.NET Framework 1.1 Security

  • Thread starter Thread starter Byron Boudreaux
  • Start date Start date
B

Byron Boudreaux

I have a customer who is adamant about not installing the .NET framework on
their XP machines because of security concerns. But this means they can't
run alot of the new management tools such as Group Policy Management
Console, SONAR, Ultrasound, NTFRSDiag, and I am sure many others. Does
anyone have any guidance on this issue? What vulnerabilities are exposed by
installing the framework? How can these vulnerabilities be mitigated
without losing the functionality of these tools?
 
Byron Boudreaux said:
I have a customer who is adamant about not installing the .NET framework on
their XP machines because of security concerns. But this means they can't
run alot of the new management tools such as Group Policy Management
Console, SONAR, Ultrasound, NTFRSDiag, and I am sure many others. Does
anyone have any guidance on this issue? What vulnerabilities are exposed by
installing the framework? How can these vulnerabilities be mitigated
without losing the functionality of these tools?
Click to expand...
I'm curious about your customer's assertion.
Do any specifics go with it? If not, you have a real challenge on your
hands.
If you don't get some good leads here, you might consider posing this
question in:

microsoft.public.dotnet.security
 
Byron said:
I have a customer who is adamant about not installing the .NET
framework on their XP machines because of security concerns. But
this means they can't run alot of the new management tools such as
Group Policy Management Console, SONAR, Ultrasound, NTFRSDiag, and I
am sure many others. Does anyone have any guidance on this issue?
What vulnerabilities are exposed by installing the framework? How
can these vulnerabilities be mitigated without losing the
functionality of these tools?
Click to expand...

So your customer does not want to take advantage of the increased security
that .NET offers with code access security, assmbly signing (to prevent
tampering) and quarantining of downloaded code. How odd, they've got a
strange attitude to security. Take my advice, don't connect your laptop to
their network! ;-)

Richard
 
Back
Top