VBS script

Discussion in 'other software & services' started by snowbound, Dec 21, 2003.

Thread Status:
Not open for further replies.
  1. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hello everybody :)


    Does anyone know how to disable VBS script in IE6?

    I went to browser checker site today,
    https://testzone.secunia.com/browser_checker/

    and it said VBS script is enabled in MY IE6.

    By description it looks like something dangerous and should be disabled.

    Also if i do this, will it restrict me from viewing certain sites?


    Thank u.




    snowbound
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    The only way I know is to open internet option then custom settings. I hope this is the way to do it. I don't use Ie so I am not sure.
     

    Attached Files:

  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    First just to clarify, you are using Internet Explorer v6, correct? (I just wanted to be sure you weren't using the product called MYIE, just because you said, "...it said VBS script is enabled in MY IE6".)

    There are a lot of ways to approach security in IE. The way I chose to do it was to set very tight default security levels (the setting on the "Internet" zone), and then add all the sites that I trust and that need more liberal settings to the "Trusted sites" list. I've set the trusted zone to much looser security, of course. This works really well for me.

    There are three settings to control active scripting in IE. From the IE "Tools" menu > "Internet Options..." > "Security" tab > select "Internet" icon > "Custom Level..." > scroll to the bottom of the list - the three items under "Scripting". The most important one is the first one setting "Active scripting" to either "Prompt" (then you'll get a lot of popup alerts asking for permission) or "Disable" (which is what I've done).

    In fact, given the model I use, the image below shows the settings for the entire Internet zone in IE6 on my system. Again, it is important to note that many simple sites work fine with these Internet zone settings, but many more complex ones don't, and for those I use the trusted zone (if and only if the site can be trusted). If I can't trust a site that requires loose IE security then I just do without it. :doubt:
     

    Attached Files:

  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    In my screen shot I don't have any of the settings set. I never use Ie. So I hope you didn't think those were the settings I use, it was just a picture of the ui. I have used netscape then mozilla and after that firebird and now opera. I just about forget about Ie anymore. I don't even use windows update because you have to use Ie so I use their manual download site. :)
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi bigc,

    Actually, if this comment is directed to me, I've made no judgement regarding your settings and I also understood that you aren't using IE as your main browser. (I know you're an Opera guy from other threads.) ;)

    But you know what? Since you don't use IE anyway but still have it installed on your system, it wouldn't hurt if you went into that security screen and moved the slider for the Internet Zone all the way up to the highest level...

    Since you don't use IE it won't effect your browsing at all. But, if something ever happened that caused an IE session to fire up on your system, it'd be nice if the tighest security settings were enforce at that time. It certainly couldn't hurt to do that as a precaution. ;)
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It sounds stupid but as much as I am on the comp. I should have thought of that. I really appreciate you mentioning that It just never crossed my mind. guess the old saying holds true (out of site out of mind) ;)
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Yes iam using IE6.

    Thank u LWM for your insight and your screen image.

    To tell u the truth, because i know very little about this, i just compared yours to mine and mine is almost wide open. I think it is default settings.

    I just spent a few minutes changing mine to reflect your settings, put a couple of the websites i visit regularly in the trusted zone( like wilders) ;) and everything seems to be fine.

    Obviously i know now that i would have been easy pickings
    for an attack.

    If i have problems with other websites i will just evaluate it's importance at that time.

    Tightening up security on my computer is important to me.

    Without help from people like u here at wilders i wouldn't have a clue how to go about the changes that need to be made.

    Just out of curiousity, do u use any other browser?

    Seems like someone like u wouldn't use something so full of holes like IE, even with the tightened security.

    Thanks again.


    snowbound
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    You know what snowbound, everything comes down to risk management when talking about security... The risks in my case are based upon where I go online (risky places) and what security settings and compensating controls I have in place to protect against them.

    Sure there are a number of IE based exploits that haven't been patched. But, the vast majority of them do require either one or both of Active Scripting or ActiveX to be enabled. Then there are all those other settings: IFRAME or cross-domain exploits - again mostly based upon having those options enabled in the Internet Zone. There are really only a very small number of theoretical unpatched exploits that for the most part have never appeared in the wild...

    With those, you still need to go somewhere where those particular exploits will be used in a malicious way. To my mind, too many people think they will be the first person to be hit with a brand new unknown exploit. But, given the size and scope of the Internet is highly unlikely. Too many people look to the exotic or the custom made exploit, targeted solely at their system... In the real world this is really incredibly unlikely.

    The vast majority of people get infected by way of some exploit that is months or years old and for which they never took precautions. They didn't patch. They left ActiveX and active scripting totally enabled because they didn't like not being able to see the cool website that painted some pretty graphic or had "moving eyes" or some such fun thing that they couldn't see if they had high levels of security set. People hit by the day-0 exploit or the never patched IE hole are very few and far between indeed in the real world.

    Now, another reason I use IE and a OE, and a number of other common tools, is because the vast majority of people online use them. Sure I could use some super secure browser and email client (I even have copies of them on my system), but I prefer to use what most people are using. It let's me see what they are seeing and it also let's me help them since I have the same software they do.

    I do add one compensating control that most people don't. I run the Tiny Software sandbox - one of the most powerful security tools ever made. And with it I "sandbox" Internet Explorer. Effectively a sandbox is like a firewall for applications. It monitors and controls what an application can do, what files and resources it can access on your system. Like one of these application firewalls (ZAP, NIS, etc.) it pops up an alert if some program tries to do something it hasn't been allowed to do. In the case of sandboxing IE, if IE6 on my system every tried to run/spawn a separate program (like a trojan or virus), access any non-browser registry keys (like the Run keys or any others), or even accessed a folder or file on my system that wasn't owned by IE itself, I'd get a popup alert...

    But, before anyone says - "ah ha! you run IE because you have that extra protection in place but people without that shouldn't!" In the 17 months I've been running in this configuration, my sandbox has never issued one of those popups - not once. So I never used the extra protection. My IE security settings have always handled the protection I needed. And this includes all the places I've gone based upon researching problems people here and at other forums have posted about. Bad sites they visited - where they got viruses, trojans or spyware... (Oh, to be fair... I have received sandbox alerts when I played with leaktests or those exploit proof of concept webpages, that are meant to prove IE is unsafe. Yes, at those sites I've tested my sandboxes effectiveness. It's just that I've never run across a real world site or piece of malware that used any of those "proof of concept exploits". :doubt: )

    Again, most people are not infected by browsing to a website using a day-0 exploit, or by malware uniquely built and targeted directly (and individually) at them. They are infected by the plain and the simple: they had ActiveX enabled; they had active scripting enabled, or any of the other easily exploitable functions. Or, they simply trusted some malicious site because someone told them it was cool. That's all.

    In my opinion, you can use IE safely in the real world. Set it securely and add compensating controls. If you don't care about using a sandbox, then at least use extra tools like: IE-SpyAd, a good Hosts file, SpywareBlaster (to kill known bad ActiveX controls) and of course a good AV and perhaps an AT product. Know your risks, address them and then use common sense and you'll be fine.
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Very well said LWM :)

    Tightened IE security, a few good tools and above all, common sense, is the key to internet safety.


    Thank u





    snowbound
     
Loading...
Thread Status:
Not open for further replies.