[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Explorer 3.0 Warning



PureBytes Links

Trading Reference Links

Thanks for the warning!  I personally use IE4.0 without Active Desktop and
have not had one problem with it yet on Win95 OSR2.

Question...

It was my understanding that Javascript (being a scripting language) is not
dangerous.  Mainly because it is embedded in html and not a downloading
executable.  Is this true?

On the other hand Java applets (small executable programs) have the
potential to damage but no one has figured out away yet.  This is because
Java was not designed to machine level like C or CGI.  Is this true?

Just want to make sure my facts are right.

Jim Lovejoy
fastgroup@xxxxxxxxxx
      Pain is inevitable...     Misery is optional.
                                                   -Unknown

-----Original Message-----
From: Scientific Approaches <sci@xxxxxxxxxx>
To: Omega Mailing List <omega-list@xxxxxxxxxxxxxxx>
Date: Tuesday, February 24, 1998 2:37 PM
Subject: Internet Explorer 3.0 Warning


>This doesn't have anything to do directly with trading, but almost everyone
>on this list uses web browers, so you may find it interesting.
>
>Hoaxes about how email viruses can damage your computer and other such
>things are prevalent on the Internet.  Almost all such stories are total
>nonsense.
>
>However, there is a significant risk you should be aware of.  Microsoft
>Internet Explorer Version 3.0 has a major security hole that allows any
>webmaster to take control of your Windows desktop - including accessing any
>confidential files on your computer.  Webmasters can do almost anything you
>can do sitting at your computer.  They can upload files, download files,
>search and replace text in files, delete files, and run programs.  They can
>leave software that will give them repeated access each time you log back
on
>the Internet in the future.
>
>The problem was a major embarrassment to Microsoft.  Microsoft released
>Version 3.01 to fix the problem, but within hours a teenager in California
>circumvented their fix and published a work-around on the web.  Microsoft
>then released Version 3.02 to block his work-around.
>
>If you are using MSIE 3.0, seriously consider updating either to 3.02 (a
>small update) or to 4.x (a major upgrade, and one I don't recommend if you
>are using Win95 or WinNT).  Another option is to switch to a Netscape
>browser (my personal preference).  You can obtain free Microsoft browsers
>from:
>
>  http://www.microsoft.com/
>
>and free Netscape browsers from:
>
>  http://www.netscape.com/
>
>However, you should know that all HTML 4.0 compliant browsers, including
>recent versions of both Microsoft and Netscape browsers, expose your
>computer to malicious damage, because they support the automatic
downloading
>and execution of small computer programs, called applets, that add pizzazz
>to many web sites.  Simple applet programs do such things as change the
>color of a button when the mouse cursor moves over it or display a message
>in the status bar to give web site visitors more information about a link.
>They can make web pages bounce, shimmy, sing and gyrate.  They also are
>commonly used to do such things as validate forms before visitors submit
>them and to produce sophisticated graphics animation.  They provide the
>means to do lots of "neat" things, but they also provide the means to
>automatically download and execute programs you won't even know about that
>can damage your computer.
>
>Restrictions have been imposed on what automatically downloaded applets can
>do, but they can be circumvented by knowledgeable programmers.  You can
>protect yourself from that risk by switching off applet support in your
>browser setup options.  The terminology is different in different browsers.
>Look for JavaScript, Jscript, Java Applet, VB, or ActiveX support.  You may
>not want to do that if you like the gimmicks on leading-edge web sites, but
>it eliminates the risk of potentially nasty consequences.
>
>  -Bob Brickey
>   Scientific Approaches
>   sci@xxxxxxxxxx
>