Firefox Question

[Ron Lopshire]

Could you explain that, please? Lock it down?

I never use IE, not even if I quite want to visit a site that requires
it, because every time I do, settings are changed and my whole setup is
off-kilter.

Chak

Chak,

I only use IE for dealing with Microsoft. I use Firefox, Opera, K-Meleon and Netscape 7.2 (not 8). I will bag Netscape and go with SeaMonkey when it comes out of Beta. Here is how I use IE for Microsoft Updates with WinXP:

1) Download Enough Is Enough! and IE-SPYAD from Eric Howes' Web Site:
(https://netfiles.uiuc.edu/ehowes/www/resource6.htm)
(https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD)

2) Install Enough Is Enough! and IE-SPYAD. Pay attention to Eric's note on not using the 16-bit app Choice.com, particularly if you have or have ever had any Symantec (I'll be nice here) software on your system.

3) Right click your IE icon (or go to Control Panel, Internet Options) and select Properties.

i) Set the IE Startup/Home Page to a Microsoft site like:
(http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us)
ii) Under Tools ... Options, Security Tab, click the Default Level button.
This will enable ActiveX and a whole bunch of other unsecure crap.
If you get any malware from MS, call Bill Gates. <g>

4) Start IE.

5) With ActiveX enabled, you should not get the annoying 'Validation Required' page more than once. If you haven't done so, switch from Windows (and Office) Updates to Microsoft Updates. This involves downloading a new Installer, Windows Authentication Tool and all of the associated ActiveX controls. Check for critical updates. Download and install anything that you want or need.

6) Close IE.

7) Rerun Enough is Enough!

Your MS IE should now be locked down until the next time that you absolutely, positively have to use it.

FWIW, I set my WinXP system to notify me of any critical updates. When I see a yellow shield on my taskbar, I go to the Microsoft Updates page, and as long as the update(s) doesn't want to change any of my security settings, I usually just let it download and install whatever WinXP feature/utility that it wants to. This works well for me. YMMV.

Ron

 

[George]

What you say is true. Active X can be disabled but how many users do
you think actually disable it or even know that it poses a threat?

 

[Chakolate]

Your MS IE should now be locked down until the next time that you
absolutely, positively have to use it.

Thanks, sounds good.

Chak


--
alt.support.menopause has a Frappr group! Go see what we look like:

http://www.frappr.com/altsupportmenopause

"Why waste time learning when ignorance is instantaneous?"
--Bill Watterson, Calvin and Hobbes

 

[Fuzzy Logic]

What you say is true. Active X can be disabled but how many users do
you think actually disable it or even know that it poses a threat?

The biggest threat is not ActiveX but uninformed users. I run my browser
(Avant) with ActiveX enabled and have never had a problem in many many
years.

Getting up in the morning poses a threat. The question is what's the
liklihood of something bad happening?

I am really getting tired of all the fearmongering (not just with browsers)
but in general. Crime is rampant, terrorists are going to get us, the
Internet isn't safe, a global pandemic is just around the corner, etc. etc.

Security is a process not a piece of hardware or software and regardless of
what you use there are risks associated with it. The liklihood of something
bad happening to you varies from day to day as new threats are discovered
and addressed. The only common factor is the user and the security practices
they use.

 

[Fuzzy Logic]

Could you explain that, please? Lock it down?

I never use IE, not even if I quite want to visit a site that requires
it, because every time I do, settings are changed and my whole setup is
off-kilter.

Chak

Here is a good place to start:

http://www.microsoft.com/windows/ie/using/securityandprivacy/default.mspx

 

[David]

What you say is true. Active X can be disabled but how many users do
you think actually disable it or even know that it poses a threat?

Too few.
--
David
Remove "farook" to reply
At the bottom of the application where it says
"sign here". I put "Sagittarius"
E-mail: justdas at iinet dot net dot au

 

[elaich]

The biggest threat is not ActiveX but uninformed users. I run my browser
(Avant) with ActiveX enabled and have never had a problem in many many
years.

Do you have "Install on Demand" ticked? You are aware that IE ships with
that ticked by default, right?

Go ahead and tick it if it's not, and I will give you a URL to visit that
will install a Trojan via IE without your ever knowing about it.

Every machine I work on these days is loaded with malware, all installed by
good old IE without the user ever knowing about it.

 

[Ron Lopshire]

Do you have "Install on Demand" ticked? You are aware that IE ships with
that ticked by default, right?

Go ahead and tick it if it's not, and I will give you a URL to visit that
will install a Trojan via IE without your ever knowing about it.

Every machine I work on these days is loaded with malware, all installed by
good old IE without the user ever knowing about it.

Seems that there are new Sober worm variants floating around that are capable of stealing passwords:
(http://www.kaspersky.com/news?id=174037635)
(http://www.viruslist.com/en/weblog?weblogid=174064017)

Quote:

"In this case the program can show the passwords stored by Internet Explorer and Outlook."

Gee. An IE/Outlook/ActiveX exploit? Imagine that. <g>

Ron

 

[Fuzzy Logic]

Do you have "Install on Demand" ticked? You are aware that IE ships with
that ticked by default, right?

No I don't because I don't just use software blindly. I actually look at the
options and use them as I see fit. Granted this default is stupid.

Go ahead and tick it if it's not, and I will give you a URL to visit
that will install a Trojan via IE without your ever knowing about it.

That's why you run anti-virus software and a firewall. No single line of
defense is foolproof.

Every machine I work on these days is loaded with malware, all installed
by good old IE without the user ever knowing about it.

Learn how to use the tool and it's features. I support a company with 600+
IE users and we roll out a properly locked down version of IE. The only
malware they get they installed (said yes to something they shouldn't
have...user dumb).

I regularly scan for malware and never get a thing (including cookies).
Ditto for scans for viruses.

 

[Fuzzy Logic]

Seems that there are new Sober worm variants floating around that are
capable of stealing passwords:
(http://www.kaspersky.com/news?id=174037635)
(http://www.viruslist.com/en/weblog?weblogid=174064017)

Quote:

"In this case the program can show the passwords stored by Internet
Explorer and Outlook."

Gee. An IE/Outlook/ActiveX exploit? Imagine that. <g>

Ron

Nothing to do with ActiveX. It's a program that if you run it can steal
passwords.

 

[jacaranda]

I am really getting tired of all the fearmongering (not just with
browsers) but in general.

I don't know about you, but most everyone I know has been hit by spyware,
viruses, browser hijackers and other stuff. They've had long down times
because of it. I for one don't want to take that chance. So I disable
anything in my browser that's likely to be a security risk. I only enable
them if I'm pretty sure the site is safe, and it's REQUIRED to get in. I
don't think people can be too careful about surfing the web these days.
It's a jungle out there.