 |  |  |  |  |  |  |  |
WinXP and IE problems. Please Read.
 |
Xp IE user woes can or could have been prevented by running/browsing IE on a Limited account.
Definition:
Limited account: Assigning limited user accounts is an effective way to prevent inexperienced or unauthorized users from changing computer settings or deleting important files. Resource:http://www.microsoft.com/windowsxp/h...ng/default.asp
This means Viruses,Trojans,Spyware,Addware,Backware,malicious scripts,malicious Codes ect........
comment made by: JOE SCHMOE
As far as I know there are still several unfixed security holes in IE dating back as far as 2 years. Hopefully these bugs will be fixed for windows users when Microsoft officially releases Windows XP SP2. Unfortunately SP2 might go as badly for some as SP1.
Big "B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough.
Definition:
Limited account: Assigning limited user accounts is an effective way to prevent inexperienced or unauthorized users from changing computer settings or deleting important files. Resource:http://www.microsoft.com/windowsxp/h...ng/default.asp
This means Viruses,Trojans,Spyware,Addware,Backware,malicious scripts,malicious Codes ect........
comment made by: JOE SCHMOE
As far as I know there are still several unfixed security holes in IE dating back as far as 2 years. Hopefully these bugs will be fixed for windows users when Microsoft officially releases Windows XP SP2. Unfortunately SP2 might go as badly for some as SP1.
Big "B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough.
"Big B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough."
Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.
Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.
•
•
•
•
Originally Posted by antioed
Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.
~Masta
The user is not the problem if the browser is calling functions at the system level. Just because the browser is opened by the user does not mean that all functions run by the browser are also run as that user...they're run on the system level. Say you hit a website and IE is trying to interpret script, the function to process that code is passed in a system level process. If that process executes code which is able to exploit a vulnerability in the OS the result could be system level privileges to execute the code of choice, the box is owned - root has been owned...because the process operates at the system level, which is independent of who is logged in or what rights they have. If they can run IE the problem still exists. Sure you could limit the users to be unable to run IE but that's not a very good solution. The culprit here is the OS itself...not the user. Patch the box!
•
•
•
•
Patch the box!
•
•
•
•
Originally Posted by )BIG"B"Affleck
Big "B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough.
People always ask me why I never patch my personal windows systems, well here is a fine example of seven worthless patches that I won't be applying. People it's not that hard to read a book or two.
Why I am not installing any of these.:
- MS03-041:
A properly configured system according to Microsoft's TFM should only allowed trsuted sites to execute ActiveX. I have included this and have gone above and beyond by configuring internet client software to run as the user CLIENT_NET which is a member of GUESTS. Even trusted code execution will be limited to this user's powers and not be able to make any non-password prompted changes to the user's environment. - MS03-042: Same as above
- MS03-043: The TFM indicates the Messsenger service should be disabled unless it is remotely filtered (so for LAN use only).
- MS03-044: The TFM suggests the disabling of the HCP protocol and users are to be directed to the local administration for support.
- MS03-045: The utility manager should not be used by normal users and should be disabled, this is covered indirectly in the TFM as well.
- MS03-046: The Exchange TFM discusses the value of filtering SMTP protocol extensions. IAS fills this role very nicely.
- MS03-047: I use exchange server 2000.
- You do the math
unstuck |
Other Threads in the Web Browsers Forum
- Previous Thread: i scanned my sys with spyware remove
- Next Thread: ie6 wont let me into certain sites....
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Web Browsers Posts
- Today's Posts
- Unanswered Threads
aiim2009 andrewlippmann android aol apple awesomebar britain browser browserproblems browsers browsing budget bug bughunt censorship childabuse china chrome client code compuserve crash defect development email eu europe exploit explorer facebook fennec fileeditmissing firefox flash gecko google government ie7 ie8 internet internet.broadband internetexplorer internetexplorer8 internetusage iphone leak linux malware media memory microsoft mitmedialab mobilebrowsers mosaic mozilla music netscape networking news newspapers newyork offline olympics onlinecommunities opensource opera opera.software patch plugins porn privacy problem safari seamonkey security server sex silverlight software survey surveys teenagers television testing thunderbird twitter u.s. uk update usenet users video web webbrowser webdevelopment webusage wikipedia worldrecord worldwideweb xp