|Ohh jeez, I shouln't have posted quite so quickly, after the XP/ME/98 (note it isn't an XP only bug, it affects ME and some versions of 98 there are 3 patches one for each version of Win at the MS website) I toddled over to http://www.securityfocus.com and looked at the bugtraq, there are a few, for instance bug 3699 (view a harmless sample of how it works at http://www.xs4all.nl/~jkuperus/bug.htm ) which indicates scripting can also cause problems... imo anyone running activex or js casually as the internet default is just asking for a world of hurt (heck I don't let IE have access to internet, all it's requests are through a proxy server which can audit and block websites). |
Microsoft hasn't even started to address many of the documented bugtraq problems, and there are many (some with no workarounds) ... this is really not good... almost all related to ie, outlook/outlook express or it's pathetic tcp stack.
With zone alarm, NAV, NAT (with firewall), CookieCop as a proxy server and wallwatcher to audit access with I'm still paranoid something will get lost (and yes I have SPI enabled and block fragmented packets and most tcp and udp ports). Security has become almost as much a hobby for me as playing with my I-Openers... and it doesn't give half the joy