another reason to use firefox -- and to be wary of active-X

[babyoh]

FROM: http://www.theregister.co.uk/2006/03/29/ie_patches_released/
(re: recent bugs fround in browser MS IE )

Microsoft advised users to turn off Active Scripting if they do not need the functionality. The problem is the latest issue caused by the support for ActiveX, a programming language supported by Internet Explorer to add interactive functions to websites. The problems have occasionally resulted in calls for users to switch to alternative browsers, such as Mozilla's Firefox, which does not support the Active Scripting function.

"The workaround does not fully address the problem," Determina director of security research Charles Renert said. "Workarounds turn off functionality..

[GR@PH;<'S]

babyoh,
well as you have found firefox is a very good alternative and even the elderly around here have it on his PC

and some i think have Opera
GR@PH;<'S   :breakkie:

[winchester73]

The other side of the argument:  http://www.cnn.com/TECH/computing/9911/23/active.scripting/

[babyoh]

 :tease: ...the mind REEELS from all this information. every time i think i've "Got It" -- there are a bunch more things to learn.
** this is how i understand it (please correct me if i'm wrong) **
active scripting = javascript AND VBScript (visual basic)
due to design, having active scripting enabled in other aps is OK -- far more dangerous if AS is on in IE
also:
ActiveX should always be disabled or set to "PROMPT TO TURN ON" , cuz it potentially controls our os;
BUT Java applets are safer/OK.
-- is that right???
:smash: :gwave:
PS. if i have full firewall protection, i'm safe to turn on IE when i'm online to change settings, right? i'm only at risk for the majority of these nasties when i'm hitting a nefarious site, opening email etc., NOT just hanging out at my homepage (which is google)

[GR@PH;<'S]

babyoh,

ActiveX should always be disabled or set to "PROMPT TO TURN ON"

I have mine set to Prompt me.

BUT Java applets are safer

well they are yes as long as you know and trust the site they are from.

PS. if i have full firewall protection, i'm safe to turn on IE when i'm online to change settings, right? i'm only at risk for the majority of these nasties when i'm hitting a nefarious site, opening email etc., NOT just hanging out at my homepage (which is google)

if you have your firewall set to full firewall protection then you are as safe as you can be just make sure that you are using the latest version of your firewall.

GR@PH;<'S   :breakkie:

[Eric the Red]

BUT Java applets are safer/OK.
-- is that right???

babyoh,

The NSA have produced a .pdf about java which gives a good overview although it is now rather dated, the .pdf can be found here

[babyoh]

 :thumbsup: WOW, that nsa site has a TON of information in it.
(i went snooping among the other topics, too... THANKS for including the link :D )
:confused:
i know the java applet PDF is dated, but, interesting to read how signed applets can be a greater risk than unsigned ones.
- is that STILL true? (if i'm understanding their point, the scenario has to include the user "PERMITING" a signed applet to run... which we'll do in the mistaken belief that if it's signed, it's "SAFE.")  :blink:
WOW. lots to know about this stuff...