[Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

Tom Liston tliston at premmag.com
Fri Oct 3 14:13:31 GMT 2003

Hash: SHA1

For some time now, I've wanted something that would allow me to *easily* 
turn JavaScript on and off within IE.  The fact that you need to really 
dig for this setting is perhaps one of MS's greatest interface crimes.  I 
generally surf with JS disabled, only enabling it when there is absolutely 
no other way of using a site's functionality (and after strongly 
considering any alternatives -- Hear that internet vendors?  You've lost 
*my* business because your site requires JS.)

To the best of my knowledge, there is no third-party add-in that allows JS 
to be turned on and off easily.  I looked into writing one, but I'm not 
even sure it is possible.  Changing stuff in the registry on the fly 
doesn't seem to work, because IE doesn't check the registry each time 
before it attempts to run JS code...  only on start up.

Poor, poor, POOR interface design...

- -TL

On 2 Oct 2003 at 22:13, warpmedia wrote:

> Yet again proof that JS & ActiveX should be considered unsafe for general 
> browsing and that M$ not catching bugs properly ought to add a zone 
> management to the IE taskbar, distribute appropriate .reg patches to add 
> security zones that enable JS & ActiveX (separately, granular), and set IE 
> to restricted zone by default. Usability of windows update be damned.
- ---- >8 ---- Snip! 

Version: PGP 8.0 -- QDPGP 2.70 
Comment: Public key - http://www.hackbusters.net/pgp.txt


More information about the list mailing list