lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040116135355.GF28921@dontpanic.ulm.ccc.de>
Date: Fri, 16 Jan 2004 14:53:55 +0100
From: vb@...tpanic.ulm.ccc.de
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Re: January 15 is Personal Firewall Day, he lp the cause


On Thu, Jan 15, 2004 at 03:47:40PM -0500, Justin Bajko wrote:
> I'll not get into the endless banter that will certainly ensue when I tell
> you that, in many circumstances, people don't have a choice in the products
> they use.

But also with Windows-Products there is a better choice:

http://www.ntsvcfg.de/ntsvcfg_us.html

shows how to disable the services in Windows which offer the security
holes. 

No services, no security holes, no "Personal Firewall" needed.

http://www.mozilla.org/products/firebird/
http://www.mozilla.org/products/thunderbird/

are two software programs which do not have the conceptional security
flaws of Internet Explorer and Outlook Express, but these are as easy as
those to use. And there are versions of those in many languages for
those of us - like me - who don't have English as their first language
;-)

For solving the problem that not everybody is able to install programs
on her/his Windows box, Firebird and Thunderbird need not to be 
installed at all - just copy a folder on the desktop and start the
program in this folder.

A fair user tells her/his system administrators what she/he is doing,
so they can think about a company wide solution.

With these quick steps, a solution without any costs but network
access, Windows can be much more secure.

Sorry: shame on Microsoft for that!

> What I WILL say, however, is that to Microsoft's credit, Outlook 2003 is
> drastically improved over its predecessors. Outlook 2003 will no longer
> automatically download pictures that are in an HTML e-mail, nor will it
> automatically execute any embedded code or link itself to outside websites
> that are linked in an e-mail.
> They (MS) have a long way to go, but they're certainly climbing the
> mountain.

As long as Microsoft initiates "Personal-Firewall-Days", I doubt in that.

HTH,
VB.
-- 
Volker Birk, Postfach 1540, 88334 Bad Waldsee, Germany
Phone +49 (7524) 912142, Fax +49 (7524) 996807, dingens@...ens.org
http://fdik.org, Deutsches IRCNet fdik!~c_vbirk@...a.rz.uni-ulm.de
PGP-Key: http://www.x-pie.de/vb.asc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