[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] IE is just as safe as FireFox

To: Esmond <Esmond_Kane@xxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] IE is just as safe as FireFox
From: Raoul Nakhmanson-Kulish <raoul@xxxxxxxxxxxxx>
Date: Fri, 19 Nov 2004 13:01:23 +0300

Hello, Esmond!

Offline folders work as well as roaming profiles do : nice fast networks
and low overhead/beefy servers work well, odd things happen if you have
impatient users with laptops, wireless etc. Sometimes its simply easier
to have a scheduled task sync files to a local folder. This will also
address the central-server-share-Firefox I/O bottleneck you will see
with medium size offices.

Agreed, in large or slow networks this would be a better solution.

You will lose the turnkey application security the original poster sought.

I don't guess this to be a problem. If user haven't an administrative rights, he/she couldn't edit a FF files copied from server. Anyway, we are solving a problem of fool-tolerant network in this topic, not about internal wrongdoers, is it? ;)

In IE, you can combat this using a configuration script in place of the
proxy server (and preferredly in a public location) and outside of GP.

Mozilla/Firefox understands autoconfig scripts too.

The script hardcodes the proxy based on certain criteria (e.g. if local
ip is your corporate addressing - use internal proxy otherwise use
none).

Autoconfig script may enumerate hosts which don't require a proxy. Usually there are a very few intranet servers in corporate network.

More, I consider IE feature to ignore proxy for LAN hosts may be dangerous. Imagine a worm which spreads by this algorithm: it launches HTTP service on victim host, lures user at another PC to open URL pointing to victim, then launches on target PC. The fact as previosly affected host is situated in Local intranet zone, significantly facilitates worm spreading.

Proxy servers are increasingly used to clean/protect IE users.

This is irrelevant of browser's vendor. Good proxy always is the best addition to a good browser :)

--
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] IE is just as safe as FireFox
  - From: joe

References:
- RE: [Full-Disclosure] IE is just as safe as FireFox
  - From: Stuart Fox (DSL AK)
- [Full-Disclosure] IE is just as safe as FireFox
  - From: Raoul Nakhmanson-Kulish
- Re: [Full-Disclosure] IE is just as safe as FireFox
  - From: Raoul Nakhmanson-Kulish

Prev by Date: [Full-Disclosure] Re: [Full-Dev-Server] Time Expiry Alogorithm??
Next by Date: Re: [Full-Disclosure] Time Expiry Alogorithm??
Previous by thread: Re: [Full-Disclosure] IE is just as safe as FireFox
Next by thread: RE: [Full-Disclosure] IE is just as safe as FireFox
Index(es):
- Date
- Thread