how-to block ads
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to slinky_2
Re: [Kerio 2.x] Kerio 2.15 w BZ rules + Firefox
Sorry, missed that sub discussion... Yes. I'm running KMeleon, now, through Proxomitron, Kerio as my firewall, and NAT at the gateway. Nice layered approach, without going overboard. I would love to be running Tiny, for the app layer features, but it won't run on NT, and I have no reason whatsoever to upgrade the OS just to accomodate a firewall, albeit an enhanced one that's very good with these exotic exploits.
I would only add that I fully agree; the leaktests generally require the running of an untrusted app, and if it proves anything, what it proves most emphatically is that "if an app can run on your system, or you can be coerced to run it, without first having been verified in some way for trust, you're dead in the ater and all bets are off." That's a point we have to reinforce again and again in people's minds. You can have all the nifty security software on earth, but if you don't practice good general computer hygene, and good system and app configuration, you're more vulnerabnle, not less vulnerable, because you have a nice shot of false security coursing through you.
A well documented leak test is by all means a favor to the community; one we dealt with, though, was so poorly documented or explained that we ended up reverse engineering the damn thing to get a "documentable" test out of it. Turned out it was precisely what we thought it was, a DLL injection routine. Using that reverse engineered, recompiled leak test, we were able to do some great tests on Kerio and Tiny and a few other apps... but, standing alone, it was pretty much useless for anything except creating a general, abstract sense of fear, uncertainty and doubt. Perhaps that helps explain some of that latent frustration I feel when I see a few of these things ... 
In a more positive sense, I recall a firewall killer app that worked against some versions of Kerio, and it was, in fact, pretty transparent... and served to help remind us anything running on the local system can be terminated... that doesn't discredit Kerio, by the way, just keeps us on our toes, and makes a good case for that "AlwaysSecure" registry flag, if you're really paranoid, or just reminds us to be vigilant, overall...
Which, in the end, is why I feel we do need open discussion of vulnerabilities, demonstrations, and assistance tweaking our configurations and rules, overall. But we need them in the spirit of finding solutions, not in the spirit of simply exposing problems. If anything, by the way, my original post was a challenge, meant to goad more good code hacks out there to take a positive role in improving the state of security consciousness, and improving our configurations and software. Building, not tearing down. Like all things, we have to tear down before we can build... but let's never just stop at the end of the razing... that's time to start the "raising".
--
Semper Eadem
There struts Hamlet, there is Lear,That's Ophelia, that Cordelia;Yet they, should the last scene be there,The great stage curtain about to drop,If worthy their prominent part in the play,Do not break up their lines to weep. | |
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to Lilla1
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
My post is entirely general. When we test things, we do the community a favor; my greatest gripe is when the testing isn't accompanied by explanations. Or where the explanations are made in such a rhetorical style as to create the idea in people's heads that they should expect a "firewall" to contemplate any and every possible security breach. I'm really not up to date with the content of any of the test sites, right now; I run my own tests on LAN with nMap and Ethereal and a few other apps... so I certainly don't mean to call anyone specific onto the carpet, much less point any accusations at anyone in the thread. I want to make clear, too, that nobody is supposed to be flaming anyone in this forum, and that's a reminder. Civility's my cardinal rule, in here.
What I'm suggesting is that I've seen a lot of sites that purport to test security, then regard it as sufficient to place a snip like, "your firewall should/could be blocking this", without further explanation of how the word "firewall" is being used, what the test is testing, how dangerous the threat is, why it's included...
When I test firewalls to post in the forum, I tend to take a long time explaining what I did, why I did it, and what I think can be done about it. That's my major problem with the online testing process, in general.
It's a somewhat frustrating issue for me; there are quite a lot of test sites, and I apologize if I painted with a broad brush; not intended. But my frustration comes partly from a series of leaktests I tried sometime back which exploited operating system flaws, and then, as a form of "explanation", essentially were forward enough to say, "your firewall stinks... that's what this proves... why bother running it?" --- or some variation on those lines. That made me furious; anyone with enough time and skill to code the test had the time and skill to explain what they did, how it was accomplished, and what exactly the author thinks should be done about it. Trashing a perfectly useful PC firewall because it didn't block an application layer exploit isn't a reasonable or useful suggestion. And the net result was a F.U.D. outbreak.
