Thanks for the detailed explanation, David. When I tried the very first
connect, I did see something similar to what you're describing. When you
connect the very first time, SNX pops up a dialog box displaying the URL
you're connecting to and asking if you're sure. It only occurs once.
When I first connected with Vista, I got a dialog box from Vista saying that
something tried to display something on the desktop but could not. It asked
me if I wanted to see it, and I answered in the affirmative. It was the
aforementioned dialog box. I accepted its prompt and everything continued as
it would on XP.
I did an SK article search on Vista and saw an article about how to get the
ActiveX controls installed, which worked. I didn't see anything on SNX
specifically.
It sort of sounds like it's not quite ready for Vista yet.
Thanks again,
Ray
From: David DeSimone <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Connectra NGX R62 on Vista - SNX woes
Date: Fri, 20 Apr 2007 20:23:53 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ray <[EMAIL PROTECTED]> wrote:
>
> "The Check Point SSL Network Extender service is marked as
> an interactive service. However, the system is configured to not
> allow interactive services. This service may not function properly."
Interactive services are a security problem.
An interactive service is one in which the service itself opens windows
on the user's desktop in order to interact with the user. However,
windows running on the same desktop are allowed to interact with each
other in ways that the original designers never intended. As a result,
it is possible for a program to subvert another program on the same
desktop, and if that other program is a service running with elevated
privileges, it results in a takeover of those privileges.
Vista is thus being proactive in denying this programming practice. You
should contact the vendor (Checkpoint) to see if they have redesigned
their system to no longer require the service to be interactive. A
better design, for instance, would be a client program that runs with
the user's privileges, and makes authenticated requests to the
background service which has extended privileges. However, that is not
something you can do; only Checkpoint can redesign their software in a
more secure manner.
- --
David DeSimone == Network Admin == [EMAIL PROTECTED]
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGKWeoFSrKRjX5eCoRAnMHAJ4pYYhrX4T7KRXmrp5zZNT9cZ8wnQCgifwj
OuYPrsURWDlB8aJMYWodYNg=
=N3Tk
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Download Messenger. Join the im Initiative. Help make a difference today.
http://im.live.com/messenger/im/home/?source=TAGHM_APR07
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
