Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: IE is just as safe as FireFox
From: Raoul Nakhmanson-Kulish <raoul () elforsoft com>
Date: Fri, 19 Nov 2004 13:01:23 +0300

Hello, Esmond!

Offline folders work as well as roaming profiles do : nice fast networks
and low overhead/beefy servers work well, odd things happen if you have
impatient users with laptops, wireless etc. Sometimes its simply easier
to have a scheduled task sync files to a local folder. This will also
address the central-server-share-Firefox I/O bottleneck you will see
with medium size offices.
Agreed, in large or slow networks this would be a better solution.

You will lose the turnkey application security
the original poster sought.
I don't guess this to be a problem. If user haven't an administrative rights, he/she couldn't edit a FF files copied from server. Anyway, we are solving a problem of fool-tolerant network in this topic, not about internal wrongdoers, is it? ;)

In IE, you can combat this using a configuration script in place of the
proxy server (and preferredly in a public location) and outside of GP.
Mozilla/Firefox understands autoconfig scripts too.

The script hardcodes the proxy based on certain criteria (e.g. if local
ip is your corporate addressing - use internal proxy otherwise use
Autoconfig script may enumerate hosts which don't require a proxy. Usually there are a very few intranet servers in corporate network.

More, I consider IE feature to ignore proxy for LAN hosts may be dangerous. Imagine a worm which spreads by this algorithm: it launches HTTP service on victim host, lures user at another PC to open URL pointing to victim, then launches on target PC. The fact as previosly affected host is situated in Local intranet zone, significantly facilitates worm spreading.

Proxy servers are increasingly used to clean/protect IE users.
This is irrelevant of browser's vendor. Good proxy always is the best addition to a good browser :)

Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]