> -----Original Message----- > From: Nina V. Levitin [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 06, 2002 1:17 PM > To: [EMAIL PROTECTED] > Subject: RE: scary site > > This is yet another reason to stick with Netscape. And yet another reason > why separating out Windows and Internet Explorer should be mandated. > > -Kit >
Unfortunately, that isn't the correct answer; to me, that's the equivalent of sticking your head in the sand. Even though I agree that users should have the ability to separate Internet Explorer from Windows, the relationship between the two programs has absolutely no bearing on whether they provide adequate security to end users. While we can't deny the fact that Internet Explorer has inherent security flaws (as most programs do), we have for the most part, ignored the program's security features that otherwise would have helped prevent this type of problem. I'm not absolving Microsoft of any responsibility, but I do think we should be aware of, and utilize all security features before labeling a problem like this one, as being huge and scary. To some this is scary, to others just a feature of active scripting. Regardless, good job to those who first discovered it. I do think this scripting feature can be a security risk; however, it is no more of a problem, than inviting strangers to your home or keeping your front door unlocked. We've all learned (hopefully) to avoid those risks, and this situation really isn't any different. Use the locks provided, and your risk will be somewhat reduced. Microsoft has a long way to go before all their programs are bug free and somewhat secure; but in the mean time, we can protect ourselves not only by using firewalls and installing patches, but by using the built-in security features as well. None of that helps of course if you leave the door wide open or hand out copies of your key; and that's basically what you're doing when you use only a fraction of the tools at your disposal. [Now for the built in solution to this and similar problems] Even though disabling active scripting solves the problem, most people would agree that it isn't the most practical solution. You do however have the ability to set active scripting to 'prompt', and then include in the 'Trusted Sites' web content zone, the sites you frequent the most. After a week or so of using Internet Explorer, most people will have added their favorite sites to the list, and find that the script prompts are kept to a minimum. Determining if a script is benign without looking at the code first is impossible; but using the 'Trusted Sites' content zone correctly is certainly better than allowing all scripts to run. This also enables you to browse your favorite sites without any loss in functionality. I'm sure that this may be cumbersome if you continually visit a multitude of sites each day (or even perhaps when using a search engine), but it's much safer than waiting for a security patch that will never come. If you truly want your computer to be immune from every internet security risk, unplug it, and never turn it on. Unfortunately an increase in security generally implies a decrease in usability... but then again, we all knew that. Regards, James Kivisild On a similar note, if you're not using the privacy settings in IE to restrict cookies, you should be.
