From: "Gary Britt" 

You can't work (at least I couldn't) without being able to save attachments
from known sources.

Gary

"Robert Comer"  wrote in message
news:453f69cb$1{at}w3.nls.net...
>> So running a browser in a VM is not a fully secured environment.
>
> It can be, but it takes some discipline on the users part.
>
> To do it right, one VM for general browsing, undo disks enabled, and close
> and delete changes, VM Additions *not* installed.
>
> One VM for secure browsing (only preset links), email - read as text only
> and disable saving attachments. You could do this on the host as long as
> you never do any general browsing and have AV software running.
>
> --
> Bob Comer
>
>
>
>
>
> "John Beamish"  wrote in message
> news:op.thy79cxqm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>> So running a browser in a VM is not a fully secured environment.
>>
>> I asked the question because Joe and Josephine Sixpack may no longer be
>> part of a botnet but they will still hand over the keys to the family
>> wealth if they use a credit card.
>>
>> On Wed, 25 Oct 2006 06:10:03 -0400, Geo  wrote:
>>
>>> "John Beamish"  wrote in message
>>> news:op.thx7ioymm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>>>> Would it be possible to visit a "poison" site
that causes a keystroke
>>>> logger (in, say, a hidden frame or some such) to trap and
transmit back
>>>> to
>>>> "home base"?
>>>
>>> Typically that's what cross site scripting exploits are. It looks like
>>> the
>>> real site but it's not, may even pass you on to the real site after you
>>> enter your login info.
>>>
>>> Geo.
>>>
>>>
>>
>
>

--- BBBS/NT v4.01 Flag-5