The Six Dumbest Ideas in Computer Security

http://www.ranum.com/security/computer_security/editorials/dumb/

Regards - Charles

 

charlesvar: An eye-opening piece, indeed. And well written, too.

I suspect that just about all of us are guilty of at least two of the Six Dumbest Things. That leaves us with the question, if we're not supposed to do any of those things, what are we supposed to do to protect our systems and how do we do it?

 

Hi Bobbo,

what are we supposed to do to protect our systems and how do we do it?
That's a toughie - and I'm still re reading this article.

One example of the way I practice default deny is with ActiveX when using IE. I've operated a long time with ActiveX disabled as a matter of course and toggling it on only when there is a specific reason and only on sites that I'm familiar with. The problem with most users is they are intimidated with "the web page loaded but with errors" message when ActiveX is disabled. Two problems there - one, not knowing why, and two, convinced to turn it on - social engineering, even though most of the time it's meaningless.

Regards - Charles

 

Hi BOBBO,

"Default deny" has arrived in IE:

Microsoft Unveils IE 7 Beta 2 Features

Regards - Charles

 

charlesvar--How do you "toggle" ActiveX on? I gave up on Internet Options|Security tab as taking too long, especially when you had to reverse the process. Now I put the site into Trusted Sites (using PowerTweaks) and take it back out when I am finished.
About a year ago there was a long thread that the Information Bar warning about Active X and the Bar's supposed 'option" to allow ActiveX to run (toggle) does in fact not work for anyone who participated in the thread. You just get referred to IE Help about using Security tab.
This is what is supposed to happen, but it seems not to
http://support.microsoft.com/default.aspx?kbid=843017&product=windowsxpsp2

 

Hi Jim,

Yeah, I agree it is a PITA.

I just simply disable every ActiveX except the one for Admin which I have as prompt which doesn't come up too much, but it does let me know what sites want to use it.

Of course if it's a flash page then I have to go thru all that nonsense. It does make you think twice about whether you want to see "dancing girls" or not. Of course, on some pages, have to use flash, otherwise you don't anywhere.

Regards - Charles

 

charlesvar--Try Power Tweaks Web Accessories so you can instantly put the site into Trusted Sites.
http://www.helpwithwindows.com/techfiles/ie-sp2-surf-safe.html
About half way down the page.
Of course you do have go into Security tab|Trusted Sites|Sites to take it back out.
P.S. A little more here about the other two Power Tweaks in the download
http://www.microsoft.com/windows/ie/previous/webaccess/default.mspx

 

Hi Jim,

Thanks for the Internet Explorer 5 Power Tweaks Web Accessory, that'll come in handy - wasn't aware of it.

Regards - Charles

 

charlesvar--You are most welcome. So seldom that I can be of help to you.