HOME
TOPICS
SEARCH
ABOUT ME
MAIL

 
 		  technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

Internet Explorer: How to protect it against malicious scripts


May 23, 2001


By Al Fasoldt
Copyright © 2001, Al Fasoldt
Copyright © 2001, The Syracuse Newspapers

   Internet Explorer is a powerful Web browser. That fact that it's relatively easy to use makes it a delight.
   But the charming aspects of IE, as Internet Explorer is usually referred to, should not hide the fact that it's dangerously unsafe. Microsoft, the company behind both Windows and Internet Explorer, failed to make both those two programs as safe as possible.
   Despite universal criticism over security lapses in Windows and IE, Microsoft still hasn't gotten the message. As a result, if you want to use Internet Explorer, don't expect Microsoft to help you make it safe. You have to do the job yourself.
   This week I'll tell you how to solve the biggest problem.
   Windows normally lets programs sent in the mail or acquired from Web pages do whatever they want. The worst offenders are Visual Basic scripts, or VB scripts. They can be sent in the mail or run by Internet Explorer from a Web page, and they can do anything at all to a Windows PC and to the files on it.
   This is total nonsense. If you have ever wondered why I am so hard on Microsoft, here's your chance to see why. Designing an operating system that allows any brat in Bratislava to invade your Windows PC just by placing VB Script on a Web page is irresponsible.
   To fix what Microsoft did, you should install a program that monitors what Windows is doing to prevent it from allowing VB Script programs from running without your permission. This is easy to do and won't cost anything. The script monitor I recommend is free.
   What you need is Script Sentry. Go to www.jasons-toolbox.com and click the Script Sentry link. The download is a Zip file, so all you need to do is unzip it and install it. (If you don't have an unzip program, go get my favorite, the Aladdin Expander. It's also free. Read my report at twcny.rr.com/technofile/texts/bit041801.html for more information.)
   Script Sentry stands between VB Scripts and Windows. Before Windows can get a chance to let any VB Script get away with misbehavior, Script Sentry looks at the script and pops upm a warning message. You can then choose to run the script or block it.
   Script Sentry can learn from your actions, marking some scripts as safe and letting them pass through the entryway. And you don't run it all the time. Unlike an antivirus program, which has to be constantly running to protect your Windows PC, Script Sentry jumps into action only when a VB Script is intercepted. It takes up no memory or processing power otherwise.