|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: IE questions
Bill_Roswell
oxy.com
Date: Sat May 01 2004 - 07:27:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Harlan and Andy,
ActiveX is the source of almost all IE browser malicious code. A better
solution is to turn ActiveX to prompt and educate the user only to say
yes on known web sites.
-Bill
-----Original Message-----
From: Harlan Carvey [mailto:keydet89yahoo.com]
Sent: Friday, April 30, 2004 12:29 PM
To: Andy Pham; focus-mssecurityfocus.com
Subject: Re: IE questions
Andy,
It doesn't sound as if you need to go w/ everything,
maybe just ActiveX.
Do you have A/V software installed and updated on your
user's systems? How about IDS and egress filtering on
the infrastructure? These are some things that can
help mitigate some of the risk...
--- Andy Pham <apham2575hotmail.com> wrote:
> Hello,
>
> I'm not sure if my first email went thru or it's
> stuck somewhere because of
> the wrong email address. Anyway, we're currently
> blocking ActiveX,
> JavaScript and active scripting in IE. It has been
> working ok for us, but
> we heard a lots of complains because the users
> couldn't get to the sites
> that require ActiveX turn on (most of commercial
> sites). So my questions
> are
>
> What are the risks of turn everything on in IE? Is
> staying current with
> service packs help? Is there any work around if we
> decide to keep
> ActiveX...off? Any suggestions are appreciated.
>
> AP
>
> p.s: And I don't want to go with Mozilla browser....
>
>
_________________________________________________________________
> Stop worrying about overloading your inbox - get MSN
> Hotmail Extra Storage!
>
http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362
ave/direct/01/
>
>
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]