Then, there are the sites I've run across that blame firewalls for letting in cookies, letting out headers, and all that. They don't discuss proxies, filters or configuring browsers. They just tersly blame the firewall, and the result... sigh... is Kerio 4.x. 
Again, my sincere apologies if I wasn't clear enough in stating that I was expressing a generic frustration; if you're promoting good "computer hygene", you're performing a service. I've spent a lot of time testing the firewalls I'm interested in, and I've done so solely for my own research and satisfaction, and I've shared most of my observations and suggestions in extreme detail with my fellow users, here. I find it so frustrating to see some people demonstrate the obvious skill to create the model exploit, but lacking the consideration or sense of responsibility to explain what they're doing, why and how.
I would rather, in fact, thank you most kindly for visiting our thread. You do quite evidently feel a sense of responsibility, judging from your posts, and I wish you well in your endeavors.
--
Semper Eadem
There struts Hamlet, there is Lear,That's Ophelia, that Cordelia;Yet they, should the last scene be there,The great stage curtain about to drop,If worthy their prominent part in the play,Do not break up their lines to weep. | |
slinky_2
join:2003-12-07
Baltimore, MD
| reply to Lilla1
Re: [Kerio 2.x] Kerio 2.15 w BZ rules + Firefox
good discussion here,
comments by ghost are spot on
on the other hand gkweb makes a good point that a trusted AP can act as a security hole
Lilla proves that more than half the battle is getting rid of IE.
My view re: leak tests - they are good for simulating your level of vulnerability, but are not realistic since they require downloading and running the .exe - it would be nice if someone could devise a test which acts more like the silent drive by trojans, to inform rather than destroy.
layered defense - is the best way to go
1) ditch IE in favor of alternative browser (Opera or Firefox 0.9 beta or above)
2) Use correctly configured firewall (k2.1.5 excellent choice)
3) Process control - PG or AP for Win2k & above (kernel level protection) or SSM ("user-mode" style hooking) for those unable to run either PG or AP.
SS&D 1.3 - immunization may help also. Tea timer may also help to monitor/protect the registry.
beta Prevx may be a new Ap to watch as it develops for Win2k & above:
»https://www.prevx.com/prevxenterprise/en···ures.htm | |
Lilla1
join:2002-04-22
Fall City, WA
2 edits | reply to Lilla1
I reran the leaktests at www.firewallleaktester.com/test
after I installed Firefox and added a rule to allow IE access Windows/Office Update sites only.
Kerio 2.15 w BZ ruleset + FireFox passed 6/7 tests that I ran, and the one I didn't pass doesn't count as explained below. I ran these tests... Remember with IE I failed these same tests, now I'm back and passing them with Firefox...
- copycat
- ghost
- tooleaky
- thermite
- wallbreaker
- DNStester. I failed the DNStester test. I run with DNS Client service disabled. See Ghost's comments about "DNStest", where he said this test is contacting ISP DNS, so it's not really a relevent test.
The rules I added look like this...
Rule: IE - Ms Windows/Office Update (ActiveX)
Protocol: TCP (Out)
Local ports: 1024-5000
Remote address: 207.46.134.30-207.46.249.157
Remote ports: 80-81,443
Application: iexplore.exe
Permit
Rule: Firefox - web browser
Protocol: TCP (Out)
Local ports: 1024-5000
Remote address: any
Remote ports: 80-81,443
Application: firefox.exe
Permit
I have not blocked IE to non-microsoft sites because some sites are designed for IE and don't work/look right in other browsers. If I want to access a particular site using IE (other than the Microsoft sites I defined in my rule, see above) I must click Permit when prompted by the firewall.
Also, IE Internet Zone is set to High (default is Medium); sites that require ActiveX (Windows Update, Office Update) are entered as a trusted site. This is per latest Microsoft recommended settings for IE security.
So far I have installed just two firefox extensions:
1) IE VIEW - adds "Open Link Target in IE" and "View this page in IE" to Firefox context menu.
2) Shortcut - adds "Create Shortcut" on desktop to firefox context menu
QUESTON: In Firefox settings I can enable or disable Java, but I haven't installed Java, so I'm thinking this setting should be grayed out. Is this something that's due to being a beta? Or, is Java bundled with Firefox?
