[LINK] Re: Windows XP versus Vista
Bernard Robertson-Dunn
brd at iimetro.com.au
Mon Jan 28 17:09:00 AEDT 2008
Rick Welykochy wrote:
> Bernard Robertson-Dunn wrote:
>
>> Rick Welykochy wrote:
>>
>>> The link to the exploit demonstration page is here:
>>>
>>> http://www.greymagic.com/security/advisories/gm001-ie/
>>>
>>> I don't run Winders so I cannot test this. You may wish to try and
>>> let the list know. The writeup mentions that it does work with
>>> IE 5.5 on Win98.
>>
>>
>> IE 7 on Vista with AVG antivirus - nothing happens.
>> NS 7.1 on Vista with AVG antivirus - nothing happens.
>>
>> IE 6 on WinXP with Symantic antivirus, the antivirus picks it up.
>> NS 7.1 on WinXP with Symantic antivirus - nothing happens.
>>
>> IE 6 on Win98 with AVG antivirus - nothing happens.
>>
>> IE 5 on Win98 with Norton Antivirus v 5.0 - nothing happens.
>>
>> and, just for fun...
>> Firefox 2.0 on Ubuntu 7.10 no antivirus - nothing happens.
>
>
> Out of curiosity, have you changed any of the default preferences
> in IE?
>
> Perhaps MS has wized up and disabled activex by default?!
Probably, I can't remember exactly. Although I don't go overboard with
locking down my machines. For example, the my IE5/Win98 will run ActiveX
but only after prompting, which it didn't in the test.
In the case of IE7/Vista, I've got it set at default for Medium High
Security, so it prompts before it downloads ActiveX, which it didn't in
the test.
There are 10 different settings for ActiveX on IE7/Vista some of which
are turned on by default eg "Run ActiveX controls and plug ins" - set at
Enable and some set to prompt eg "Download Signed ActiveX Controls"
I think it would be untrue to say that MS has disabled ActiveX by
default, they have made users a bit more aware of some of the settings.
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au
More information about the Link
mailing list