Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 48

Thread: New Phishing Flaw in Internet Explorer

  1. #21
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Why is IE evil??? Because users choose to run it in the default configuration?
    No, because M$ chooses to ship it as such...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #22
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by brokencrow
    No, because M$ chooses to ship it as such...
    Ok... so we've established you've got no IT knowledge and in addition no business knowledge.

    Do you really think that it would make business sense to ship out XP locked down??? nope.. no one would buy it or use it... People want freedom.. not restrictions.... When you realize that come back and chat... I'll be more than happy to... but until then you're just being foolish.. .and I've got no need to waste my time.

  3. #23
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    ...and I've got no need to waste my time.
    Uhhh...so that's why you replied? You're a hard guy to figure, HT. Then again, maybe not...

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #24
    Junior Member
    Join Date
    Apr 2006
    Posts
    19
    <soapbox>
    Internet Explorer will always be a bigger risk for the unlearned home users who run everything as a priviledged account. Yes, Firefox and the other browsers are at risk too in that setting, but they don't suffer from the further fatal flaw of being embedded into the operating system.
    </soapbox>

    Seriously, I'm not trying to start an argument or another MS is [better|worse] than open source, and when properly configured IE seems to be just as secure as any other segregated application. But in it's default setting, which is how the majority of people use it, using IE is asking for trouble more so than any other browser.
    zencoder, being new to security, and i will ask our network administrators, but i was wondering, how do we actually better secure IE? do i go to Tools->Internet Options->Security and change the setting there? or is it through patching, or both? i won't touch, just wanted to know, and again i will contact our tech support on this and ask, just thought i would ask here as well.

    also did MS release something to fix this issue, should we go to something else in the meantime?

    i just saw the MS security site, i suppose one of many, and not surprisingly, MS has their hands full and they are doing a lot! http://www.microsoft.com/security/default.mspx

    hrmm, i am betting the linux and the new mac os will be experiencing the same type of thing as they grow in popularity; probably nothing new to you all, i just realized this.

    looks like some good reading out there. deeboe, thank you for posting this!
    He who asks is a fool for five minutes, but he who does not ask remains a fool forever.

    --Chinese proverb

  5. #25
    Hey -

    Yes, increasing the security level for the internet zone will lower the functionality of IE. This will reduce the number of threats against it. Patching will mitigate known vulnerabilities. If you can do your surfing under a user account, then the level of exploitation possible through the browser will be greatly limited as well.

    Originally posted here by Guan-Di
    zencoder, being new to security, and i will ask our network administrators, but i was wondering, how do we actually better secure IE? do i go to Tools->Internet Options->Security and change the setting there? or is it through patching, or both? i won't touch, just wanted to know, and again i will contact our tech support on this and ask, just thought i would ask here as well.

    also did MS release something to fix this issue, should we go to something else in the meantime?

    i just saw the MS security site, i suppose one of many, and not surprisingly, MS has their hands full and they are doing a lot! http://www.microsoft.com/security/default.mspx

    hrmm, i am betting the linux and the new mac os will be experiencing the same type of thing as they grow in popularity; probably nothing new to you all, i just realized this.

    looks like some good reading out there. deeboe, thank you for posting this!

  6. #26
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    *sigh* HTRegz, don't bother with him.. since I'm less knowledgeable than anyone in IT, let me handle this..

    brokencrow: Imagine having two people, each with their own machine. Now, hypothetically.. one has a WinXP machine and the other has a Red Hat 9.0 or insert*nixdistrohere. Alright, now.. Mr. WinXP follows typical security practices.. downloads patches for ALL his software and his OS.. updates A/V and A/V signatures.. configures a firewall with set rules and permissions.. all around, secures his box in each way that he could. On the other hand, Mr. *nixdistro does NOTHING. Never updates any software, never checks the OS distributers site or whatever for patches, updates, etc.. NOTHING.

    With that in mind, which machine would probably and most likely have less attacks against them be performed successful? Better yet, which machine would run more efficiently altogether? If you still say the *nix one, you have problems..

