Jump to content


Photo

IE too Vulnerable for even Microsoft

Started by Untouchable J, Jul 29 2004 06:32 PM

  • Please log in to reply
1 reply to this topic

#1 Untouchable J

Untouchable J

    Advanced Member

  • Full Member
  • PipPipPip
  • 205 posts

Posted 29 July 2004 - 06:32 PM

Microsoft: Cripple IE to Protect Your PC

The company says that you should disable one of the browser's features.

Stuart J. Johnston
From the September 2004 issue of PC World magazine
Posted Tuesday, July 27, 2004

Microsoft is doing something unprecedented: It wants you
to break one of Internet Explorer's key features. Why?
Because only by limiting the browser's functionality can
you be sure of stopping a sneaky--and dangerous--new
breed of Internet virus. This latest targeted attack
scenario, which uses malicious code dubbed "Scob" or
"downlad.ject," exploits three flaws: two in Windows and
one in Internet Explorer. One of the holes involves
JavaScript; targeting this flaw, the Scob code lets a
hacker attach a program written in JavaScript to Web
pages. If you visit an infected Web site, the program
automatically executes in IE, and voila! you're
infected.

Microsoft also wants you to take the extreme step of
disabling JavaScript. Many sites use JavaScript--to
display video, say--and without this programming
language, some sites, including Microsoft's own Windows
Update site, won't even function properly.

If you want to go this far--and I recommend that you
do--you need to adjust your IE settings. ...

If all this sounds like too much hassle, you might want
to consider switching to a browser like Mozilla or
Opera. You can have JavaScript turned on in these
browsers, yet remain safe from IE-like attacks. At
least, for now.


:unsure:

Full Article

Posted From: Mcafee Support Thread

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,969 posts

Posted 30 July 2004 - 06:44 AM

FYI...

- http://www.theinquir.../?article=17235
"...Well, you can just forget about trying to get those critical Windows updates you need if you're not using Internet Explorer. The Windows Update site only supports Internet Explorer. Instead, you're going to have to use IE to download the Windows Update and then go back to whatever else you're using. While it seems fair enough to us that if you need an Internet Explorer update you use IE, is it really fair that non-Microsoft browsers can't be used to help users make their systems secure? As Microsoft explains here, this behaviour is by design.
- http://support.micro...kb;en-us;188244
But is it fair? Of course not. Life's not fair. Fairness and Microsoft don't necessarily sleep together as intimate bedmates either. You may also notice that if you go to a large number of corporate web sites they don't behave properly when using non-IE browsers. Such...is life. Especially in the IT sector."

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Back to Security Warnings


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. SpywareInfo Forum
  2. General Computing Issues
  3. Security Warnings
  4. Privacy Policy
Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!