Re: "US-CERT: Turn Off ActiveX for Security"

[Nick FitzGerald <nick () virus-l demon co uk>]

Paul Vixie wrote:

> http://www.betanews.com/article/USCERT_Turn_Off_ActiveX_for_Security/1162483029

No news here -- as CERT says in the article, they have strongly 
suggested disabling ActiveX before.

They've also -- about two years back IIRC -- suggested that IE is such 
a pile of steaming poo (OK -- that's my phrasing, not CERT's) that 
you'd be mad to allow it to be used for browsing on the Internet, and I 
don't recall them ever countermanding that suggestion.

Until MS admits that the "restricted sites" zone is where "the internet 
as a whole" should be, by deafult, _AND_ makes it damn near impossible 
for idiots -- sorry, "unmanaged users" -- to alter those settings, it 
and its users necessarily face the other consequences of the extremely 
stupid "security design" of this browser and its almost "exploit at 
will" -- sorry, "ActiveX" -- technology.

Of course, now that MS is also in the business of selling "additional" 
protective technologies do we think it is at all likely that MS will be 
much inclined to improve meatters in this regard?


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.