Accessing inernet when you are logged on as administrator is like inviting AIDS (sorry, this sounds drastic but it is :) ). At home where I dont have too much security, I always log on as a common low-privilege user. while on internet. Using Mozilla is always wise. I can not believe that there is still no way to remove IE from Windows!!!! The worst nightmare is some casino site that attaches to IE like a leech! I even called those folks one day and they refuse to own up to anything! __________________________________________ Ranga Nathan / CSG Systems Programmer - Specialist; Technical Services; BAX Global Inc. Irvine-California Tel: 714-442-7591 Fax: 714-442-2840
Bob Rogers <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/21/2005 07:03 PM To Ben Tilly <[EMAIL PROTECTED]> cc [email protected], Ranga Nathan <[EMAIL PROTECTED]> Subject Re: [Boston.pm] [getting OT] Controlling Windows with Perl? From: Ben Tilly <[EMAIL PROTECTED]> Date: Mon, 21 Mar 2005 18:21:38 -0800 And now that there is serious venture capital behind adware, some of the more difficult security exploits are getting hit hard. For instance I've heard that that internal Windows messages have *no* security infrastructure. Any application can send a message to any other application and there is no way for the recipient to figure out who the message is really from. (To exploit you have to send the right message to the right application when it is expecting to see a message that can be confused with yours.) That is correct. It is apparently easy to subvert apps such as antivirus that run as Administrator via their GUI, if they are foolish enough to present a GUI on a less-privileged desktop. But if you're using IE as your trojan horse, and you already have enough control over it to send messages to other app windows, then you have full access to the privs of the IE user, so why bother? Odds are it's a home system, and you won't even have to get Administrator privs in order to install adware, spyware, etc. A friend who supports a lot of small businesses is predicting that by the end of this year, Windows will essentially be unusable on the Internet. This seems extreme to me, but I don't keep track of these things, he does, and he has pretty good insight into the industry. It seems extreme to me, too, even if we were just talking about home systems. If I understand correctly, this window message thing is a fundamental design flaw in the older Windows APIs, but there is current technology that addresses the problem. Unfortunately, it is less convenient for users, so the trick will be to get vendors to switch to using it. But if it threatens to hit MS in their pocketbook, it will happen. But then, I do my best to ignore Windows, and have been largely successful at it, so I'm hardly an expert. -- Bob Rogers http://rgrjr.dyndns.org/ _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
