| Author |
Topic: 10 Steps to Protecting Your PC from 'Net Threats |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 18 Oct 2005 1:35 pm |
|
I just found this article about a ten step PC security plan that I think you will find beneficial. Rather than running into copyright problems by republishing it, I am including a link to the article.
http://www.pcworld.com/howto/article/0,aid,122500,00.asp
Wiz |
|
|
|
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 19 Oct 2005 10:11 pm
|
|
I don't understand number 6, which advises to defeat Javascript in Firefox. Javascript can't access files on the local machine like ActiveX can. What's the danger in allowing Javascript?
------------------
 Bobby Lee (a.k.a. b0b) - email: quasar@b0b.com - gigs - CDs, Open Hearts
Williams D-12 E9, C6add9, Sierra Olympic S-12 (F Diatonic)
Sierra Laptop S-8 (E6add9), Fender Stringmaster D-8 (E13, C6 or A6) My Blog |
|
|
|
Tony Prior
From:
Charlotte NC
|
Posted 20 Oct 2005 12:54 am
|
|
it seems to me that most of the items on the list if not all, are already covered by a default XP set-up and a quality Software for Security , Anti Virus and Spam.
It's my contention that many are using shareware or a freeware something or other Security/Virus software which in my opinion is a mistake.
you get what you pay for.
The list of ten is a good reminder though..valid statements..
But I agree with with b0b about #6.. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 20 Oct 2005 8:46 am
|
|
b0b;
I don't go for turning off Javascript either, but I have done it when I visit a website that has slider ads, or menus that follow as you scroll. It is possible to do a bit of fine tuning with the Javascript permissions, in Firefox's Tools > Options > Web Features page.
I only submitted this link to help some of our less advanced computer users to better understand how to protect themselves from Internet threats.
Wiz |
|
|
|
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 20 Oct 2005 9:06 am
|
|
Turning off JavaScript would break the functionality most web sites. The "sandbox" rules of JavaScript are well implemented in all modern browsers, including Firefox. JavaScript from one browser window can't even look at the contents of another browser window unless they both came from the same domain.
I'd like to see a JavaScript exploit that actually compromises user security in the latest versions of FireFox, IE6, Opera, Safari, or Netscape. If I'm wrong about this, I want to know how a breach could occur.
Some JavaScript is annoying - you can implement a lousy user interface in JavaScript - but there is nothing about the language that is inherently insecure.
------------------
Bobby Lee (a.k.a. b0b) - email: quasar@b0b.com - gigs - CDs, Open Hearts
Williams D-12 E9, C6add9, Sierra Olympic S-12 (F Diatonic)
Sierra Laptop S-8 (E6add9), Fender Stringmaster D-8 (E13, C6 or A6) My Blog |
|
|
|
Will Holtz
From:
San Francisco, California, USA
|
Posted 20 Oct 2005 1:09 pm
|
|
| B0b, I believe that the reason for turning off javascript is to prevent phising type attacks. For example, I believe you can use javascript to over ride the mouse-over URL displayed in the status bar, such that it will display www.ebay.com but then send you to crackers.cz if you click on it. In none of the possible javascript "attacks" that I've seen written up does the code actually do anything directly harmful, but they trick the user into doing something they probably don't want to do. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 20 Oct 2005 9:14 pm
|
|
Cross Site Scripting attacks are Javascript driven. There are a number of other JS vulnerabilities that have been patched in various browsers. The main buzzword is to stay up to date with security patches for IE, and updated browser releases for FireFox and Opera.
Your level of paranoia in turning off services and features should be directly related to the amount of privacy and security you require to protect your assets (on the computer/network). People running businesses on their computers may choose to turn off all active scripting for security reasons, and let the chips fall where they may. Firefox has an extension that allows you to specify certain websites that are allowed to run Java and Javascript, while blocking it from the rest of the Internet.
I always test my websites with Javascript off to ensure that they are still navigatable and no required functionality is lost. My system is to use Javascript for special features and preliminary form validation. However, my forms also do their own validation, in case Javascript was turned off in the visitor's browser. Never trust Javascript as an only means of displaying information or links.
Wiz |
|
|
|
Mark Ardito
From:
Chicago, IL, USA
|
Posted 21 Oct 2005 5:18 am
|
|
The company I work for won't let us use JavaScript at all when we code. We are only allowed to use asp.NET and C#. We pass all data with XML and we only validate pages/forms with C#.
The problem coding in JavaScript is you are putting your trust into the "client" machine to be able to view your page. I would never put that much faith in the clients machine. I would rather just handle all the code on the server side and then you will never have to worry.
Just my $.02
b0b - Yes, you can do some nasty stuff with JavaScript. However, most people have IE 6 with some security patches so it won't work. The guys that code malicious JavaScript code are hoping to get a machine that has IE 5.0 or Netscape 4 on a Win98 machine. If they get those browsers, they have an open field day on the client machine.
Mark
------------------
Sho~Bud Pro I, Fender D-8 (C6&E13) http://www.darkmagneto.com
http://www.arditotech.com
|
|
|
|
