Re: [ALERT] Remote File Execution By Web or Mail: Internet Explorer

[Bill Weiss <houdini () nmt edu>]

Glenn Valenta(glenn () coloradostudios com)@Fri, Nov 23, 2001 at 05:21:21PM -0700:
> Bill Weiss wrote:
> > Mariusz Mazur(mariusz () isn pl)@Thu, Nov 22, 2001 at 08:09:46PM +0100:
>
> > > Is this just me or maybe more people think that releasing this
> > > "advisory" (though this should be called "intimidator") was completely
> > > irresponsible and plain stupid?
> >
> > I think the point was to show us that the MS policy is stupid.  There's a
> > hole, obviously it can be found, but MS doesn't want us to know about
> > it.
>
> The main facet of the problem is that there is no way to fully disable IE and
> outlook from any MS product.  These seem to have been the foundation for most
> all of the trojans and viruses the last few years. Just disabling these
> products would have kept us safe from viruses for the last two years. I'm not
> sure how I'm going to handle this passport crap yet except to ban XP from our
> company.

Win98Lite claims to totally take IE out of Windows, and make Windows more stable
as a result.  I haven't tested it yet.

As for Outlook (Express), I've been able to take it off my machine.  It took a 
good deal of registry work, and remembering to redo everything each time I install
a IE patch.  It's nice not to worry about worms opening it, though.
 
-- Bill Weiss