Turn off JavaScript

2 Comments

Even as we start redeveloping websites in the CCIM family planning on using more JavaScript than ever (think Ajax), I’m here to tell you to turn off JavaScript in your browser.

E-Week is reporting, as are other sites including the SANS Internet Storm Center and the Washington Post, an unpatched vulnerability in Javascript that allows websites to execute programs on your computer without restriction.

Infected or malicious websites might be able to do very bad things to your computer and the networks to which it is attached without any action on your part other than visiting such a website.

If you use Internet Explorer, you MUST immediately turn of ActiveScript / JavaScript for non-trusted websites. Microsoft does not yet have a patch for this problem.

In Internet Explorer:

1. Click TOOLS
2. Click INTERNET OPTIONS
3. Click the SECURITY tab
4. Click CUSTOM LEVEL
5. Scroll down and set the scripting options to “prompt”.
6. Click OK.

Once set, only allow scripting operations from sites you know well and trust.

If you are not yet using Firefox as your default browser, download and install Firefox. When it starts up, check the box to make it your default browser.

The Internet Storm Center recommends Firefox users install the “noscript” extension.

Quick Description
Extra protection for your Firefox: NoScript allows JavaScript, Java (and other plugins) only for trusted domains of your choice (e.g. your home-banking web site). This whitelist based pre-emptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality… Experts will agree: Firefox is really safer with NoScript ;-)

2 Replies to “Turn off JavaScript”

  1. Or you could leave javascript on and just not use IE. That’s probably the safer course of action. Oh hey, look, Firefox 1.5 came out today! :)

  2. As a web developer, javascript is pretty useful for cross-platform functions. I agree with the first poster … just don’t use IE and use Firefox instead.

Comments are closed.