Keystroke loggers must send Microsoft back to firewall drawing board

TalkBack 12 of 46:: Next »; « Previous

Thread View
Flat View

browser vendor may not matter: I'm not sure the browser vendor matters as much as it used to.

You touched on this in your article: outbound firewall protection only works if you are diligent about keeping track of the programs you allow to get out. Yet nearly everyone will necessarily have to let their browser make outbound connections to the world. Most people will think, "if I'm clicking on it, I'll be able to tell if it's causing a problem." Or they'll admit that they can't tell for sure, but need the flexibility.

Which leaves your system with a hole a virus can drive a truck through: All it needs to do is the runtime equivalent of "start C:\temp\sendtomykeyloggersite.html", and the user's default browser will dutifully fire up and connect to the site. I haven't thought the details through but it's probably pretty easy to suppress the browser window.

Of course, if the default browser is Internet Explorer, the possibilities are limitless thanks to access to VBscript, but even Javascript in Mozilla can do a lot of damage.

So I don't think outbound firewall protection will help much. Inbound protection will protect against worms. Strong anti-virus protection and common sense will help for email-borne viruses, and here I _would_ recommend a non-MS product that is less prone to automatic execution of attachments.

I think what I'd like most is a fool-proof way to restrict any new application from launching without user confirmation.; Posted by: GDF Posted on: 07/02/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Have you tried Netscape waicri@... | 07/02/04

Exactly llamee | 07/02/04

Do you run the latest version? AxleMunshine | 07/02/04

Have you tried Netscape mystic100 | 07/02/04

Netscape has had more than it's fair share of problems balsover | 07/02/04

Netscape 7.1 is OK but Bill4 | 07/03/04

MS and keystroke Loggers amaughan | 07/02/04

So how did you know you were Jacked ? stephensfam | 07/02/04

Alternate Browsers don.chambers@... | 07/02/04

Never Happen. jmervyn | 07/02/04

No Outbound Block sad

& Firefox 0.9 happy

tbbrickster_z | 07/02/04

browser vendor may not matter GDF | 07/02/04

Microsoft should improve application security alan maughan | 07/05/04

Point of Order - outgoing connections & startup control jpivonka@... | 07/06/04

The solution is so easy and enjoyable... MTMacPhee | 07/02/04

but _NOT_ on your wallet! riff7raff | 07/02/04

$2000 is too much? Wings_z | 07/02/04

Those aren't all the costs home_user | 07/02/04

As wings says, get an eMac MTMacPhee | 07/02/04

The cost of changing to a Mac is more than just the list price balsover | 07/02/04

I'm da man! MTMacPhee | 07/02/04

re: da man home_user | 07/02/04

They don't? MTMacPhee | 07/02/04

Linux & Mozilla a safe haven for now.. riff7raff | 07/02/04

Linux & Mozilla a safe haven for now but... dave_anderson99 | 07/02/04

May be u r not old enough laci2126 | 07/04/04

...for now but they will always be safer than any M$ product ... indigo_z | 07/05/04

Keystroke Loggers, etc, ad nauseum Wings_z | 07/02/04

Palladium PB_z | 07/02/04

Irresponsible journalism bullwinkle_z | 07/02/04

Nonsense! jpivonka@... | 07/06/04

Why outbound filtering is a waste of time JohnJ_z | 07/09/04

You're still wasting you're time. Irritated User | 07/02/04

Dave, you are the one that needs a realilty check balsover | 07/02/04

Using "something called a port"? Really! jpivonka@... | 07/06/04

I Agree chapgen | 07/02/04

Too Late!!! Andre Velloso | 07/03/04

Is it, or is it not? The true fate of the ICF's outbound connection control jpivonka@... | 07/06/04

Not JohnJ_z | 07/09/04

Outbound blocking? BAD idea. syrynxx | 07/06/04

Outbound blocking is a good idea, and easily managed too jpivonka@... | 07/06/04

Outbound blocking -- irrelevant idea JohnJ_z | 07/09/04

Properly configure your IE browser! AlmostBandwidth | 07/06/04

microsoft wish spam@... | 07/08/04

For ANDRE Fabulous | 04/19/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Open Standards Technologies Provide the Ingredients for Delivering Security Across the Papa Gino's Enterprise Dell Papa Gino's Holdings Corporation founded by the entrepreneur operates one ... Download Now
The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
Smart People The best and worst moves in the management and strategy trenches. Learn More

Read the original story

Keystroke loggers must send Microsoft back to firewall drawing board

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads