Random factoid, anyone see that there was a vulnerability patched today that ONLY affected IE9? And it is reliable code execution. We are discussing it on eEye's VEF tomorrow, its pretty silly awesome. -Marc
-----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, October 10, 2011 9:02 PM To: NT System Admin Issues Subject: Re: AV and malware protection? On Mon, Oct 10, 2011 at 5:01 AM, Alan Davies <adav...@cls-services.com> wrote: > Why on earth would you encourage users not to use IE!? Again, FUD > mostly - IE is one of, if not the most secure browser out there out of the > box. While I haven't seen MSIE 9 yet, I know MSIE 8 still had what I would consider woefully insecure defaults with regards to it's "Security tab" settings, especially regarding ActiveX controls. Now, I regard ActiveX as a really bad idea to begin with -- allowing a web page to push binary executables to my PC is *not* a good idea, IMO, and I think history would support me on this one -- but if you're going to allow it, you need something a bit better than just requiring a bit of crypto thrown at it. More reasonable would be denying install to anything but Trusted Sites. If the user can't type the site name that's a fair bet they shouldn't be installing it, one way or the other. There are a number of other things, too, such as the ability to run an EXE from the web in two clicks, or allowing scripts to manipulate the browser window (Firefox does that too, I might add). Currently, a lot of it is academic, since the popular vectors today are Flash and Acrobat, but if Adobe ever gets their act together I expect we'll see renewed interest in browser security design. > Firefox not so great. Speaking of FUD, care to explain that? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin