I thought the problem was this attack (link below), which is not yet fixed in IE. It can allow web sites to take over your machine, install trojans, etc. http://news.com.com/Web+site+virus+attack+blunted/2100-7349_3-5248279.html?tag=cd.top - Tom Kon Wilms wrote: > First I have to say this CERT news is *old news*. The mentioned IE bug > came out, was analyzed, and fixed in windows update before they released > this news. There is no need to *stop* using IE. Make sure you have a > virus scanner installed, and keep it and your windows updates current. > > Another thing to note is that people leave their windows boxes wide > open. I don't (can't, cause they interfere with the files) run AV > software on the datacast boxes at work that we have in the field. > Solution - lock the box down with IP filter and IPSEC rules. Only SSH > gets into the servers, and everything else (including terminal services) > is tunneled through that. The SSH user account is jailed to a home > directory that is unreadable/writable, and has no filesystem privs. We > have had these boxes in locations where windows boxes are constantly > getting their asses kicked by msblaster and friends (many broadcast > stations I consider to be the wild west). No problems for our locked > down boxes though. And you can do the same for XP. > > Having said that, I run gnome desktop and linux at home. But even so I > *still* have an openbsd firewall in place with squirrelmail. The windows > systems are locked down with IPsec and restricted trust rules. We have > never had a single trojan or virus here at home. > > Every system is vulnerable to trojans, even linux (unsigned RPMs (and > vendors like SuSe commenting that this is how it is and how they will do > it in future) in apt/yum repositories just prove my point) and osx. > > I suggest a starting point being the NSA guidelines for securing windows > systems: http://www.nsa.gov/snac/ > > Cheers > Kon > > Craig Birkmaier wrote: > > >>Just when we thought the "browser wars" were over... >> >>Looks like some Windows users are going to learn how difficult it is >>to install and use an alternative Web browser to Micrisoft's flagship >>"integrated" Internet Explorer. I started hearing about the latest >>vulnerabilities in IE several days ago, via a tech segment on our >>local Talk radio station. The commentator is a side-kick on a local >>afternoon show, who also runs a company that specializes in "Digital >>Marketing" and PC maintenance/sales. Mr. PC's (no, I'm not kidding) >>advice is to switch to the Mozilla browser. >> >>Now the U.S. Computer Emergency Readiness Team is recommending that >>people stop using IE as well. Could the hackers finally be winning >>the war, exposing Microsoft's seemingly endless vulnerabilities? >>Could this kind of negative publicity wake people up to the options >>that exist for running a PC today, without paying their tithe to the >>boys in Redmond? >> >>Regards >>Craig >> >> >>US-CERT ADVISES SWITCHING BROWSERS >>In light of a recent announcement about an "extremely critical" >>security vulnerability in Internet Explorer (IE), the U.S. Computer >>Emergency Readiness Team (US-CERT) has issued a warning advising >>computer users to stop using Microsoft's browser. US-CERT is a >>nonprofit formed in September 2003 by the Department of Homeland >>Security and the public and private sectors to improve computer >>security preparedness and response. According to the US-CERT notice, >>there are "significant vulnerabilities in technologies relating to the >>IE domain/zone security model, the DHTML object model, MIME-type >>determination, and ActiveX." The IE bug allows hackers to install >>spyware on users' computers without any action on the part of the >>user. The notice goes on to say that, particularly for browsing >>untrusted sites, use of another browser is an effective way to avoid >>the security risks mentioned. >>Internet News, 29 June 2004 >>http://www.internetnews.com/security/article.php/3374931 >> >> > > > > > > ---------------------------------------------------------------------- > You can UNSUBSCRIBE from the OpenDTV list in two ways: > > - Using the UNSUBSCRIBE command in your user configuration settings at > FreeLists.org > > - By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word > unsubscribe in the subject line. > > ---------------------------------------------------------------------- You can UNSUBSCRIBE from the OpenDTV list in two ways: - Using the UNSUBSCRIBE command in your user configuration settings at FreeLists.org - By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.