I see it the fundamentals are:
1. Do not run services you do not need.
2. Do not enable functionality that you do not need.
3. Do not run applications that you do not need.
That is not based on security, it is how you would get optimum performance and stability in the first instance.
We are then left with two $64,000 questions:
1. If the functionality is dangerous and should be switched off or restricted, why is it there in the first place?
2. Why do Microsoft issue so many security patches if it is merely a configuration issue?
:)
It is the system shell. It will always be on if you want the computer to do anything. It is irrelevant whether you use IE for browsing, you still use IE unless you completely remove the system shell and use a different one. (Not a good idea, Windows was not designed for anything but Explorer)Quote:
And the downside is that it is always "on" doing, or potentially enabling, God knows what. Also, the amount of control depends entirely on the operating system that you are running.
There is a bit more than that?Quote:
OK, as I see it the fundamentals are:
1. Do not run services you do not need.
2. Do not enable functionality that you do not need.
3. Do not run applications that you do not need.
I believe stability to be a facet of proper security.Quote:
That is not based on security, it is how you would get optimum performance and stability in the first instance.
Your car can go far past the speed limit, why should it be able to if you can never go that fast? The reason that the functionality is there even if it should not be used, is simple. It is needed in some cases. System updates and AV scans work much better as an ActiveX function rather than a Java applet. And vbs scripts can be used for system administration just as easily as they can be used for exploit code. But your average user cannot use these things effectively, ergo, they should be disabled (Either the scripting or the user, I don't care which).Quote:
1. If the functionality is dangerous and should be switched off or restricted, why is it there in the first place?
How many of those patches are rendered meaningless by a proper configuration? A home user should only be vulnerable to kernel exploits if properly configured.Quote:
2. Why do Microsoft issue so many security patches if it is merely a configuration issue?
Exactly, and that is the bit I have the beef about. I believe it should be integrated , not embedded . Remember, it would be MS to MS so should give better performance than a third party stand alone.Quote:
It is the system shell. It will always be on if you want the computer to do anything. It is irrelevant whether you use IE for browsing, you still use IE unless you completely remove the system shell and use a different one. (Not a good idea, Windows was not designed for anything but Explorer)
With the three "facets" I picked on I was considering something that held good for a stand alone machine that was not at risk. No network, no internet, limited applications, say a control box for a mass spectrometer.
Stability is indeed a part of the broader concept of "security" because it is the security of the organisation's data which are part of its assets.
Bad analogy mate, the answer is "marketing bullcrap and bragging rights"..............it is just a male pen1$ substitute. Operating systems and browsers have yet to become so AFAIK :DQuote:
Your car can go far past the speed limit, why should it be able to if you can never go that fast?
You are going at things from the wrong end IMO.You must remember in the past you had to deliberately download and install the "clever bits" from the CD? That is the way to go, or supply the system with them disabled by default. Probably a mixture of the two?Quote:
But your average user cannot use these things effectively, ergo, they should be disabled
The answer is "none" if you are honest. Microsoft don't spend all that money on patches and taking crap if they could get away with that argument. It all boils down to what a home user is given "out of the box"...........M$ want to dumb things down, so be it.............this is the consequence?Quote:
How many of those patches are rendered meaningless by a proper configuration? A home user should only be vulnerable to kernel exploits if properly configured.
Also, you have to realise that there are still a lot of home users Worldwide who do not have an operating system that even supports "proper configuration" as I imagine you mean it. I have no idea about XP Home but anything before it certainly has not.
You must realise that to the home and SOHO user the computer is like a microwave, a TV, an elecric drill.................they take it out of the box and use it "as is" ..........and that is the status that needs looking at.
:)
You haven't seen Noia's e-penis script?Quote:
Bad analogy mate, the answer is "marketing bullcrap and bragging rights"..............it is just a male pen1$ substitute. Operating systems and browsers have yet to become so AFAIK
So we should just pander to their ignorace as if it were unchangeable?Quote:
Also, you have to realise that there are still a lot of home users Worldwide who do not have an operating system that even supports "proper configuration" as I imagine you mean it. I have no idea about XP Home but anything before it certainly has not.
You must realise that to the home and SOHO user the computer is like a microwave, a TV, an elecric drill.................they take it out of the box and use it "as is" ..........and that is the status that needs looking at.
And NT4-XP has had the tools. I do not know about anything before NT4.
What operating system doesn't ship with a browser... in the Linux case.. who about Window Managers?Quote:
Originally posted here by nihil
[B]Exactly, and that is the bit I have the beef about. I believe it should be integrated , not embedded . Remember, it would be MS to MS so should give better performance than a third party stand alone.
Windows - Internet Explorer
Mac OS X - Safari
Console Linux - Lynx / Links (Btw Synja, you should have said Lynx was the fasted browser.. not Links)
Gnome - Firefox Chrome
KDE - Konqueror
I find nothing wring with IE's coexistance with Windows... Does that mean I use it... not very often (However, IE 7 looks promising) but I do use it.. more for it's embedded features actually... I use Dave's Quick Search Bar which is basically a website that displays as a search bar on your task bar... very handy... very convenient.
That's an awful explanation... Cars go fast because speed limits vary, because some places don't have speed limits, because some people race their cars for sport, because increased speed saves time, because having variable speed allows you more control...Quote:
Bad analogy mate, the answer is "marketing bullcrap and bragging rights"..............it is just a male pen1$ substitute. Operating systems and browsers have yet to become so AFAIK :D
MS doesn't want it that way.. the home user wants it that way... I just had this sort of argument at work... MS caters to corporate and enterprise environments.. where they know the machines will be properly secured (or it's the fault of the admin)... the home user wants things simple.. How much business would they lose if you had to log out and log in as another user to install a game, or if you couldn't access all of your system as a single user... That's what keeps alot of people from switching to *nix and MS knows it.. so they are giving the users what they want.. it's smart business.. Car Manufacturers still put ashtrays in their cars even though they know that cigarettes kill.. where's the difference...Quote:
The answer is "none" if you are honest. Microsoft don't spend all that money on patches and taking crap if they could get away with that argument. It all boils down to what a home user is given "out of the box"...........M$ want to dumb things down, so be it.............this is the consequence?
Any system can be properly configured... It's just a matter of knowing what steps to take and how difficult it is... besides.. XP itself is how old now.. if you're running something older... that's your fault.. it's like running a 25 year old car and wondering why it breaks down... That's not the manufacturers fault... that's the drivers fault for still driving it... Yet a car enthusiast (much like the computer enthusiast) can keep it running for quite a bit longer because they know the things they can do under the hood to make it stand up and stay together.Quote:
Also, you have to realise that there are still a lot of home users Worldwide who do not have an operating system that even supports "proper configuration" as I imagine you mean it. I have no idea about XP Home but anything before it certainly has not.
This comment here renders your comment that "that none of these patches are rendered useless by proper configuration"... most of Microsofts loopholes, vulns and exploits can be 100% eliminated by proper configuation... end user don't care about doing that.. so microsoft is kind enough to release the updates and patches... sometimes they are necessary but quite often they are simply released to make the life of people simpler.Quote:
You must realise that to the home and SOHO user the computer is like a microwave, a TV, an elecric drill.................they take it out of the box and use it "as is" ..........and that is the status that needs looking at.
:)
MS is doing really well since they announced their security initiative and I'm really tired of people running it into the ground.... People don't like the company.. that's fine.. say you don't like the company... don't try and beat them to the ground behind lies and mis-truths... it just hurts your case.. it doesn't support it.
Peace
HT
Quote:
(Btw Synja, you should have said Lynx was the fasted browser.. not Links)
I realized that after I posted... I'm just so used to using Links... Much better interface, and better rendering.
Exactly so, that is how Microsoft and Mackintosh sell it. Sale Of Goods (implied terms) Act...........the product must be of merchantable quality and fit for purpose. "Passing off" is an offence. You buy a COTS product and you are entitled to expect it to work as advertised.Quote:
So we should just pander to their ignorace as if it were unchangeable?
They don't support it. And remember that NT4 ran alongside Win95, Win 98 and Win98SE. Win ME was contemporary with Win NT5 (2000).Quote:
And NT4-XP has had the tools. I do not know about anything before NT4.
As far as I am aware Windows is the only one that ships with an embedded browser which was what my point was about.Quote:
What operating system doesn't ship with a browser... in the Linux case.
Neither do I, but it should be integrated rather than embedded...........and I have the grey hairs to back that distinction up ;) Hey, MS Office is integrated isn't it?Quote:
I find nothing wrong with IE's coexistance with Windows
Incidentally, this is the way that MS intend to go. Please believe me that embedded applications are a real horror story, particularly as the mothership gets more and more complex. With an integrated system, you can develop the two in parallel, and re-integrate.
Now, if IE is extracted from the shell, MS would have the opportunity of just buying Mozilla or Opera and start afresh. If you follow the market over the years you will see that is how they operate?
I eagerly await your tutorial "How to security harden DOS 5.0" with bated breath :cool:Quote:
Any system can be properly configured..
Sure, Microsoft is as pure as the driven snow, well...............keeps us in jobs doesn't it?
Wow... is that a challenge?Quote:
I eagerly await your tutorial "How to security harden DOS 5.0" with bated breath
I guess I have to find a copy of DOS 5
Hmmm..................I have several, :DQuote:
I guess I have to find a copy of DOS 5
The point is that up until XP, MS were running a domestic (effectively stand alone) range of home products, and their commercial line. Now, if someone spends the equivalent of $5,000 over here, they expect it to last, and probably at least 10 years, particularly if they don't use it that much.
You have to remember that prices in Europe are much higher than the USA, and we have very strong consumer protection laws.
In a lot of places we don't have a "throwaway" society...................we make things last, and would not waste money on upgrading a perfectly functional operating system.
;)