Re: Windows 98 box is 'owned'; Re:

[GuidoZ <uberguidoz () gmail com>]

> My suggestion was meant to be used in addition to deploying some other
> browser and/or mail client. That way they can use IE only for the
> application and are forced to use the other browser for browsing the
> web.

I realized that, unfortunately I didn't express the problem I saw very
well. =P My fault.

It's hard to completely explain the ActiveX component without
revealing too much (security/privacy wise), which is limiting the
information I can put out to the world. (After all, I'm already
concerned about it.) I like the idea and will give it a try, although
I'll bet it will cause a problem with the way they link to the
database through the ActiveX component. (It sends them through a VPN
off to a data warehouse.) I'll bust out Poledit and see what harm it
causes. Thanks for the suggestion - I had dismissed it before thinking
it would break other aspects, but now that you got me on that path
again, it just might work.

Thanks for all the help - looks like wheels are finally starting to
turn on both ends of this problem. ;) (The java solution was accepted
- now we just have to wait for them to develop it. They estimated 4-6
months so I'm stuck with ActiveX and IE until then.)
 
> Regards
> Ansgar Wiechers

Again, appreciate the intelligent replies.

--
Peace. ~G


On Wed, 13 Oct 2004 02:41:00 +0200, Ansgar -59cobalt- Wiechers
<bugtraq () planetcobalt net> wrote:
> On 2004-10-08 GuidoZ wrote:
> > On Fri, 8 Oct 2004 21:26:46 +0200, Ansgar -59cobalt- Wiechers wrote:
> > > On 2004-10-08 GuidoZ wrote:
> > > > I'm open to other ideas too from anyone - the situation in a
> > > > nutshell is an orgranization I support needs to migrate away from
> > > > IE. (The users really can't handle the spyware and such, no matter
> > > > how hard I try to educate and prevent.) The only thing holding them
> > > > back from switching is a proprietary ActiveX application that they
> > > > use to interface with their data warehouse.
> > >
> > > I would try to lock down IE and limit access to localhost and the
> > > data warehouse host by setting the proxy to 127.0.0.1:9 except for
> > > localhost and the data warehouse host. These settings can be enforced
> > > through group policies or local policies (if you don't have a Windows
> > > 200[03] domain controller at hand). That way they could use IE for
> > > the data warehousing application, but not for surfing the web.
> >
> > While that would work quite well, unfortunately they also need to surf
> > the web. (Email too.) Hence why I'd like to get them away from IE.
> > Give them a browser they can use, but is less likely to be hijacked
> > every time I leave their workplace. =/
>
> My suggestion was meant to be used in addition to deploying some other
> browser and/or mail client. That way they can use IE only for the
> application and are forced to use the other browser for browsing the
> web.
>
> Regards
> Ansgar Wiechers
> --
> "Those who would give up liberty for a little temporary safety
> deserve neither liberty nor safety, and will lose both."
> --Benjamin Franklin