    Just a little comparison to help you understand what HTRegz tried to tell you. It's not always the software that makes the security of it (actually, change not always to never). It's the security around the software (set by the user) that makes the software.
    Space For Rent.. =]

  7. #27
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Hypotheticals are great and all, but let's talk reality.

    Mr. XP very often follows no security practices. He'll update Windows automatically sometimes, if they've got SP2. Sometimes not. He'll update their AV if it's automatic, but often it's not. Then there's the fact Mr. XP is using the most attacked OS on the market. So there's a constant barrage of new viruses, many of which his AV won't handle. Then there's spyware, the newest setting their hooks deep into the OS via rootkits. Now Mr. XP loves the fact he can so easily install software, he doesn't even need a password or anything. And so do rogue programmers. And poor Mr. XP, using a web browser chocked with ActiveX, has software installed for him all the time, unbeknownst to him. So in the end, Mr. XP has a slow computer, running God-knows-what, with no clue what to do but go and buy a new one (what a great business model).

    Now Mr. Ubuntu on the other hand (or Mr. Suse or Mr. Apple) are using OS's for which few viruses are written. OS's for which spyware is almost non-existent. Wasn't it only just this year the very first trojan (a rather toothless trojan at that) was written for Apple's OS? And how many years have trojans been written for Windows? All these OS's come with default security settings just like Windows. They come with firewalls. They come with AV if you want it (of course, this isn't such a concern for Mr. Ubuntu or Mr. Apple). They have update features similar to Windows. Mr. Ubuntu can rather easily install software as long as he remembers his password. Same for Mr. Apple and Mr. Suse. They can't just willy-nilly install apps on their PC's as mindlessly as Mr. XP, which is probably good (unless of course your in the mindless software business!). And Mr. Ubuntu is running a modular OS that makes it tougher to get rogue apps like spyware to reach to the kernel, unlike poor Mr. XP, who's using a web browser which when compromised takes viruses and spyware right to the Windows kernel.

    I'm reminded of a commercial real estate appraiser who migrated his office to Apples after shucking Windows. Now his computers are never slowed by spyware. His risk of viruses is much lower than with Windows. Since there's a dearth of apps for Apple, he's got less worries about employees throwing any old app on his computers. And he's never looked back.

    Now, what were you saying?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #28
    Junior Member
    Join Date
    Jan 2006
    Posts
    25
    brokencow are we to understand that as a refutation to what you call hypotheticals you have replied with a hypothetical argument claiming that for environments at the lowest level of maturity that security by obscurity is the best choice?

    in light of this you cannot be wondering why an increasing number of users have claimed no faith in your information technology knowledge. because i agree with these users i will not spend the time required to correct your post.

    i do hope that some day you can come back to your post and ponder how far you have come.

  9. #29
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I'm pondering what you find so hypothetical in my last. And where did you get this: "...security by obscurity is the best choice"?

    I never said any such thing nor did I infer it. My point was simply that the Linux systems I've run have 1) OS update features built in to them, just like Windows, 2) have full AV capabilities, 3) have a more secure installation routine (password required), 4) are much less targeted by virii and spyware, and 5) are not as easily attacked because of design.

    What with the attacks on my character? Surely you can do better than that...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #30
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    And where did you get this: "...security by obscurity is the best choice"?
    You didn't say "security by obscurity is the best choice," but the following excerpt from your post could be interpreted to imply that less "popular" OSs have an advantage.

    Now Mr. Ubuntu on the other hand (or Mr. Suse or Mr. Apple) are using OS's for which few viruses are written. OS's for which spyware is almost non-existent. Wasn't it only just this year the very first trojan (a rather toothless trojan at that) was written for Apple's OS? And how many years have trojans been written for Windows?]
    If you are using this as an advantage for Linux, Mac, you might want to explain why fewer viruses are written? E.g. "Is it because they are less popular systems, or is it because they are harder to write viruses for/"
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •