> Again, in a controlled intranet environment, you typically > don't have to > trust your users. With IEAK, you can, for example, disable ActiveX and > Active Scripting for every unapproved site. You can also > implement other > controls outside of IE, such as having users run without > administrative > rights. This is relatively common in large, > security-conscious enterprises, > in my experience.
Secunia clearly states the 22 unpatched holes have no work-arounds. But I don't know what that means. I'm assuming it means that if you disable active-x, take away admin rights, install firewalls, etc., you still are vulnerable. These viruses are NOT taking advantage of built-in technologies, like active-x. They are exploits of buffer overflow holes. You click a link, and the site loads executable malicious code into the machine's memory. Will that code still execute if you don't have admin rights? I don't know. But what if the virus just grabs all of your browser history? What if you've got a lot of sensitive data in your browser cache, like government secrets? -------------- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:233378 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
