General discussion

Locked

IE 5.5 Security Settings

By daniel ·
A vendor has requested the following changes to be made to each of our Win2K Professional clients in order to run their software correctly:

- Use PCT 1.0
- Enable Microsoft VM & Java Console through Internet Options / Advanced

We have run allthe latest Microsoft Patches including Win2K SP2, SRP1, IE 5.5 SP2, May15 cumulative IE55 patch, March 02 java patch, Win2kvbs, high encryption pack Win2k IE55, etc.

Can any of the requested changes to Internet Explorer 5.5 pose any security risks or any other issues of concern?

Thanks,
Dan

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

IE 5.5 Security Settings

by Alpha-Male In reply to IE 5.5 Security Settings

While this is a very non-specific answer, historically the MS Virtual Machine and Java Console has been the source of MANY security issues and exploits. Enabling them (even patched) will undoubtedly make you more vulnerable. It adds functionality, its true...but that functionality can be exploited. If you *need* them, then add them, but keep your eyes on www.cert.org and www.incidents.org!

Good Luck!

Collapse -

IE 5.5 Security Settings

by daniel In reply to IE 5.5 Security Settings

Poster rated this answer

Collapse -

IE 5.5 Security Settings

by Joseph Moore In reply to IE 5.5 Security Settings

I remember that there have been IE security alerts issued due to the Microsoft virtual machine. The latest IE rollup pack that came out last week had at least one patch for VM in it.
So if you install VM and the Java Console like the vendor has asked you to do, then you will have to re-patch IE on all of your workstations.
If the vendor is asking you to install the Java Console for IE, is that just so IE can support Java? If so, then why not just run Netscape? It supports Java with no extra plug-ins required.
Personally, I use IE for my normal web browsing, but I also have a Tivoli Storage Manager server onsite with a web interface that is Java-enabled; I use Netscape to connect to Tivoli's web server to manage the server.
Sure, that means I have 2 browsers installed on my workstation. Big deal! I just associate IE as my default browser, and I only use Netscape for connecting to the Tivoli web server.

So, IMHO, put the IE add-ins on only if you can't get around the Java abilities using Netscape. But if you do run VM for IE, then keep up on your patches and Microsoft security updates.

Collapse -

IE 5.5 Security Settings

by daniel In reply to IE 5.5 Security Settings

Poster rated this answer

Collapse -

IE 5.5 Security Settings

by daniel In reply to IE 5.5 Security Settings

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums