LinkBack URL
About LinkBacksso an IE vulnerability allowing you to execute code remotely, and a firewall vulnerability which is only affected by executed code are COMPLETELY unrelated?
so an IE vulnerability allowing you to execute code remotely, and a firewall vulnerability which is only affected by executed code are COMPLETELY unrelated?
As far as the OS and service pack are concerned, the IE security enchancements, Windows firewall, data execution prevention, etc. are distinct.
The priority for security is to protect against intrusion originating from the outside world - there is an almost limitless number of possible exploits for any system, given the user's access level, if we assume that they have to perform some action in order to affect their system.
If you can have code executed on a system through some user action (running an email attachment, running a malicious script, being told to type in a command at a CLI prompt) then potentially any application on that system is "vulnerable".
You could equally say that your MP3 collection can be rendered useless with a simple "ren [path]\*.mp3 *.omg" command, if you get the user to type it, for example.
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
so it's secure? you say on your own website that spyware can be installed into IE without any user interaction - either it's secure or it isn't.
"It"?Originally Posted by directhex
I was questioning the assertion that the firewall in SP2 is "full of holes" out of professional interest as I thought myself aware of all the known issues with the networking aspects of SP2 (so IE security is outside of my area of expertise).
Given the number of versions of IE out there, on different OSs, I don't think it is possible to make a sweeping statement about it.
Is something secure if only in its default state it is hardened? That question would likely generate opposing points of view depending on who you asked.
The principle of SP2 has been to chiefly increase the base level of security for the the majority of XP users that install it and accept the defaults, it cannot impact on the default operation of the OS too radically or it would break the majority of PCs beyond the users' ability to figure out and fix it.
(See the list of applications "affected" or "broken" by SP2 and imagine what that might be if it, say, blocked outbound traffic by default as some people have claimed it should.)
Is any OS or application "totally secure"? Nope.
Would a widespread application of XP SP2 decrease the probability of users getting hit by malware? I would say certainly.
That particular part of my site was written pre-SP2, but is not specifically XP-only so is still relevant to some - I need to review and update it, thanks
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote