Re: local security workaroudn through IE

[kotz () FLASH NET (Robert)]

This isn't something that can be stopped (not to my knowledge at least
without messing with the OS itself). Most software companies just rely
on the fact that no one will notice that you can browse the HD with a
http browser, or any other program that has file->open. However, if the
software is good, then the only thing this will let you do is find out
what packages are installed because they will have blocked the opening
of any critical files (like *.bat, *.ini, et al). As well, most software
doesn't let you run system critical executables (stuff like regedit
which would allow you to turn off the software altogether). Anyway, it
is a nifty little trick cause it lets you browse the HD when everyone
else is sitting there thinking you can't. Oh, one more thing, if the
'run' option is still left in the start bar, the world is your oyster,
pretty much. The final interesting thing I have noticed in poking around
at my school is that Fortres101 (Grand Corporation's windows security
program) stores all of its setup files and default stuff in a hidden
directory in C: Well, that's all well and good, but netscape and IE
don't care about the hidden attribute, so you can browse through all the
default install information, and some admins won't change the default
settings, which is not a good thing. So basically, this really isn't
that much of a problem, that is, if the software is good, but then
again, we ARE talking about Windows "security" software :P. As for the
OOBing, no comment.

Robert Kotz