What a depressing read this article makes (without reading it the following might not make much sense). It seems a current problem in view of the date on it:

It makes me glad that I only Internet Explorer for the few sites that won't work properly with Mozilla Firefox. Since IE is still needed for them, I did what is recommended and disabled Active Scripting (ActiveX). This immediately stopped Windows Update work from working. This problem was overcome by adding Windows Update to the 'Trusted Sites' zone in IE. I've had a bit of a browse around using IE and so far have not noticed anything else affected by the change in settings. It probably only makes a difference to programs that rely on the ActiveX feature in IE to update.

I suppose you might browse for ever using IE and never be affected by the vulnerability described in the article. Indeed, you have up to now (hopefully) but you never know if you are going to come across that random page on the Internet that will breach security. I see it as being my job as Moderator to highlight these things if I learn of them ...so there you go then

What a dangerous place the Internet can be!

Quote:

---

I see it as being my job as Moderator to highlight these things if I learn of them ..

---

The fear you have created in me with these type of posts tellywellies ! Pretty hard to shoot a messenger when their name is "tellywellies" though.

Yup ...I know I'm a prophet of doom and gloom ("Thar'll be a weepin' and a wailin' I tell 'ee!" ) but it's them out there in the wicked world that's causing the trouble, not me.

(I am a happy type in real life ...honest!)

I think you have scared us all to death. How come this isn't BIG news? It ought to be............

It is possible to disable Active Scripting in Internet Explorer by doing the following:

*Go to Tools > Internet Options.

*Select the 'Security' tab.

*Click the 'Internet' icon.

*Scroll down the list to the 'Scripting' section.

*Under 'Active Scripting' click 'Disable'.

*Click OK.

This will stop Windows Update working. To get working again:

*Go to Tools > Internet Options.

*Select the 'Security' tab.

*Click the 'Trusted sites' icon.

*Click the 'Sites' button.

*Uncheck the box that says 'Require server verification (https:) for all sites in the zone'.

*In the box that says 'Add this website to the zone' copy and paste the bold (only) text below:
1http://*.windowsupdate.microsoft.com

*Click 'Add'

*Into the same box copy and paste this bold (only) text below:
1http://*.windowsupdate.com

*Click 'Add'

(The '1' is added before the URLs just to stop them being links and shouldn't be copied).

*Click OK.

***************
Most sites be can be browsed OK with this done. However, sites such as those that offer an online virus scanning service, or any that need to legitimately download information to your computer via Internet Explorer's ActiveX controls, won't work. The URL of such a site can be added to the 'Trusted sites' zone in the way described for Windows Update. However they must be, as the name suggests, sites that you completely trust.

One example in my case is online banking. The login page did not load when I disabled Active Scripting. This was overcome by copying the URL in the IE address bar and pasting it into the 'Trusted sites' entry box. Unfortunately, this may mean that many Internet forms will not work. While it is good to know you are immune from the vulnerability, it's going to be very inconvenient having to keep copying and pasting URLs into the Trusted sites zone ...and how to know which ones to trust? The whole situation is less than ideal. Perhaps a utility such as this one would provide a better answer where if a site does not work because scripting is disabled, it can be enabled with the click of a button.

Another option is to use a different browser. Perhaps that would be better than all the messing about, or just trusting to luck that you'll never be affected by the security issue.

Blimey - are you sure they won't bring out a fix? I hate to find disabled bits and pieces. I also use Mozilla Firefox and only use IE for the odd page viewing and of course Windows Updates, so I think I shall chance it (sounds like an epitaph).....

This BBC page is probably reporting the same or similar security hole since the advice is (from the page):

Quote:

---

Home users are being told to update their browser and avoid the threat by turning off Javascript. However, this could mean that some webpages do not display as expected.

---

At the top of the page is a screen-grab of part of a Microsoft advice page. It mentions download.ject. I typed this into Google and came up with this, so it seems that this what it's all about.

Just a bit more information anyway.

There's more...

Edit: Check for infection:

Search all files for:

* Kk32.dll
* Surf.dat

Although it seems that most antivirus programs can detect and clean this trojan it should be remembered that there is nothing as yet to stop it being picked up again (except switching off scripting).

The immediate threat has lessened but the loophole still exists. Read here.

Just curious to know: (...or Mrs TW says I am )

1. How many have heeded Microsoft's advice?

2. Has anyone switched, or thought about switching, to a different browser because of the current risk?

3. Would any IE security risk worry you enough to do either of the above?

4. Would anyone sooner not be worried by reports of security risks and just trust to luck on the grounds that everything has been OK so far?

5. Does anyone feel that there is a 'scare-mongering' element to security alerts?

Interesting questions TW!

One, no I have not and two, no I have not and no I will not. I use IE, yes, I know all the bad sides, I am just too lazy for anything else. This can't make me switch but then again I must say I am not too bothered by things like this. I mean I have my firewall set on high and my Kaspersky and generally I have not had too much trouble, without keeping my IE up to date. Though it is fun when you browse underground Russian sites But we both know that if someone really wants to mess with your computer they will. I am not sure about 'scare-mongering' but it can certainly feel that way especially when it comes to people who are regular users. As I said I am not too bothered with it in general.