[opendtv] Re: Tide Turning in Browser Wars?
- From: "John Willkie" <johnwillkie@xxxxxxxxxx>
- To: <opendtv@xxxxxxxxxxxxx>
- Date: Fri, 2 Jul 2004 02:22:18 +0100
Has anyone else heard that Microsoft is planning on entering the anti-virus
market? This ain't a joke, or it is one, depending on your perspective: but
it's true.
I can't wait until they release their product. If it addressed the Windows
market and it costs money, or doesn't result in a REDUCTION of the price of
Windows, I "figger" they'll be promptly sued under California's Unfair
Business Practices law (B&P Code 17200) for treble damages. So: I dare
them.
What's plain is that by wanting to enter the anti-virus market as an add-on
product, they will have an INCENTIVE to not fix problems. Most of the
exploits are well-tamed ahead of time by MS patches on
www.windowsupdate.com.
That said, I just lost a day's worth of productivity because my local
Windows 2000 installation went balky last night or this morning, resulting
in Visual Basic not working. This on a computer that has virus protection
and a Zone Alarm firewall, and was last updated from windows update on
Friday. I'm pretty good ad preventing or solving these types of problems in
a quick manner (Spybot search & destroy is my favorite program of this type)
but, the end result is that I had to de-install Visual Basic, and am now in
the process of removing Windows 2k. I note that this occurred between the
announcement of MS entering the anti-virus business, and their entry into
the business. Legal beagles will know what I mean: FUD is only a part of
the problem (for them.)
John Willkie
-----Original Message-----
From: opendtv-bounce@xxxxxxxxxxxxx
[mailto:opendtv-bounce@xxxxxxxxxxxxx]On Behalf Of Tom Barry
Sent: Friday, July 02, 2004 1:14 AM
To: opendtv@xxxxxxxxxxxxx
Subject: [opendtv] Re: Tide Turning in Browser Wars?
I thought the problem was this attack (link below), which is not yet
fixed in IE. It can allow web sites to take over your machine,
install trojans, etc.
http://news.com.com/Web+site+virus+attack+blunted/2100-7349_3-5248279.html?t
ag=cd.top
- Tom
Kon Wilms wrote:
> First I have to say this CERT news is *old news*. The mentioned IE bug
> came out, was analyzed, and fixed in windows update before they released
> this news. There is no need to *stop* using IE. Make sure you have a
> virus scanner installed, and keep it and your windows updates current.
>
> Another thing to note is that people leave their windows boxes wide
> open. I don't (can't, cause they interfere with the files) run AV
> software on the datacast boxes at work that we have in the field.
> Solution - lock the box down with IP filter and IPSEC rules. Only SSH
> gets into the servers, and everything else (including terminal services)
> is tunneled through that. The SSH user account is jailed to a home
> directory that is unreadable/writable, and has no filesystem privs. We
> have had these boxes in locations where windows boxes are constantly
> getting their asses kicked by msblaster and friends (many broadcast
> stations I consider to be the wild west). No problems for our locked
> down boxes though. And you can do the same for XP.
>
> Having said that, I run gnome desktop and linux at home. But even so I
> *still* have an openbsd firewall in place with squirrelmail. The windows
> systems are locked down with IPsec and restricted trust rules. We have
> never had a single trojan or virus here at home.
>
> Every system is vulnerable to trojans, even linux (unsigned RPMs (and
> vendors like SuSe commenting that this is how it is and how they will do
> it in future) in apt/yum repositories just prove my point) and osx.
>
> I suggest a starting point being the NSA guidelines for securing windows
> systems: http://www.nsa.gov/snac/
>
> Cheers
> Kon
>
> Craig Birkmaier wrote:
>
>
>>Just when we thought the "browser wars" were over...
>>
>>Looks like some Windows users are going to learn how difficult it is
>>to install and use an alternative Web browser to Micrisoft's flagship
>>"integrated" Internet Explorer. I started hearing about the latest
>>vulnerabilities in IE several days ago, via a tech segment on our
>>local Talk radio station. The commentator is a side-kick on a local
>>afternoon show, who also runs a company that specializes in "Digital
>>Marketing" and PC maintenance/sales. Mr. PC's (no, I'm not kidding)
>>advice is to switch to the Mozilla browser.
>>
>>Now the U.S. Computer Emergency Readiness Team is recommending that
>>people stop using IE as well. Could the hackers finally be winning
>>the war, exposing Microsoft's seemingly endless vulnerabilities?
>>Could this kind of negative publicity wake people up to the options
>>that exist for running a PC today, without paying their tithe to the
>>boys in Redmond?
>>
>>Regards
>>Craig
>>
>>
>>US-CERT ADVISES SWITCHING BROWSERS
>>In light of a recent announcement about an "extremely critical"
>>security vulnerability in Internet Explorer (IE), the U.S. Computer
>>Emergency Readiness Team (US-CERT) has issued a warning advising
>>computer users to stop using Microsoft's browser. US-CERT is a
>>nonprofit formed in September 2003 by the Department of Homeland
>>Security and the public and private sectors to improve computer
>>security preparedness and response. According to the US-CERT notice,
>>there are "significant vulnerabilities in technologies relating to the
>>IE domain/zone security model, the DHTML object model, MIME-type
>>determination, and ActiveX." The IE bug allows hackers to install
>>spyware on users' computers without any action on the part of the
>>user. The notice goes on to say that, particularly for browsing
>>untrusted sites, use of another browser is an effective way to avoid
>>the security risks mentioned.
>>Internet News, 29 June 2004
>>http://www.internetnews.com/security/article.php/3374931
>>
>>
>
>
>
>
>
> ----------------------------------------------------------------------
> You can UNSUBSCRIBE from the OpenDTV list in two ways:
>
> - Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
>
> - By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
>
>
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
Other related posts: