From: "Robert Comer" 

> You can't work (at least I couldn't) without being able to save
> attachments from known sources.

Then you have to accept that you're vulnerable.   (I agree btw -- there's no
magic bullet.)

--
Bob Comer


"Gary Britt"  wrote in message
news:453f7a7d{at}w3.nls.net...
> You can't work (at least I couldn't) without being able to save
> attachments from known sources.
>
> Gary
>
> "Robert Comer"  wrote in message
> news:453f69cb$1{at}w3.nls.net...
>>> So running a browser in a VM is not a fully secured environment.
>>
>> It can be, but it takes some discipline on the users part.
>>
>> To do it right, one VM for general browsing, undo disks enabled, and
>> close and delete changes, VM Additions *not* installed.
>>
>> One VM for secure browsing (only preset links), email - read as text only
>> and disable saving attachments. You could do this on the host as long as
>> you never do any general browsing and have AV software running.
>>
>> --
>> Bob Comer
>>
>>
>>
>>
>>
>> "John Beamish"  wrote in message
>> news:op.thy79cxqm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>>> So running a browser in a VM is not a fully secured environment.
>>>
>>> I asked the question because Joe and Josephine Sixpack may no longer be
>>> part of a botnet but they will still hand over the keys to the family
>>> wealth if they use a credit card.
>>>
>>> On Wed, 25 Oct 2006 06:10:03 -0400, Geo  wrote:
>>>
>>>> "John Beamish" 
wrote in message
>>>> news:op.thx7ioymm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>>>>> Would it be possible to visit a "poison"
site that causes a keystroke
>>>>> logger (in, say, a hidden frame or some such) to trap
and transmit
>>>>> back to
>>>>> "home base"?
>>>>
>>>> Typically that's what cross site scripting exploits are.
It looks like
>>>> the
>>>> real site but it's not, may even pass you on to the real
site after you
>>>> enter your login info.
>>>>
>>>> Geo.
>>>>
>>>>
>>>
>>
>>
>
>

--- BBBS/NT v4.01 Flag-5