News
News
3/30/2006
01:34 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Disable IE's Active Scripting To Protect Against Bug

Microsoft's preferred workaround for the createTextRange bug is to disable Active Scripting to prevent any JavaScript code from running. Here's a step-by-step guide.

While users wait for Microsoft to patch the most recent zero-day vulnerability in Internet Explorer, security experts agree that the best way to protect PCs is to dump the browser's Active Scripting function.

Even eEye Digital Security, one of two commercial security vendors that has released unsanctioned, temporary patches for the problem, said so.

"Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation," eEye warned in the advisory accompanying the patch.

Microsoft's preferred workaround for the createTextRange bug is to disable Active Scripting so as to bar any JavaScript code from running. In fact, this isn't the first time that Microsoft has urged users to switch off Active Scripting; in early December, it used the same advice when another unpatched vulnerability was wreaking havoc.

Here's how to turn off Active Scripting:

-- In Internet Explorer, click Internet Options on the Tools menu.

-- Click the Security tab.

-- Click Internet, and then click Custom Level.

-- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK.

-- Click Local intranet, and then click Custom Level.

-- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK.

-- Click OK two times to return to Internet Explorer.

Doing so, however, will break some sites and/or functions within sites, as Microsoft itself warned in the security advisory posted last week and updated Wednesday.

"Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly," the advisory went. "If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.