Lilla
Kerio 2.15 + BZ ruleset + Firefox rules!
BZ ruleset groupie | |
ghost16825
Use security metrics
Premium
join:2003-08-26
| reply to gkweb
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
said by gkweb  :
Without offense intended, I disagree here. I have seen a lot of people having firewalls and AV and being overwhelmed by a lot of spyware coming from nowhere, and being unnoticed by the firewall, while a very simple sandboxe (Process Guard Free ?) would alert you of a single executabel trying to launch.
So I don't see that it is "surely" misleading, just a matter of point of view.
But is this due to the same "leaktest" techniques? I do not think so. But enough of this flame thread going back and forth. I will agree to disagree I guess. One thing I will give you credit for is your Windows Doors Cleaner app; that is a very, very good idea. I'm quite surprised no-one has done it sooner.
Anyhow, take care. | |
Lilla1
join:2002-04-22
Fall City, WA
| reply to Lilla1
below is Microsofts latest recommendations for using IE6. I was doing most, but not all. Now I am doing all. The item below is the one I was not doing before. I want IE6 to be as safe as possible for those times when I will use it to visit the sites that require it. For other sites I will be using Firefox.
They now recommend setting Internet Zone to High and adding sites that require ActiveX like Windows/Office Update to Trusted Sites Zone.
Increase Your Browsing and E-Mail Safety
4 Steps to Help Ward Off Hackers and Attackers
Published: October 3, 2003 | Updated: June 11, 2004»www.microsoft.com/security/incid···ngs.mspx
the article above is referenced in the article below
Microsoft - What you should know about Download_Ject: »www.microsoft.com/security/incid···ect.mspx
I do not have either of the two files they mention so I feel a bit better.
Lilla | |
Lilla1
join:2002-04-22
Fall City, WA
| reply to BlitzenZeus
Re: [Kerio 2.x] Locking down IE6, and using Firefo
said by BlitzenZeus :
Lilla, if you have not seen it yet, The Department of Homeland Security has joined CERT in saying that people should not use IE for security risks.
»Dept of Homeland Security: "Don't use IE"
I've seen it, and worse, I placed an online order at unityelectronics.com on Jun 25, it was a secure site as indicated by the lock on IE6. While I was entering my personal information including credit card information I received more than one prompt from IE that I was being directed away from the secure site, do you want to continue.
I first tried to place the order during the morning. When I received the prompt I was suspicious and quite and did not place the order.
That night, I decided I really needed to get the order placed so I returned to the site and tried again. The same thing happened with the prompts about being redirected, I decided to answered no, and see what happened. What happened was that I was not redirected, and the order processing continued in a normal manner. So I placed the order and it arrived a few days later.
I just today wrote a letter to unityelectronics.com and asked them if there site was compromised by the security alert for IE and gave them a link to an article about it.
We will see what they say.
I'm wondering if I should contact my credit card company and see if they think it would be wise to issue a new number.
I am quite concerned about this. Any thoughts?
Lilla | |
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
 ·Verizon Online DSL
| reply to Lilla1
Lilla, if you have not seen it yet, The Department of Homeland Security has joined CERT in saying that people should not use IE for security risks.
»Dept of Homeland Security: "Don't use IE"
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed. | |
Lilla1
join:2002-04-22
Fall City, WA
1 edit | reply to Lilla1
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
gkweb,
I downloaded the program on your site titled
WindowsWormsDoorsCleaner. I am using it. It provides a handy way to verify that assure secure settings are set and have not somehow become reset. Even novice users can use it so I will install it on family computers. I like the way this tool links to the Microsoft article that supports each lock down.
Thank you,
Lilla | |
Lilla1
join:2002-04-22
Fall City, WA
4 edits | reply to Lilla1
Re: [Kerio 2.x] Locking down IE6, and using Firefo
NJH, yes I am happy to be using Firefox too now. I feel like I came late to the party. Thanks for the tips, I will followup on your suggestions.
BZ, as you suggested. I will submit a suggestion to FireFox to add save as .mht (single file).
