[Tutor] Which Py?

[Lloyd Kvam]

 > If you feel at risk? No, don't think so, er, well don't know what to
 > feel at risk about.


http://starship.python.net/crew/mhammond/
index

I assumed you had read the Privacy Concern notice.
The COM extensions are vulnerable to the usual Microsoft security holes.  In this case,
a malicious web site could use your browser to run python scripts through Active
Scripting.  The  Python scripting support will happily let the malicious site have read
access to your computer's files.

Mark Hammond's opinion is that a malicious site is unlikely to target Python scripting
since the percentage of such vulnerable machines is so low.  However, if you have any
sensitive information on your computer:
	credit card numbers
	server passwords
	sensitive files (e.g. medical records, accounting or tax records, etc.)
it would be prudent to update and eliminate the risk.

It is, of course, a good idea to disable active scripting and avoid running active
scripting clients.  A Symantec security advisory recommended deleting WSH.exe. You need
to decide the level of paranoia that is appropriate for you.

(My paranoia level is fairly high.  I am trying to get myself fully converted to Linux,
with my NT system used only for those clients that insist on Windows.)

kjphotog@juno.com wrote:

> Lloyd,
> 
>  
> 
> Thanks for all the info.
> 
>  
> 
> And that's what I did exactly. A windows user gave me the Active State 
> site & discovered the version @python.org. And now I know the difference 
> between downloading from those 2 sites. .
> 
>  
> 
> If you feel at risk? No, don't think so, er, well don't know what to 
> feel at risk about.
> 


-- 
Lloyd Kvam
Venix Corp.
1 Court Street, Suite 378
Lebanon, NH 03766-1358

voice: 
603-443-6155
fax: 
801-459-9582