Current alerts
I find the box to the right pretty cute, actually, and since I want to have
it in a place I can easily find myself, I put it up here. The information, of
course, is picked up by your browser directly from Symantec, using java scripts
embedded in this page. My server is doing nothing for it.
Tip: drop IE
The main tip right now is: dump Internet Explorer! Try FireFox or Mozilla, instead.
For just a little hassle getting used to something else, you'll shed a trainload
of security problems. See my links page for a link to FireFox. I must admit I find
it difficult to change, IE is just to easy to use and renders pages so nicely, but
it is so abominably bad for security that I finally decided to change. Of course,
some things still require IE, like Windows Update, but you shouldn't use it for
all the other daily tasks that can be done with other browsers.
CERT issued a statement that says: "There are a number of significant vulnerabilities
in technologies relating to the IE domain/zone security model, the DHTML object model,
MIME type determination, and ActiveX. It is possible to reduce exposure to these
vulnerabilities by using a different web browser, especially when browsing untrusted sites."
Read about it in
The Register, for instance. And go on reading about it in
another article
in The Register. One particular sentence from the latter article bears drilling into many a sanguine user's head:
"And users sitting behind a corporate firewall with AV running client-side would have fared no better."
In other words, now try to get this straight: neither a firewall, be it corporate or desktop, or an antivirus utility protects you
at all against this and many other vulnerabilities. Experience shows it's very hard to get this message across.
While you're at it: drop Outlook / Outlook Express, too
I've been running Thunderbird 0.8 for a while now and it perfectly replaces Outlook. It looks quite a bit
like Outlook Express, but without the warts. The major advantages: not subject to all the security problems
of the two Outlookers and it also has a trainable spam filter built-in. Disadvantages: it didn't bring over attachments
when importing my folders from Outlook, so I have to keep the old folders and Outlook just in case. Also, Outlook
has a nice feature that lets you keep most used folders in a separate window, and Thunderbird misses this feature.
I can't say all that much about the spam filter, since I don't get much spam to test it on. The reason is that my
hosting company runs graylisting software that works surprisingly well.
IBM with XP - watch out!
A really weird and surprising thing about the default installation of XP on IBM machines, including
desktops and ThinkPads, that is worth knowing. There is a hidden admin account on these machines that doesn't
have a password set. (This is also possible on other standard XP setups from other vendors, it seems.) Read about it
on securityfocus and shudder.
|
|
