Re: Windows 98 box is 'owned'; Re:

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-10-08 GuidoZ wrote:
> On Fri, 8 Oct 2004 21:26:46 +0200, Ansgar -59cobalt- Wiechers wrote:
> > On 2004-10-08 GuidoZ wrote:
> > > I'm open to other ideas too from anyone - the situation in a
> > > nutshell is an orgranization I support needs to migrate away from
> > > IE. (The users really can't handle the spyware and such, no matter
> > > how hard I try to educate and prevent.) The only thing holding them
> > > back from switching is a proprietary ActiveX application that they
> > > use to interface with their data warehouse.
> >
> > I would try to lock down IE and limit access to localhost and the
> > data warehouse host by setting the proxy to 127.0.0.1:9 except for
> > localhost and the data warehouse host. These settings can be enforced
> > through group policies or local policies (if you don't have a Windows
> > 200[03] domain controller at hand). That way they could use IE for
> > the data warehousing application, but not for surfing the web.
>
> While that would work quite well, unfortunately they also need to surf
> the web. (Email too.) Hence why I'd like to get them away from IE.
> Give them a browser they can use, but is less likely to be hijacked
> every time I leave their workplace. =/

My suggestion was meant to be used in addition to deploying some other 
browser and/or mail client. That way they can use IE only for the
application and are forced to use the other browser for browsing the
web.


Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin