I love it - "Swiss cheese browser gains extra hole" - that made my day. Quick, someone pass this to hillary.

If you haven't already done so, it might be a good time to consider running XP as a Limited User. It only takes a few minutes to set up and it is one of the most important security precautions you can take. It's no magic bullet but it does make life an awful lot harder for the bad guys. If you need further convincing, check out:

http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx

Tux, because my daughter requested that I reinstall Linux yesterday so she could run some old Windows 95 games under Wine. Installed Linux Mint so that it could run directly off the Windows partition. So far, so good.

a security hole in IE...

Vulnerabilities in IE exploiting ActiveX? Really? Surely not?

As so many times in the past, a partial solution (as your story points out) is to use one of the many free alternatives to Internet Explorer (plus, of course, patching and hardening the hell out of WinXP).

Or, of course, a better solution is to use one of the alternatives to Windows such as a Mac or Linux.

SANS ISC has an excellent Twitter feed that got word of this flaw out at 22:48 UTC yesterday. Well worth picking up the tweet if you have responsibilities for squashing these types of bugs: http://twitter.com/sans_isc_fast

Firefox on the corporate/government network looks more and more appealing...

Good advice. Unless of course you're a Microsoft shop and have installed some of their software that requires the local user to have administrative privileges on their PC....

Been there, tried that, got my head handed to me on the proverbial platter.

Now go back to your Security Awareness class.

There are really people out there that still run ActiveX?

Oh wait, right. You disable it and disable it, and every time you update something on your system its magically reenabled again. Sorry, my bad.

This gets to be beyond the funny joke.

Mozilla must launch program to help user stop IE before it starts as part of security suite, or uninformed user will accidentally use it and have their bank stolen.

Why IE developers not prosecuted for all this?

Well said only 3 out of 500 desktops here have admin rights. I always run XP with restricted rights most apps don't require admin rights or just a minor permissions tweek to get them working. If you must then use 'runas' to run an app as an admin or login as an admin but don't browse the internet while you are.

http://secunia.com/advisories/35798

Description:

SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected

Solution: Do not browse untrusted websites or follow untrusted links. <Doooh>

Quickly, let's all move to the "secure" Firefox browser [all of the cool kids are using it}! Bwahahahaha

Pray tell what MS software *requires* Admin? Typically most software that /appears/ to require admin needs little more than relaxed permissions on a few reg keys or a folder or two.

All my users are running as User, they don't even get to be power user on their own machine. No print driver installs, no changing the screen resolution, nothing administrative. I've had to loosen a few registry and folder permissions for AutoCAD and some other software but I never had a problem with Office 97. Haven't run any Office version since then and OpenOffice needed no special tweaks at all.

In a friends office I administer the users needed local admin to run QuickBooks and that is reason enough that I tell everyone that QuickBooks is the worst designed piece of software I've ever encountered. I believe they've now addressed that in the most recent version.

> "IT depts can do whatever they want"

>

> Really? Wow. If you work in an IT department I hope to never have to work in that organisation.

FWIW, I'm a software engineer for a multinational company. Our IT is outsourced to a, well....different multinational IT group. Our developer machines are almost entirely Windows XP and user privileges are tied down pretty firmly by that IT group (i.e. even developers don't have admin rights on Windows) . Personally, I think it's a Good Thing. To a limited degree, I apply the same policies at home. It works well for me and I hope I've given others a friendly tip to enable them to be that little bit more secure.

> Now go back to your day job.

Happy to. I like my job. Do you ?

I second that. I recall getting some troublesome apps from Adobe to work that way. A good practice, though hard work, is to repackage the software for automated deployment, correct perms guaranteed that way.