#ifdef OFFTOPIC
On Sat, 24 Mar 2001, Dan Jenkins wrote:
>> You can solve this problem by turning on the feature of MSIE called "Check
>> for certificate revocation".
>
> No, that won't fix it. Verisign's certificate revocation mechanism doesn't
> work with Microsoft's verification, at least.
>
> In fact, the mechanism is somewhat broken and won't give any warnings in
> certain circumstances.
Arghhh! Can't Microsoft get *anything* right?!
(I know, I know, stupid question. The day Microsoft makes a product that
doesn't suck is the day they start making vacuum cleaners.)
> Until this matter is resolved, the best protection is to change Internet
> Security levels to Disable Signed ActiveX. Of course, that breaks
> Microsoft's Windows Update service among other things.
When I have to configure a Windows system, one of the things I do is
customize MSIE's security settings. In particular, I disable ActiveX
completely, and severely restrict most other things, for everything in the
"Internet" and "Local Intranet" "Security Zones". (There are bugs in MSIE
which cause it to incorrectly identify some sites as "Local Intranet" instead
of "Internet", so you can't trust that.)
For the "Untrusted Sites" (or whatever it is, the "Do Not Enter" icon), I go
in and turn everything off. (No, that is not the default -- the "Untrusted
Sites" zone is actually fairly trusting).
I then enable ActiveX and such for "Trusted Sites", and place
"windowsupdate.microsoft.com" in the list. Note that you'll have to disable
SSL (HTTPS) verification for that to work, but as we've seen, SSL verification
in MSIE is somewhat of a joke anyway.
> Really the best protection is to not use Internet Explorer (or even
> Windows). :-)
No arguments there!
#endif
--
Ben Scott <[EMAIL PROTECTED]>
| DISCLAIMER: The opinions expressed in this message are strictly those of |
| the author, and do not necessarily represent the views or policy of any |
| other person, entity or organization. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