* So far all visits to Microsoft Updates page have been in the range 207.46.134.30 - 207.46.249.157,
Question: Is it OK to generalize and use 207.46.0.0-207.46.255.255
Currently I am building the address range based upon information gather from each Microsoft Update page visit, but it does get tedious, especially because I use this ruleset on two computers. So, if a generalized range (shown above) will do, I'll use it instead.
Thanks, Lilla | |
NJH
join:2004-04-23
| reply to Lilla1
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
said by Lilla1 :
BZ, interesting link, thanks.
I am posting this using Mozilla Firefox, it's v0.9.1
Initial impression is good. I'm doing OK so far. Got some learning to do though.
Lilla
Now you have a great browser, have a look at some extensions, particularly Adblock and its forum for suggestions on filters. | |
gkweb
join:2003-06-09
76800
2 edits | reply to Lilla1
Just to point out few things :
@gwion
edited : Is your post against me or is it general ?
Firstly, I seem to not be understood, I am not telling everyone that a firewall, unlike it has been said I was saying should block cookies, spam, and other related stuff, I am against this idea, and again, I have written it on my site and the sudy I have written.
So it doesn't really encourage me to continue the discussion with people who don't even read my site, but just add free critisism. I am the first in my site to say that a firewall is before all a vanilla packet filter (yes if you read it, that is exactly the term i am using...), so saying to me what i am myself saying is meant to ... ?
Then, everything else you are saying, again, I am saying it, just take a look at the "advices" page on my site.
edited : sorry if your post isn't toward me, I have difficulties to understand who is the target
@Ghost
Sorry to have misunderstood you :-/
quote:
I thought the definition of "leaktest" was something which bypassed a firewall completely, completely unseen by the firewall regardless of whether such traffic was allowed or not. Sure, if there's anything which does such a thing call it a leaktest and make sure it is publicised everywhere.
A leaktest targetting IE and passing yes by port 80 will it not be allowed and unseen ?
Anyway, you have necessarely applications on your side allowed to do a kind of traffic, and the leaktests just show
that these allowances can be hijacked, the fact it is often IE targetted is just because it is more easy to do, the leaktests aren't malwares, they are proof of concept, a real malware would be tricker of course.
quote:
(Some of the raw sockets type tests maybe). But suggesting massive security implications for everyone (as your website makes it out to be) - surely this is misleading.
Without offense intended, I disagree here. I have seen a lot of people having firewalls and AV and being overwhelmed by a lot of spyware coming from nowhere, and being unnoticed by the firewall, while a very simple sandboxe (Process Guard Free ?) would alert you of a single executabel trying to launch.
So I don't see that it is "surely" misleading, just a matter of point of view.
quote:
Most exploit implicit firewall rules and it would probably be more factual to try and describe in depth how these programs work and then let users decide how serious it is.
again, I am trying to achieve that too, I know tehre is may be a lot of things to read on my site and you didn't read everything, I can understand, but I can tell I am trying to do that too. Page "categories" and also in the pdf document.
quote:
This would be better than simply agreeing that the sky is falling and giving most of these authors kudos which they do not deserve.
About the author who may not deserve all kudos, I won't disagree because may be few didn't try anything else than to attack the firewalls, and to make advertise for themselve, but that is not fortunaly the case of all of them.
Then, where did I say the sky is falling ?
What I try to achieve, is just at least to make people aware of existing exploits which are, even if you might don't know it (not you as *you*, you as *everyone*) used for many in the wild.
Once people are aware of potential vulnerabilities, many not used many other used, then they can at least tighen up their security just by tighen up their filtering rules and their firewall settings, this is a part of my "advices" page. Then for those who want to do more, I show a way to do it.
Again, I'm sorry to be blind, but I don't see what's wrong when helping people, I just provide information, then people can be aware of, and it is not what matters most that people agree with my tests or not, at least they are aware of the potential danger, and I have achieved my goal.
No the sky isn't falling, that's not what i am trying to show, I am just trying to say that the sky is not completly blue, it's not a dreamworld where you can connect and enjoy the internet without a bare minimum security.
Believe it or not, I am not a bad guy saying bullshit, trying to make advertise, and to mislead people for some obscur dark interest or anything else... just trying to expose what is not obvious, and what even spyware that people see everyday can use to trick them, I just want to help, i'm sorry that it isn't obvious.
