On Mon, Dec 15, 2008 at 8:37 AM, Paul Hill <[email protected]> wrote:
> That's a flaw in the browser, or should I say a feature that's > misused. Exactly the same can happen on Linux. I don't believe that's true. A binary download in Linux is not executable by default. I'd suggest there are several flaws that contribute to this: ActiveX controls are unrestricted executables that run, by default, with permissions of the user. Internet Explorer, which Microsoft insists is an "integral part of the OS," will load and run ActiveX controls. Later versions of Windows have added some signing restrictions on that, but... > In both Linux and Windows if the user has restricted rights then the > malware can only do so much. True, but Windows comes out of the box unrestricted. Aunt Tilly shouldn't be an admin, by default. > Also, you can disable activex using policies etc. As I said in my previous email, a skilled practitioner can tighten up nearly every OS. But it's the out-of-the-box issue. >> That >> there are many ways to disguise ActiveX controls in browsers such that >> unsuspecting users download infectedware and run it on their machines >> is a massive flaw. > > Stupid users can use Linux too... > But they can't run ActiveX controls :) Sure, they can still activate trojan horses, but it takes them more work. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
