March 25th, 2003, 12:16 PM
Disabling Active Scripting in IE
With so many of the vulnerabilities in Windows / Internet Explorer being based off of the ability to execute Active Scripting within a web page or HTML email message, it would benefit many to simply disable the ability to do so.
However, some sites require that functionality or you may want that functionality to be able to view or interact with certain things. For those sites you would need to move them to your Trusted Sites zone (assumes you are using Internet Explorer to begin with).
I wrote a brief tutorial for novice users to walk them through disabling Active Scripting in Internet Explorer. You can view the tutorial here:
Rather than having you click on the link in my original post, I am presenting the tutorial information here:
1. Click on Tools on the menu bar at the top of Internet Explorer
2. Click on Internet Options from the Tools drop-down menu
3. When Internet Options opens up, click on the Security tab
4. Select the Security Zone you wish to disable Active Scripting for- Internet, Local Intranet, Restricted or Trusted
5. Selecting the default level High will automatically disable Active Scripting but may be too restrictive
6. You may opt to use Medium as a baseline and customize it. Select the Custom Level button
7. Set Reset Custom Settings to Medium and click the Reset button
8. Set the options under ActiveX Controls and Plug-ins to Disable
9. If you encounter sites that require Active Scripting to function you can add them to the Trusted Sites zone
10. If you encounter sites that contain malicious code you can add them to the Restricted Sites zone
1. Restricted Sites security zone should be set to High
2. Trusted Sites security zone can be set to Medium or Low
3. Local Intranet security zone includes only those sites from your own Intranet so should be safe on Medium or Low
4. Internet security zone should be set to High or Medium with Active Scripting turned off
March 25th, 2003, 05:39 PM
March 25th, 2003, 06:14 PM
You know, just because it's a basic tut doesn't take away it's value. Quite often we have many new members who are extremely new to security and sometimes don't know where to start. This can help them.
So don't knock the simple stuff sometimes.