Results 1 to 7 of 7
  1. #1
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Security - script prompts (6.0.2600.0000)

    I just set my 'Internet Zone' security to prompt me for running scripts. The prompt from IE, "Scripts are usually safe. Do you want to allow scripts to run?" is a little vague. Is there a way to check, or have reported, what the script is and which site is launching it? A little looking and it turned out that I blocked a datestamp script coming from the site that I was viewing, but couldn't it also have been something more important, or perhaps dangerous, or from a different site via frames/ads? If IE seems to think that scripts are usually safe, why would we need the option to vary their rights - perhaps even varied under different security zones? Cookies, when set to prompt, have a 'More Info' option, and that is pretty much what I would like to have for scripts.

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security - script prompts (6.0.2600.0000)

    It would be possible to create something like what you are describing. It would be something like Script Sentry but for HTML embedded script.

    If you have never used Script Sentry, it tells you what to expect before you run a script file. Something like:

    "This script will:

    Delete all your files.
    Email 5000 viruses to your best friends.

    Do you still want to run this script? Yes No."

    You get the idea. But Microsoft certainly did not bother to give you this type of option.

    A program would have to intercept the scripts and analyze their content before IE interprets them. That would likely take some type of Proxy server sitting between the source and your IE. I believe Proxomitron can "filter" scripts based on content, but it does not tell you what the script does before you run it.

    As a side note, MS could make scripts safer by requiring them to be "signed". I believe Netscape still allows for script signing, but Microsoft opted out of this technology -- and since IE now rules the Internet...

    Also, scripts themselves are generally very safe -- in the absence of a vulnerability. So, if IE was completely free of vulnerabilites and flaws, there would be no reason to disable scripting in the Internet zone.

    Please let us all know when IE is this safe! ;-]

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Security - script prompts (6.0.2600.0000)

    No, and a lot of scripts are too complicated to eyeball in a reasonable amount of time. I think it would be great if someone made a short list of "things people would most like to block" and just alert on those. Window.Open, SetTimeout, CreateObject, and anything that re-writes the URL in the address bar would be on my list. (Apologies for any errant syntax; I can't get used to that case sensitivity thing.)

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security - script prompts (6.0.2600.0000)

    I wouldn't have thought time would be the obstacle. Proxomitron filters the entire HTML in milliseconds. I am not sure why it would take an inordinate amount of time to look for the important aspects.

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Security - script prompts (6.0.2600.0000)

    Oh, when I said "eyeball" I meant for a human. Software would have no problem, I agree, as long as we can find someone to write it for us. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  6. #6
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: Security - script prompts (6.0.2600.0000)

    I love Proxomitron and how it has made surfing a mostly hassle-free experience, but I rely on its default programming to keep most intrusive scripts and such away from my computer. If with its default script filters Proxomitron blocks out all the known nasty scripts, would I be correct in thinking that most any other script would be safe for IE to run?

  7. #7
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security - script prompts (6.0.2600.0000)

    I am really not a Proxo user -- so I cannot answer that. I do know that Paul or Cj at Computer Cops will be more than happy to help you. I think the creator of Proxo is also a moderator in their forum.

    Paul created the original ZX-list, but now I think he recommends JD-5000's config set -- because it has been more recently updated.

    And that is about all I know!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •