Michael J Kingston wrote:

> In message <ip0Ah.720$tD2.326@newsread1.news.pas.earthlink.ne t>, Ron
> Lopshire <notron@ovbl.org> writes
>
>>louise wrote:
>>
>>>default wrote:
>>>
>>>>Its a jungle out there
>>>
>>>I usually use FF with noscript - but, more frequently than
>>>I would wish, FF can't render a page properly and I open
>>>that page in IE using the add-on IE view lite. Perhaps this
>>>is how double click makes it's way onto my system with such
>>>regularity.
>>>
>>>But I can't stop using IE - what's the next best alternative?
>>
>>1) I use IE for Microsoft Updates only, locked down the rest of the month.
>>
>>2) I use Firefox as my default browser, everything locked down. Always.
>
> Locked down??? I've not been following this thread. Please explain the
> term.

Locked down browser/client -> ActiveX, Java, Javascript, cookies,
popups, plugins - especially Flash & WMP, iFrames - I am finding this
to be necessary more and more -> all disabled.

Here is how Eric Howes described it when he developed Enough is
Enough! to lock down IE6/IE6.

http://www.spywarewarrior.com/uiuc/resource6.htm

I still use Enough is Enough! for IE6 the second Tuesday of each month
after I visit Microsoft Updates. If and when I ever get IE7 installed
on my WinXP box, I will modify Eric's batch file to lock down IE7.
Unlike other browsers, IE (trident engine) is embedded in the OS.
Whether the GUI is launched or not, it needs to be locked down when
not being used.

As I said, I use Opera (much more stable and secure than the Mozilla
browsers) for trusted sites only -> Javascript and first-party cookies
enabled.

I agree with Marcus Ranum. Most of the insanity of using a Windows box
has to do with default permit (Bill Gates calls this /intuitive/). I
too find that default deny is a much better policy. Show me that you
are trustworthy and responsible, and I will let your site use
Javascript and some cookies on my Windows box.

http://www.ranum.com/security/comput...itorials/dumb/

http://www.ranum.com/security/comput...rus/index.html

And you damned well better have an overwhelming interest in not doing
_anything_ careless or stupid if you are even thinking about asking me
to run your ActiveX or Java controls on my system with a server-side
call. A financial institution or vendor of security products /might/
be such an entity.

And even then, probably not. As much as I hate ActiveX, I am really
beginning to think that Java/JRE is worse. I cannot imagine a scenario
where a company could generate as many screw-ups as much as Sun. Now
that Sun has won their lawsuit against MS, perhaps they again have
enough resources to do things like TESTING THEIR GARBAGE JRE before
releasing it on the public.

http://secunia.com/search/?search=java

As always, just my 0.02. YMMV.

Ron