And while I can accept (of course !) people disagreing, it's difficult on the other hand to understand aggressive people which find the purpose of their life to attack me and to be so direspectedfull (not you Ghost!), and I must admit
this is sometimes discouraging 
regards,
gkweb. | |
Lilla1
join:2002-04-22
Fall City, WA
| reply to Lilla1
I found the answer to my question, SpywareBlaster is working on a fix to the matter of not recognizing Firefox .9, should be out soon per...
»www.wilderssecurity.com/showthre···=firefox
BZ, thanks the the tips.
I've never installed Java in IE so won't need it in FireFox either.
I don't care about themes & such. It looks just fine to me already. A clean classic look. | |
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
·Verizon FIOS
·Verizon Online DSL
1 edit | reply to Lilla1
It should be safe to leave java on all the time, that is if you even have Sun Java installed at this point. Just drop by »www.java.com if you want to install java for Firefox.
Since its still in development you could submit your suggestions in the mozilla forums I believe, or even make some add-ons yourself if you have the knowledge and time
Drop by Mozilla Update to check out the extensions, and themes you can install for Firefox. The extensions are part of the features you can install, if you want them.
»update.mozilla.org/?application=firefox
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed. | |
Lilla1
join:2002-04-22
Fall City, WA
| reply to Lilla1
BZ, interesting link, thanks.
I am posting this using Mozilla Firefox, it's v0.9.1
Initial impression is good. I'm doing OK so far. Got some learning to do though.
I disabled Java, and left JavaScript enabled, as you said.
- SpywareBlaster says Mozilla Firefox is not installed. I created a user.js profile (empty) but no change. Will have to figure out what's wrong there.
- When I save a webpage (like this one), it doesn't offer to save as .mht (single file) like IE6, I'll miss that. Having two files adds a lot of clutter. Oh well, not a biggie.
- I've adjusted my Kerio 2.15 rules in the manner you outlined.
Thanks for all the pointers,
Lilla | |
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR | reply to Lilla1
Re: [Kerio 2.x] Article: Why You Should Dump IE
Just check out this thread, this is where the article was born.
»Browser Security Issues | |
Lilla1
join:2002-04-22
Fall City, WA
1 edit | reply to Lilla1
Interesting Article by LockerGnome: Why You Should Dump IE
»tinyurl.com/2grga
He used FireFox too! And used IE in same limited way that BZ uses it.
Lilla | |
ghost16825
Use security metrics
Premium
join:2003-08-26
| reply to gkweb
Re: [Kerio 2.x] Kerio 2.15 w good rules fails 50%
Hard to believe, but my attack really wasn't intended to be on your website gkweb, but on the author of the application DNSTest and perhaps some of the other leaktest authors.
I thought the definition of "leaktest" was something which bypassed a firewall completely, completely unseen by the firewall regardless of whether such traffic was allowed or not. Sure, if there's anything which does such a thing call it a leaktest and make sure it is publicised everywhere. (Some of the raw sockets type tests maybe). But suggesting massive security implications for everyone (as your website makes it out to be) - surely this is misleading. Most exploit implicit firewall rules and it would probably be more factual to try and describe in depth how these programs work and then let users decide how serious it is. This would be better than simply agreeing that the sky is falling and giving most of these authors kudos which they do not deserve. | |
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to Lilla1
Damn! Firewalls are FIREWALLS. They should be, anyway. We don't expect our spreadsheet to open DBF files, do we??? WHY do so called "experts" try and tell us we ought to expect our "packet filter" to block cookies, for Christ's sake? Pile of crap, put bluntly. Windows mentality (make it all simple, all under one roof, no matter HOW much you have to eviscerate it doing so) carried from the sublime to the ridiculous. By the way, not jumping you, guys ... I'm jumping these Beotian IDIOTS who define a firewall as a "security suite, one shot kills all." They're frankly morons, in my eyes. They comprehend what's going on as well as I comprehend the atomic structure of my coffee. Just pour a cup and enjoy - install this and solve all your security, privacy and erectile dysfunction problems with one simple pill. Bullshit.
