Web Security: Java and ActiveX

I'm posting this because ActiveX and java scipts are vectors for malware infections. This is the way web sites can download w/o user permission. In the IE tools > internet options > custom level is where the scrpting/activeX/downloading permissions are set.

http://www.cs.princeton.edu/sip/java-vs-activex.html

http://msdn.microsoft.com/library/d...hop/components/activex/activex_node_entry.asp Technical MS doc on ActiveX for web developers.

I disable ActiveX and scripting unless I have a reason for enabling them, and that is on a per site basis. Trusted sites that require them can be put into the Trusted Site zone of IE.

Further security reading http://www.helpwithwindows.com/techfiles/protect-your-pc.html

Regards - Charles

 

A point I would add to this:

JavaScript and Java are two quite different systems. Have a look here for plenty of references on the subject. They have different security issues, and need to be considered separately.

Javascript is a fundamental part of AJAX and Web 2.0. Therefore, if you don't use it, you will miss out on a lot of the most recent developments on the Internet, most of which are aimed at improving the user experience. JavaScript has been designed to be safe for the user. See this page for a description of some of its limitations.

However, that doesn't mean that using JavaScript is risk free. See this article for example.

Personally, I enable JavaScript, but

• I take care about where I browse.
• I keep my browser up to date (most vunerabilities are due to browser bugs)
• I read the IT press to keep abreast of new vulnerabilities that might appear.