News
News
3/30/2006
01:34 PM
Connect Directly
RSS
E-Mail
50%
50%

Disable IE's Active Scripting To Protect Against Bug

Microsoft's preferred workaround for the createTextRange bug is to disable Active Scripting to prevent any JavaScript code from running. Here's a step-by-step guide.

While users wait for Microsoft to patch the most recent zero-day vulnerability in Internet Explorer, security experts agree that the best way to protect PCs is to dump the browser's Active Scripting function.

Even eEye Digital Security, one of two commercial security vendors that has released unsanctioned, temporary patches for the problem, said so.

"Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation," eEye warned in the advisory accompanying the patch.

Microsoft's preferred workaround for the createTextRange bug is to disable Active Scripting so as to bar any JavaScript code from running. In fact, this isn't the first time that Microsoft has urged users to switch off Active Scripting; in early December, it used the same advice when another unpatched vulnerability was wreaking havoc.

Here's how to turn off Active Scripting:

-- In Internet Explorer, click Internet Options on the Tools menu.

-- Click the Security tab.

-- Click Internet, and then click Custom Level.

-- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK.

-- Click Local intranet, and then click Custom Level.

-- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK.

-- Click OK two times to return to Internet Explorer.

Doing so, however, will break some sites and/or functions within sites, as Microsoft itself warned in the security advisory posted last week and updated Wednesday.

"Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly," the advisory went. "If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.