After you read this, you might be a bit paranoid.
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

I don't allow web sites to load Java applications or ActiveX controls. I specifically don't use IE.

Where I use to work. you had to use ie, If you installed firefox much less any other browser, it was removed. A lot of companies are that way. As much as I have alway personally used non-ie software, I never have liked ff3. The ball was really dropped on usability compared to ff2.

The real problem is ActiveX. IMO ActiveX should not exist.

The real problem is ActiveX. IMO ActiveX should not exist.

and Xerox created the first GUI OS...

Where I use to work. you had to use ie, If you installed firefox much less any other browser, it was removed. A lot of companies are that way. As much as I have alway personally used non-ie software, I never have liked ff3. The ball was really dropped on usability compared to ff2.

I know exactly what you mean. In most companies, IE is the choice browser because of it's business application purpose rather than it's security purpose. What I mean by that is that a lot of business applications (time sheet programs, HR programs, etc.) are IE only. And since you can't run your business without these applications (so the business people think) they overrule the security people. It's not even a question.

But yeah, as long as people use IE, Windows will never be secure.

Agreed slonkak, but any company that forces you to use IE should have an IT department that keeps up-to-date with this sort of stuff and 'should' be quick to respond to any threat.

That said, I do not know of many businesses that have actually upgraded to Vista, however this exploit looks like it will work on more that just Vista.....

Personally, I think security vis-a-vis computers is sort of a misnomer anyway - any sort of secure system, with time, patience, stupid people and/or luck can be broken into. Relying on MS to say 'this OS is secure, you are fine' is a quick way to end up in trouble.

Knowledge is power - the problem is trying to keep up in this Red Queen's race (http://en.wikipedia.org/wiki/Red_Queen%27s_race).....

:D

One of the companies I deal with uses ONLY open source software, other then OS. They buy stock Windows boxes but they use FF and Open Office for their field machines. They avoid license issues and the temptation of someone "borrowing" a CD in the field and using the company license.

They can't use open source OS, because almost all the programs that the engineers need to run are written for Windows.

The real problem is ActiveX. IMO ActiveX should not exist.

Self-serving hackers should not exist either.

Active X is the worst thing on your computer. Even worse than having some virus's. Some virus do strange things like send your email address from your outlook to someone and at least you know the extent of it all.

But with Active X, you pickup a new virus every month!

After you read this, you might be a bit paranoid.
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

Ok just to clear a few things up here. That exploit affects XP as well, it's just new types of Buffer overflows. Here are two in depth articles on this from a respectable source. Arstechnica - The sky isn't falling: a look at a new Vista security bypass (http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html) and Arstechnica - Black Hat's Alexander Sotirov: Vista security is not broken (http://arstechnica.com/journals/microsoft.ars/2008/08/12/black-hats-alexander-sotirov-vista-security-is-not-broken)

Here is an free app deisgned to protect against these types of attacks. http://www.memoryfirewall.comodo.com/

Now as for some of the comments you guys have made.

The real problem is ActiveX. IMO ActiveX should not exist.
ActiveX is very useful for legit programs. By default IE is now set to promt to run all all signed ActiveX and not to even download let alone run unsigned ActiveX controls. For a comparison Flash is used for spam and to install malware, should flash not exsist either? How about Java or Javascript?

But yeah, as long as people use IE, Windows will never be secure.

On Vista IE runs in both a lower privlige level than Firefox and a protected sandbox mode. Also in IE .net, java, & ActiveX programs can all be set to promt or not to run at all. So not only are you wrong about IE, it's actually more secure than Firefox. Yes you can run noscript but that still doesn't give you the sand box mode.

Active X is the worst thing on your computer. Even worse than having some virus's. Some virus do strange things like send your email address from your outlook to someone and at least you know the extent of it all.

But with Active X, you pickup a new virus every month!

That's just a load of garbage. You couldn't prove that statement to save your life. And to top it off, many of the sites that use ActiveX also have a flash app to install the same malware. Firefox is being targeted as well now. Prof, the infamous "my web search" toolbar now has a firefox version.

The new trend is to use flash in videos or games and have it install malware in the background. This will work on any browser that has flash installed. All it takes is for the user to play/run that flash video/game. Unless you have UAC or a similar security function you get infected.

.net is possibly more dangerous than activex ever was since virtually all .net apps run unchecked from what I have been told.. Here is a novel idea. Why can not Microsoft write software to begin with not to have these issues. Why does one have to purchase or add extra software to fix something that should not be an issue to begin with. When users have to pay a premium price for Microsoft products there is no excuse for alleged amatuer programming. What really gets me is that xp is no longer per se supported yet the price of xp on the retail shelf has doubled to $300. To double the price on a discontinued product is not only down right cold blooded, but an insult to the American consumer. Not so long ago down here in Texas, we used to tar and feather carpetbaggers for less.

XP is still supported, it's just no longer sold by Microsoft. So it's the individuals charging that much for it. I have never heard that about .net before. That doesn't even sound right, but I'll look into it more. .net can't be any worse than Java.

Best Buy, Fry's, etc all have it for 299.99 which might as well be 300. I have heard of several users who were denied support for xp.