Hi Friends,
These are probably simple questions to most of you. But I've never been clear about it.
A little background:
I have my IE security zones (also called web content zones) set to "maximum paranoia" (also called "locked down" by some). In other words, I have everything set either to Disable or Prompt in the Internet Zone. Then whenever I come across a website which I need to see displayed properly, and/or I expect to visit again in the future, AND I trust it, I put it in my Trusted Zone. I had such a serious problem a couple of years ago that I had to reinstall my OS, and since have been really paranoid. Even in my Trusted Zone, almost everything is set to Disable or Prompt!
So from the experience of finding websites which don't display properly in the Internet Zone, and entering websites into the Trusted Zone, I have learned, well, a few things, I guess. Most importantly to this topic, is that it appears to me that every website on the internet uses JavaScript. I realize this may not be entirely true, but I would hard-pressed to name a website which doesn't use it.
More background:
I Custom configured my Zones following Eric Howes' instructions, and I think it's mitch's Phantom Phixer website also covers this topic. (My apologies if it's not mitch -- it is a LzD member, but I'm pretty sure it's mitch.) But even with such great resources, there was still a lot that I did not truly understand. So there was a good measure of trial and error, as well, involved in configuring my Zones, but guided by those professionals' resources as best I could.
Now 2+ years later, I've run out of patience trying to determine the trustworthiness of almost every single website I come across, then entering them into the Trusted Zone, if I find them trustworthy. In almost every case, it's the JavaScripted part of a website that doesn't work, which necessitates its entry into the Trusted Zone. So I really, really, really (really!) would like to allow the JavaScript in the Internet Zone.
Here are my questions:
1 -- What type of security risk is represented by JavaScript? What's the worst that could happen by enabling it in the Internet Zone?
2 -- If I find this to be an acceptable, or otherwise avoidable risk, which Zone setting(s) should I change? I do have it narrowed down to either "Binary and script behavior" near the top of the list of settings, and/or "Java VM/Java permissions", a little ways below, and/or "Allow scripting of IE Webbrowser control" around the middle of the list, and/or the 3 settings under the heading "Scripting" at the bottom of the list. I'm just not sure specifically which ones affect JavaScript.
And as always, thanks for your seemingly endless supply of patience, help, and support.
