I believe the drag and drop error that works with IE and SP2 was a new
problem. I know there were more, but that was the largest one. (if you are
not familiar with it, basically a webmaster can code it so by moving the
mouse on the page, he has the ability to install anything and bypass your
firewall) And I've seen ways people can get around the "active x install
protection/download protection" that microsoft has included (a simple string
tells it you already hit yes)
I think that if you don't have to upgrade to SP2, don't. Get a real firewall
(ex: zone alarm, shorewall, or make a hardware one like smoothwall) and keep
them up to date. They specialize in security, while m$ admitted they wont be
secure until 2010 (see slashdot for more info on that)
On Monday 27 September 2004 06:14 am, you wrote:
Interesting comment. The arbitrary code exploits you mentioned, are
these unique to SP2 or does SP1 fall prey to them as well. I am not
aware of any exploits that are unique to SP2. The firewall is not
perfect I will admit, but it is a vast improvement over its
predecdessor. The current firewall is great for a home machine.
However, when you use the wizard to poke holes in the firewall, they
seem to be much larger than needed. I think a better analogy for the
firewall is a privacy fence, but when you use the wizard to open the
firewall, often you are removing several boards when a knot hole would
have worked just as well.
Denny
---------------------------------------------------------------------------
---------------------------------------------------------------------------
