10 for windows, 10 for all flavours of unix. http://www.sans.org/top20/

Attached Link: http://bcheck.scanit.be/bcheck/

~ROTFLMAO~ that tester just throws an error for me. the script don't exist on the server. guess you have to have an insecure browser for it to test. no 3rd party cookies, no clientside scripting, no plugins. no risks of infestation. ( on linux so even more secure )

I use Firefox 1.0 and I tested out with 0 errors. :)

Message edited on: 01/05/2005 21:56

mozilla here and can't get tested. throws: Not Found The requested URL /bcheck/sid-950126f6cdbd15bab145685006ef33a0cript.php was not found on this server.

Hmmmm..Try your IE and see if you can get in there. Testing for IE is something else and it would serve you to see what problems it has.

what ie? I'm on linux. no ie.

Oh...oh yeah! LOL!!

~lmao~ besides I would never have that malware on a computer I own. ( or any other software issued by or for ms )

I don't like having an MS system either, but at this point I don't have much of a choice. I'm just happy as a bug snuggled in a rug that I can use FireFox. :)

The Browser Security Test is finished. Please find the results below: High Risk Vulnerabilities 0 Medium Risk Vulnerabilities 0 Low Risk Vulnerabilities 0

Just what I expected. :-) Firefox 1.0, fully updated Windows with custom security settings (turning off certain features, etc.), personal firewall. bonni

B.I.N.G.O Bonni! :)

My security is down... tsk I just bought a "Home-made" computer from my friend, but it's equipt with such new technology that Service Pack 2 makes it crash. I'm hoping that the anti-spyware/firewall stuff that he's installed is up to par with the computer itself, but I have a fealing that it's all freeware from what I have seen.

High Risk Vulnerabilities 0 Medium Risk Vulnerabilities 0 Low Risk Vulnerabilities 0 Love my Firefox :)

well, since mozilla is firefox. and I turned off anything that could remotely cause seciruty risk, I know I wouls get same results...or better if it will show negatives. ~wink~

#1 security eisk = stupid computer users

hey bone,
what's an eisk?

Windows WINS Service Buffer Overflow

Description: Exploit code has been publicly posted for the buffer
overflow in the Windows WINS service that has been discussed in the
Microsoft security bulletin MS04-045. Note that this overflow can be
leveraged to execute arbitrary code with 'SYSTEM' privileges. Any domain
controllers running WINS should be patched immediately.

Council Site Actions: Most of the reporting council sites are running
the affected software and have already patched their systems or are in
the process of patching their systems.

References:
Exploit Code
http://www.securiteam.com/exploits/5EP020KEKW.html Windows NetDDE Service Buffer Overflow Description: Exploit code has been publicly posted for the buffer overflow vulnerability in the Windows NetDDE service that has been discussed in the Microsoft Security Bulletin MS04-031. The service is not enabled by default. However, if this service is being used, ensure that the systems are properly patched. Note that the overflow can be leveraged to execute arbitrary code with 'SYSTEM' privileges. Council Site Actions: Most of the reporting council sites are running the affected software and have already patched their systems or are in the process of patching their systems. References: Exploit Code http://www.securiteam.com/exploits/5FP030KEKS.html Previous @RISK Newsletter Posting (Item #4) http://www.sans.org/newsletters/risk/vol3_41.php 05.1.5 CVE: Not Available Platform: Other Microsoft Products Title: Internet Explorer FTP Client Directory Traversal Description: Microsoft Internet Explorer FTP client allows users to transfer files. The client is vulnerable to a directory traversal vulnerability due to a failure of the application to sanitize user-supplied input. A remote attacker could place files in an arbitrary location without the user's knowledge or consent. Microsoft Internet Explorer 6.0 and 6.0 SP1 are reported to be vulnerable. Ref: http://www.7a69ezine.org/node/view/176 05.1.7 CVE: Not Available Platform: Third Party Windows Apps Title: Mozilla/Firefox File Download Dialog Spoofing Vulnerability Description: Mozilla and Firefox are vulnerable to an issue that may permit a malicious web page to spoof the source of a download. Mozilla versions 1.7.x and Firefox versions 1.x are reported to be vulnerable. No solution available, but the vendor states a fix will be included in the next release. Ref: http://secunia.com/secunia_research/2004-15/advisory/

Message edited on: 01/08/2005 08:38

Now, what are you using to figure your security status? I've been using the Microsoft Baseline Security Analyzer, and it ALWAYS tells me that I'm missing SP2. I could load any browser.

A good antivirus package like Nortons helps. A firewall is good too. A lot of people like Zonealarm. I don't. I use Sygate. http://www.sygate.com/ They have a free firewall I find works very effectively and runs unobtrusively. One thing I do above all. Turn of the windows messenger. That puppy keeps a port open and it's so easy to hack into it. You can get a nice little freeware program that does this at http://grc.com/stm/ShootTheMessenger.htm Why messenger? It's a pipeline for spyware, which may be the most insidious new hacking tool around. As far as service packs, well, I downlaod a few of the security updates, but the service packs are 100s of megs each. Come on, I'm on dial-up, what was microsoft thinking with downloads that big? I don't even download MP3s, let alone something that huge. Just because a program like anti spyware of a firewall is free doesn't mean it's not good. As far as firewalls, personal users don't have the advanced needs that business users with multiple computers face, so a freeware firewall, from a good company, suffices quite well. As far as spyware, well, eliminate windows messenger and you cut that down considerably. As for the rest of it, I'm not sure any program, freeware of not is able to keep up with it all that well.

If you are using Nortons...and using it's firewall along with FireFox browser. You must tell Norton to allow FF access. Otherwise you won't be able to connect.

French Toast,
and if you look at reports from independant sources, majority of risks are ms based.

so never trust microsoft to tell you the truth.
they will lie through their teeth to keep your money coming in.

after all money is god.

ya lost respect by saying you use microsoft security advisor.

Just because a program like anti spyware of a firewall is free doesn't mean it's not good. No, but it's useless if the user doesn't know what it does or how it works. Imagine you have the best firewall in the world, but somehow get a trojan on your computer (friend's CD?). How, do you think, would your firewall tell you that this trojan is trying to access the internet? a) "Hi, here's the very bad big Trojan IWILLCRACKYOU and it's trying to access the internet. Would you like to allow that?" OR rather b) "Hi, this is the Internet Explorer / Windows Update / any-internet-requiring-useful-software-on-your-computer, and it would like to access the internet. Would you like to allow that?" and, if b) would pop up from your firewall - would you allow it? A virus scanner is nice. But remember that if you 'just' update it once a day with new virus definitions, a cracker still has at least 24 hours in between to create a virus / worm / backdoor / trojan which your virus scanner won't detect. And I'm speaking of updating it every single day, plus the aforementioned virus / worm / backdoor / trojan would have to be recognized by the virus scanner programmers within that time, so that they are able to write a virus definition - which is often not the case. So - to make it short: If you have no idea of the internet and its risks, and if you have no idea how to avoid them, then, by all means, stay off the internet. However, if you know what you're doing, if you know that you must not click on and download everything that doesn't jump away fast enough, then you don't need either a virus scanner or a firewall. I've been on the net since 1995, up to twenty-four hours per day, and in all that time, I have caught one virus - through a friend's CD ("100% virus free!" - Haha!). And I neither have a firewall nor a virus scanner. BTW, Bones: SOOOO glad to read something from you again!

I'm pretty darn glad to be back myself, thanks to the help of a lot of friends.

Well, what I was wondering is which program people are using to assess thier security rating.

check the link in post 2