IE users warned to disable JavaScript
- Mon, 23 Nov 2009
- Comments (35)
Security experts have warned anyone using Internet Explorer 6 or 7 on a Windows XP or Windows Vista PC to take immediate steps to ensure their security.
This is because an exploit for a previously unknown flaw in the browser has been spotted in circulation.
Microsoft issues IE flaw advice
The flaw could enable a hacker to take over a computer if a surfer visited a compromised website using a vulnerable version of the IE browser.
Proof-of-concept code is already circulating on the web, with more exploit code likely to be on the way.
Security firm Symantec advised surfers to disable JavaScript in IE and to ensure their anti-virus definitions were up to date.
"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into sites, infecting potential visitors," Symantec said in a statement.
Browser help and advice
You can disable JavaScript in IE7 by going to Tools, Internet Options, click on the Security tab and then click on Custom Level. Scroll down until you find the entry for Scripting, then click on Disable.
In IE6, follow the same instructions, though you are looking for the entry for 'Active scripting' in the Custom Level dialogue box. You will also need to restart your browser for the fix to take effect.
Other versions of Internet Explorer and Windows could also be affected, Symantec warned.
EDIT: Link to original Symantec advisory added.
Great Christmas savings when you subscribe to Web User magazine. Order now and save up to 30%.
Add your comments
Graham,
November 24 06:01
How about IE8?
Len Ocin,
November 24 07:05
Anyone heard of FireFox? Only reason I have IE at all is because it comes with Windows and I need to also test my work against this ridiculously troublesome browser.
Turn of JavaScript? Oh god, every second website out there implement half it's front end functionality via JavaScript. It's like telling you not to start your car, just push it to work.
Henk van Asselt,
November 24 07:27
That's why I like Firefox with the 'NoScript' addon so much...
Reelix,
November 24 07:56
IE is insecure? Well, that's new ;)
webuser,
November 24 09:02
I can't really see that happening considering the amount of websites in today's world that require javascript to be switched on in order to be used.
Brian,
November 24 11:24
Its called updating to IE8 - older Firefox versions also have problems!
David Lane,
November 24 12:05
Please IE 8 is more secure that Firefox does not need to get updates every day and can be slower in many situations. Why is any one using IE6 or 7
adamjab,
November 24 12:17
It's MS idea to promote new version of IE because its not vournerable for the flaw
web veteran,
November 24 12:32
wake up, firefox, opera, safari, and yes chrome are all effected by this issue. wake up people, javascript is used on over 97% of all websites for validation and ajax...if you surf illegal sites and warez locations, you deserve to have pc issues. idiots./
Bollocks,
November 24 12:37
Who actually uses IE6 anyways? Go go IE8. Making fun of IE6 security is like saying "omg, Qmail is the suck because QM9 was swiss cheese."
webuser,
November 24 12:39
just upgrade to IE 8
andvlpr,
November 24 12:51
webuser is right! most web sites will look horrible or never even work if javascript is disabled.
Marco Pivetta,
November 24 13:16
Oh my! Does anybody who uses IE have any problem with security? I think not as it already means: please take a look in my pc :) We're in 2009 and ActiveX is still called technology?
Tim,
November 24 13:26
If I read this correct it affects people using IE 6 or 7 only and with JavaScript turned on. Of course it's going to be on, it needs to be inorder to browse properly on most sites. So to make a point here, just upgrade to IE 8 and benefit from not having this flaw and benefit from the new JavaScript engines speed and most of all ignore this post!
But really, who didn't know IE 6 was not secure, I mean really? Were you living in a cave since 2001?
Tcha-Tcho,
November 24 13:31
Better solution: Buy a Mac.
Ryan R,
November 24 13:41
Would any regular user know how to turn off javascript off in Internet Explorer anyway? I doubt it.
JonO,
November 24 14:03
Oh please not one citation - is this in Snopes yet?
K,
November 24 14:21
rediculous
HoustonUser,
November 24 14:22
My company is still standardized on IE6. We don't have the option of upgrading yet.
Disabling Javascript will break many corporate web pages. Not an option.
Avoiding surfing from the office is the only solution for us.
Samer,
November 24 14:23
After 10 years, I still don't see what's wrong with IE6.
Dave,
November 24 15:08
I could never get some sites to work that used flash after an upgrade to IE7. After a crash I'm back on IE6 and they work ! (I only use IE if a site will not work with Mozilla). I'm worried that an upgrade to IE8 will re-create the problems with IE7,
Mathieu,
November 24 15:37
Ben Camm-Jones, would you publish the URL to your Symantec reference? I could not find it on the Symantec site. Thanks!
Java Doc,
November 24 15:41
The bad news is that the company I work for just upgraded our browsers to IE7!! Good luck getting them to IE8 anytime soon.
AbbydonKrafts,
November 24 16:36
I use 3 browsers. Chrome first (faster rendering), Firefox second (slower, but functional), IE8 as a fallback (a snail). Many financial institution sites ONLY work in IE.
The solution is to always keep them upgraded and accept any updates that it prompts. DO NOT IGNORE THOSE UPDATE PROMPTS! Also, you can disable JavaScript, ActiveX, etc for standard sites, but enable it for "Trusted Sites". Only add sites to that zone that you know are safe.
All users should also have antivirus ("avast!" is free with many scanner types) and firewall. Broadband users should have a router even if it's a single-computer configuration.
It's very simple to minimize risk if you just spend a little effort up front.
Dogbert,
November 24 18:06
IE 6 and 7? You people deserve all the system slowing, data mining malware you receive. If you guys have any kind of IT department overlooking your systems they should all be fired. Do yourselves a favour, get IE8 or even better Firefox with adblock.
cdm,
November 24 18:17
My work computer is stuck on IE 6, I can't change that. But if it gets infected, its someone else's problem... 8-)
Leo McArdle,
November 24 20:45
While reading these comments, I started to rock in my chair with laughter! I use Firefox... I volunteer for Mozilla, and yes, help make the Firefox web browser... Microsoft seem to have a screwed up way of doing things, and because the majority of computer users have absolutely no clue whatsoever what they are doing, think that Microsoft are the norm... No, Internet Exploder isn't updated every day (Firefox isn't either) but because IE isn't updated as regularly as Firefox DOES NOT mean that IE is securer than FF, it actually means that it is LESS secure... yes, FF is updated regularly, but that is to make sure the user's experience is as bug free as possible... I suggest that everyone upgrade to Firefox, it's the safest browser on the internet, and no, it isn't as fast as Chrome, it doesn't look as sexy as Safari, or isn't for the simple minded people who use Opera (I don't think I can find any strong points of IE...), but... Firefox is open source, it has thousands of add-ons, and is made by thousands of people around the globe like you and me... Try it, you'll have speed, add-ons, and security... and if you ever have a problem just head over to support.mozilla.com, you never know you might just get help from me...
Joan,
November 25 13:07
How do I know what version of IE I'm using. Yes stupid I know...................
DJ Lawless,
November 25 14:54
About Internet Explorer. there you can find what version you're using.
About Firefox, I personally prefer IE8. Why? because of this: http://www.electronista.com/articles/09/11/11/study.says.firefox.44.of.web.exploits/
Also, I very much suggest Opera 10.10 (http://www.opera.com/); however, I’m not completely sure how secure it is compared to IE or Firefox. Does anyone have any information about it?
sal,
November 25 15:26
Joan darlin', click ye thee Help menu in IE and choose ye 'About Internet Explorer'. The little box will tell ye thee version