Disable Active Scripting

damnyank

I WILL NOT FORGET 911
Joined
14 Mar 2002
Messages
2,359
RE News article topic:
IE 6 SP1 omits fixes for 20 outstanding flaws
Posted by MdSalih on 10 Sep 2002 :click here

The article says the work around is to Disable Active Scripting. I tried that and the first thing I noticed is that when trying to reply to a thread using the vB Code features (color,http:, etc) when I select one I do not get the Script Prompt box.

I go back and Enable Active Scripting and I have the features available again.

Is this how it is supposed to work - or do I have something else messed up?:confused
 
I guess its a payoff whether you want to feel secure until they issue a proper fix or want to use VBcodes. Active scripting makes up alot of various codes that can be made use of - there just happens to be an annoying flaw every now and then
 
Without knowning which scripting service you are using this is from MS: -

Much has been made about the security risks posed by Windows Script Host. The power and flexibility afforded by WSH can be used by forces of evil just as easily as they can be used to make your life simpler. Indeed, the infamous I Love You and Anna Kournikova e-mail worms were powered by VBScript attachments. You can make some simple changes that reduce the chance that you’ll accidentally run a nefarious script.
As a first line of defence, be sure that the file name extension is always displayed for script files. (This would have tipped off many people who opened an e-mail attachment named Anna Kournikova.jpg.vbs. Because the extension is not displayed by default, many hopeful fans expected to see a picture of the tennis star.) Second, change the default action for scripts from Open to Edit. This causes the files to open harmlessly in Notepad if you double-click a file. To make these changes, follow these steps:

1. In Windows Explorer choose Tools, Folder Options.
2. Click the File Types tab.
3. Select the JS (JScript Script File) file type and then click Advanced.
4. Select the Always Show Extension check box.
5. In the Actions list, select Edit and click Set Default. Then click OK.
6. Repeat steps 3 through 5 for JSE (JScript Encoded Script File), VBE (VBScript Encoded Script File), VBS (VBScript Script File), and WSF (Windows Script File) file types.
7. Click Close when you’ve secured all the script file types.

Changing the default action to edit makes it more difficult to run scripts that show up as e-mail attachments, which is one of the most likely places to find a malevolent script. However, it also makes it more difficult to execute legitimate scripts from trusted sources: You must save the attachment and then, in Windows Explorer, right-click it and choose Open. You can use this same technique (right-click and choose Open) to run any script stored on your computer, but if you want to avoid that inconvenience for a script that you know to be harmless, simply create a shortcut to thescript. (Be sure the Target text in the shortcut’s properties dialog box begins with wscript.exe orcscript.exe; if you include only the script name, this trick won’t work.) Double-clicking the shortcut runs the script without further ado.

Are you working in the .NET environment? It seems to me that by definition using VB features across a network relies on their implementation of the service and it’s integration with both the network protocols, and MS’s implementation, which is buggy.

Whilst the above might not help in this instance it gives an insight into the thinking generally. There is a black-hole (security) here yet to be addressed.

Why use one word when a hunderd will do.
:)
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back