[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Explorer 3.0 Warning



PureBytes Links

Trading Reference Links

First, It's important to distinguish between Java
applications and applets.  Both wirtten in Java,
applets are compiled bytecode files residing on the
host machine which are d/l'd and executed within the
Browsers environment.  This is done by the ClassLoader
puting the bytecode into memory and then being verified
so as not to violate security restrictions. Some of those
restrictions are the inability to read/write to the local
filesystem.  Java applications, OTOH, have the potential
to do more harm because there is some level of trust 
assumed between the remote host and the local host. RMI,
remote method invocation, does what it suggests.
	Look, i'm not trying to start an out-of-context
thread in this list, and i'm sure that there are devious
little madhackers chipping away at potential loopholes in
the Java Spec. But the fact is that it's going to take more
than a malicious webmaster to mung up your machine.
	Java applets running in a browser that don't prompt
you for any input or send anything back to the remote host
are harmless. perod. If you're not comfortable with that, you can
disable it.
just my .02
lantern@xxxxxxxxx

	

On Tue, 24 Feb 1998, Jim Lovejoy wrote:

> Thanks for the warning!  I personally use IE4.0 without Active Desktop and
> have not had one problem with it yet on Win95 OSR2.
> 
> Question...
> 
> It was my understanding that Javascript (being a scripting language) is not
> dangerous.  Mainly because it is embedded in html and not a downloading
> executable.  Is this true?
> 
> On the other hand Java applets (small executable programs) have the
> potential to damage but no one has figured out away yet.  This is because
> Java was not designed to machine level like C or CGI.  Is this true?
> 
> Just want to make sure my facts are right.
> 
> Jim Lovejoy
> fastgroup@xxxxxxxxxx
>       Pain is inevitable...     Misery is optional.
>                                                    -Unknown
> 
> -----Original Message-----
> From: Scientific Approaches <sci@xxxxxxxxxx>
> To: Omega Mailing List <omega-list@xxxxxxxxxxxxxxx>
> Date: Tuesday, February 24, 1998 2:37 PM
> Subject: Internet Explorer 3.0 Warning
> 
> 
> >This doesn't have anything to do directly with trading, but almost everyone
> >on this list uses web browers, so you may find it interesting.
> >
> >Hoaxes about how email viruses can damage your computer and other such
> >things are prevalent on the Internet.  Almost all such stories are total
> >nonsense.
> >
> >However, there is a significant risk you should be aware of.  Microsoft
> >Internet Explorer Version 3.0 has a major security hole that allows any
> >webmaster to take control of your Windows desktop - including accessing any
> >confidential files on your computer.  Webmasters can do almost anything you
> >can do sitting at your computer.  They can upload files, download files,
> >search and replace text in files, delete files, and run programs.  They can
> >leave software that will give them repeated access each time you log back
> on
> >the Internet in the future.
> >
> >The problem was a major embarrassment to Microsoft.  Microsoft released
> >Version 3.01 to fix the problem, but within hours a teenager in California
> >circumvented their fix and published a work-around on the web.  Microsoft
> >then released Version 3.02 to block his work-around.
> >
> >If you are using MSIE 3.0, seriously consider updating either to 3.02 (a
> >small update) or to 4.x (a major upgrade, and one I don't recommend if you
> >are using Win95 or WinNT).  Another option is to switch to a Netscape
> >browser (my personal preference).  You can obtain free Microsoft browsers
> >from:
> >
> >  http://www.microsoft.com/
> >
> >and free Netscape browsers from:
> >
> >  http://www.netscape.com/
> >
> >However, you should know that all HTML 4.0 compliant browsers, including
> >recent versions of both Microsoft and Netscape browsers, expose your
> >computer to malicious damage, because they support the automatic
> downloading
> >and execution of small computer programs, called applets, that add pizzazz
> >to many web sites.  Simple applet programs do such things as change the
> >color of a button when the mouse cursor moves over it or display a message
> >in the status bar to give web site visitors more information about a link.
> >They can make web pages bounce, shimmy, sing and gyrate.  They also are
> >commonly used to do such things as validate forms before visitors submit
> >them and to produce sophisticated graphics animation.  They provide the
> >means to do lots of "neat" things, but they also provide the means to
> >automatically download and execute programs you won't even know about that
> >can damage your computer.
> >
> >Restrictions have been imposed on what automatically downloaded applets can
> >do, but they can be circumvented by knowledgeable programmers.  You can
> >protect yourself from that risk by switching off applet support in your
> >browser setup options.  The terminology is different in different browsers.
> >Look for JavaScript, Jscript, Java Applet, VB, or ActiveX support.  You may
> >not want to do that if you like the gimmicks on leading-edge web sites, but
> >it eliminates the risk of potentially nasty consequences.
> >
> >  -Bob Brickey
> >   Scientific Approaches
> >   sci@xxxxxxxxxx
> >
>