funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 17 Jul 2008 19:22:53 -0400
The reason that companies use IE for system utilities like Windows Update, is that HTML is relatively easy way to build a user interface for these kinds of applications. It's unfortunately that Microsoft didn't provide an HTML engine for these applications which wasn't a full blown Web browser. Add/remove programs in Windows is an example of building an application using HTML, CSS, Javascript, and ActiveX controls which hasn't introduced security problems in IE. JavaScript, plugins, and file associations have their place on the Web. Without them, we wouldn't have things like Acrobat reader, Web-based email clients, Google Maps, YouTube, etc. Richard From: Jeff Kell [mailto:jeff-kell () utc edu] Sent: Thursday, July 17, 2008 7:02 PM To: Richard M. Smith Cc: funsec () linuxbox org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith wrote: So under HA, a Web browser can only show ASCII text files. After all, HTML itself is a programming language with intermingled code (ie., HTML tags) and data ("text"). Well, it's not *that* bad. HTML tags and other markup that affects the layout is fine. Tables, forms, queries, etc are all fine. That just affects what goes into the browser window. It's not the browser itself that broke things, it was Javascript, plugins, and automatically executed externals (file associations). The abomination from hell is IE, where you use your browser to *UPDATE YOUR OPERATING SYSTEM*. Jeff
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Jeff Kell (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Valdis . Kletnieks (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 18)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Blue Boar (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)