And yes, if the shoe fits, for those sites that keep reciting, "we see a cookie, your firewall should stop that" WEAR IT. You're boobs, guys. That's crap, and you're boobs, and what upsets me is you're propagandizing the community to believe (innocently enough) crap purveyed by boobs. A "firewall", at base, is a packet filter. And it's as much characterized by its limitations as by its capabilities. As far as I'm concerned, those sites that create "FUD" over idiotic stuff like cookies and browser headers and such are working against us. NOT with us. They're creating an expectation that's inelegant, interdependent, and highly fallible. And those who demonstrate OS and app flaws that bypass firewalls without offering any real help defeating the problem aren't "on our side;" they're jerks, and they're helping the other side with their "your firewall's worthless" bullshit. And that's exactly and all their case is... BULL... uh, you get it ...
The "win32 mystery package just click here and it does it" metaphor's the most hurtful metaphor ever circulated about computing. If I can't verify what something does and how, I call it etherware, not "phenomenal and revolutionary."
Again, not jumping anyone here... I'm jumping the idiot contingent out there who spread fear, uncertainty and doubt, and offer nothing whatsoever useful thereafter, and try and portray themselves as "contributing" to the security community... they don't contribute, they're the problem. Nothing like perpetuating ignorance to compound any problem.
Welcome to the BBR Kerio/Tiny forum... grab a candle, the good folks here hand around MATCHES later on, so you can light them. We don't give away fish, we teach fishing, here. Wet a line with us... welcome aboard...
I just had to get that off my chest... thanks for listening.
As far as those leak t6ests, there are no known in the wild exploits based on them (and they've been around at least as long as I've been at BBR), they're totally addressable by sandboxing (e.g.: Tiny, properly configured), and they for the most part demonstrate inexcusable security flaws in windows, not in our firewalls. Firewalls tend to not address that kind of stuff, because it isn't exactly supposed to be possible in a properly hardened OS... uh... as far as windows goes, I would STILL like an answer from MS as to why IE can be so easily hijacked by any app that wants it to traverse a firewall so easily??? Anyone at MS want to address this question? I call this "feature" the ultimate in moronical design. But it's still there, has been forever, has no user or admin control whatsoever, and is completely ignored by virtually everyone... It's irresponsible, idiotic and ridiculous, and the only thing MORE irresponsible is the way people gloss it over within the security community; a firewall shouldn't have to stop that sort of thing - it never should happen.
As far as DLL injection and all that, well, that's application layer sandboxing, not network layer firewalling... so the ball's back in the court of those leak testers. If they have the "MaD sKIllZ" to be doing those borderline-cracker leaktests, why don't they "like, contribute something, dudes", and devote as much time PATCHING holes in the hull as they spend POINTING at 'em and demanding someone else fix 'em... Big favor... demonstrate the holes in my OS and firewall. What I want is a FIX, not a demo, though...
... of course, we are sometimes given to believe that smug arrogance is the hallmark of some security type hackers. Guess we couldn't expect any more, then, from these dopes.
Give a man a fish and he eats for a day. Teach fishing and he eats for life.
I call on these so-called "whitehats" to prove their hats aren't really a dull grey, and start teaching some fishing, damnit. Stop telling me why they don't bite on my bait and tell me what you use... or just shut up and sit down; any jackass can kick down a barn; it takes master carpenters to build one.
--
Semper Eadem
Enjoy every sandwich... Warren Zevon | |
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
·Verizon FIOS
·Verizon Online DSL
1 edit | reply to Lilla1
Re: These leaktests aka scaretests are pure crap
Opera is not free, unless you don't mind an adbar you can easily block through Kerio. Otherwise there are open source browsers like Mozilla, and Firefox. Mozilla is a suite with a e-mail client, etc... Firefox is just a pure browser, but its considered beta if you really care. I prefer Firefox, and its been working great for me, however its a bit different so it will take a little bit to get used to from IE.
IE has always had unpatched exploits for it going around, I don't consider it safe for common use unless your willing to disable most, if not all of its features in the name of security. When you restrict too many settings you can't visit many legit websites, but with programs like Firefox you don't have to worry about all of these security exploits trying to install things behind your back so you can leave features enabled without worry. You just need IE for sites that require IE for their proprietary technologies like ActiveX(HacktiveX), and Visual Basic Scripting which are the source of most of their exploits. Basically Windows Update, Office Update, etc...
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed. | |
|
