|
Posted by Sebastian Gottschalk on February 5, 2007, 4:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
warf wrote:
> "it is safe and contains no uninvited actions?
This holds at least for the recent version I downloaded. Well, why don't
you read the source to actually see what it's doing?
>> And I can't wait for an RFC for "remote-stabbing over TCP/IP"...
>
> I just realized; if we all had to sit on wet seats holding a wire
> connected to line voltage and an ethernet enabled switched so that any
> malicious code or commands sent
> from your computer would shock the shit out of the sender ...
> Remote Stabbing is pretty funny though...unless your loopback adapter
> misdirects the command->home.
That brings an entirely new application to Power-over-Ethernet. :-D
>> Are you talking about Windows Automatic Updates or the Windows Update
>> website?
>
> You make a good point...I was unaware that they are now different.
> Before [goodol'days] I could manually download every security upate and
> servicepack from MS.com but now...they send you a bit of Cop-code that
> fails to run unless ALL defences are down [hence,the allusion to pants down]
Now you're getting even more confusing. Every update can be downloaded from
https://downloads.microsoft.com as well, with any webbrowser. Windows
Update is an IE-only "website" that checks your installed updates against a
database and offers the missing ones, either for download-install-throwaway
or permanent download. And Windows Automatic Updates does the same, just
fully automatically and without IE involved.
>>> I'm just making a point; I dislike all the tracking of everything I
>>> type,save,see,use,start,stop,plugin etc,
>>
>> Even if this is just supposed to assist you?
>
> I would have considered the original intent of cookies to be patently
> 'assistive'... but those days are long gone.
So, now they're just useless and still not tracking. Wait, they're not
useless, since you can intentionally allow to save credentials.
> A the third of two points, trust has been broken so all websites are
> duly bound to establish trust...And since I decide when to trust, I need
> to be highly convinced.
Cookies don't have anything to do with trust.
> Speaking of convincing, Are you sure the script from ntsvcfg is benign
> in addition to being useful?
Yes. I read the code and understood it.
>>> Scripted cookies are certainly capable of doing maliscious things,
>>
>> So? What specifically?
>
> reset browser features and security levels for one.
Impossible for cookies and/or scripts.
> Grab whatever data the browser is designed [or inadvertently designed to]
> hand over or allow.
Which aren't identifying data. Anyway, you can limit this behaviour if you
don't like it.
> (WGA validation tool)
> [or did it,was it "assisting me" in some other unstatedway"???
Was is the GenuineCheck.exe or WGAPluginInstall.exe?
> BUT, auto updates bypass all security and permissions as
> long as the required services are running. So...who owns my computer?
In case of doubt: Microsoft ;-D
> Why are you so averse to ZA?
Because it's totally broken? It's just the users who have a problem with
accepting that fact, and usually just after they finally uninstalled it
they're going to believe that it's actually totally broken.
> of all the commercial FWs it at least
> allowed me a modicum of insight into what passes twixt my puty and the
> wire.
So does Ethereal. Without installing any crap.
> Were it not for that I [most non-experts] would have no idea of
> how much undisclosed persons want our data and how much mischief is on
> the superhiway.
I rather prefer making sure that no such data transfer happens in first
place. Anything else wouldn't work anyway.
>> What about using Windows' security features? Now this allows you to define
>> security domains and, in contrast to the addon nonsense, can actually
>> enforce this policy.
>
> BINGO! That is what I really really wanted to learn from you...how do I
> shut down non-essential services in W2k [or XP]
See the script.
> and change permissions to harden
Trivial: create a "Restricted User" account.
> and control what leaves and enters my computer?
You can't. For the simple reason that malicious programs can communicate
with legitimate programs.
| 
XML site map