Turn off Javascript in IE again
MICROSOFT and computer insecurity experts the world over are recommending that Internet Explorer users should switch off Javascript again.
Given that every time there is a zero day security exploit related to IE the first thing that is recommended is that users switch off Javascript, it must be hard to find a technically literate person who has the thing switched on. Although finding a technically literate IE user is about as hard as finding a modest Apple user.
The reason for switching off your Javascript this time is that an exploit for a previously undiscovered flaw in the Internet Exploder web browser has been spotted in circulation.
The flaw could enable a hacker to take over a computer if a web surfer visited a compromised website using a vulnerable version of the Vole's IE browser.
PC insecurity firm Symantec advised punters to disable Javascript in IE and ensure that their antivirus definitions are up to date. The outfit said that the exploit currently exhibits signs of poor reliability, but expects that a fully-functional, reliable exploit will be available in the near future. When that happens, attackers will have the ability to insert the exploit into websites, with the potential of infecting visitors.
You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.
Microsoft has agreed that this is the best way to proceed until it gets around to releasing a patch. As yet it has not said when it is planning to do this. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Whether to warn my users that IE is compromised yet again when they are ordering online from my sites or to just tell them not to use it outright.
I always feel obliged to tell them when there's a known problem with a browser they are using but the MS code is getting bigger that the online shop!
"Although finding a technically literate IE user "
What a pathetic gimp this guy is. These people seem to think everything in the world should be Linux and anything else is evil.
Although I doubt if Fireferret and the likes are a lot more secure, there is a world beyond IE, and that doesn't consist of Linux only! Besides FF, You have Chrome, Safari, Mozilla etc. all available on a myriad of OS.
The point is, and that directed @ Nick as well, one must be carefull in enabling any of the scripts, regardless of what you use.
Why is it that every time anyone on the Inq points out one of the many faults of Microsoft or Apple, people like you feel compelled to do the pwned little beyatch dance?
You want to use a crap browser with a swiss cheese security model? Go ahead! Nobody cares! Except the crooks, and theyll love you for it!
"These people seem to think..."
Bleah.
"The reason for switching off your Javascript this time is that an exploit for a previously undiscovered flaw in the Internet Exploder web browser has been spotted in circulation.
The flaw could enable a hacker to take over a computer if a web surfer visited a compromised website using a vulnerable version of the Vole's IE browser."
It is really depressing the number of times have I read this, MS should be truely embarrassed.
John, this has nothing to do with operating systems. It's a browser-specific article - the alternatives to IE are Firefox, Chrome, Safari, Opera, there are hundreds of other browsers that work on all operating systems.
I've never used Linux in my life, and even I know that IE is a worthless, insecure piece of garbage. Switch to Firefox and thank me later.
Extension only selectively allows javascript, which is rarely needed except to bombard you with advertising and track you on third-party counting sites.
When you need javascript, as here for making comments, turn it on temporarily and just for that site.
javascript is simply a plague in itself. Allowing anyone to run whatever software they want on your computer is risky, no matter how "secure" the language is intended to be.
"These people seem to think everything in the world should be Linux and anything else is evil."
= No. They just think the world is better off by getting rid of Microsoft products. MS has gained their reputation over the years through their own actions. They get what they deserve. Karma is a bitch.
The forth feedback (Anonymous Coward) has it right...
How many times do Microsoft defenders (fanbois, trolls, spinners, etc) need to read - "...flaw could enable a hacker to take over a computer if a web surfer visited a compromised website using a vulnerable version of the IE browser"...before they realise something isn't right here?
There's only so many times a battered wife stays with an abusive husband. Can't say the same for your typical MS defender, can we?
Come to think of it, why do people still defend Microsoft when the company can easily pay for its own bullshit artists that spread trivial justification for their solutions and actions?
Microsoft clearly demonstrates how the "sheep" of the world should be exploited and profited from. ie: Keep them ignorant, clueless, and dependent on you...And they'll forever pay for your solutions regardless of quality!
That's the funny thing about people: They are all too willing to spend time, money, and resources in order to workaround the deficiencies...Stuff they don't need if they spend 10 minutes a day understanding the software on their systems.
IE 8 doesn't have this problem. Just let automatic update do it's job and you won't need scare articles like this that don't include all the facts.
Yea, turn off the JS and enjoy the seamless, dull and non-functional Web.
Or - browse like it is 2009, but not 1989. Your choice...
@bigger_luddite, there are plenty of things being done with JS today. Not only adverts/tracking.
You have powerful frameworks that enable your site to easily add drag&drop, AJAX, galleries, etc.
Turn off JS and forget about Google (m)Aps, RichEditors, type hinting, etc...
From what I've read, Firefox is the most vulnerable browser out there and IE is one of the most secure, just behind Opera. http://www.internetnews.com/software/article.php/3847461
So, I'm not sure why so many people refer to IE as a piece of crap and praise Firefox. FF may not have Java, but it has plenty of other vulnerabilities in it's place.
Justflameme: FireFurry, being completely open source, reports every vulnerability found; Infernal Exploder and Opera do not. It's as simple as that.
IE provides security zones, so that you can differentiate between those sites you trust enough to enable JS and the rest of the internet, that is suspect by default.
Using IE's Internet/Trusted zones is pretty much the same as using FireFox with NoScript.
You may have read it, but you certainly didn't grasp it.
Why do people only ever advise IE users to switch off Javascipt, knowing full well this isn't an option in 2009 as it will break virtually every major website out there?
There have been Javascript exploits in Firefox but I didn't see the same recommendation to disable it plastered across the articles and comments then. Yet always with IE.
Some people want not only to make it sound worse when it's IE, but they also want to cripple users' browsers in order to give them a real problem that makes them switch to Firefox to get the sites (which don't have problems because they're not exploiting the holes) working again.
You may not like to read this, but IE's security record is only getting better all the time and will no doubt improve even more with IE9 and beyond. They started shite and have only one way to go - up.
Firefox on the other hand, has clearly never been secure, with literally scores of holes being patched for every major version that comes out. They started with a lot of hype and false promises about security and have only one way to go - down.
It's just a matter of time before users and the IT press wake up to the real situation and start bashing Firefox instead of IE. Why doesn't a real journalist research the facts sand figures and see just how Firefox has compared with all the other browsers since 2005? What are their histories on standards compliance and Acid tests? How many security holes, how serious and what percentage? Memory footprint and speed? Timescale for implementing new features? Etc.