PDQ Library:  Virus Notes: Disabling Browser Scripting

Disabling Windows Scripting Host (WSH) offers a lot of protection, as does never opening attachments you haven't verified or aren't expecting.

Disable WHS in Outlook Express

If you use Outlook Express to read your email, you should turn off the Preview Pane:

View > Layout

Uncheck Show Preview Pane. If the email has an attachment, you will see a paperclip icon. If you are unsure of a message's origination, highlight and right-click on it, and then select Properties. To read the message select Message Details. This gives you a text version of the message, which is ultimately safer. A few extra steps are worth it, in my opinion. To disable the Scripting Host (but keep in mind that applications which require the WSH will no longer function, although you can re-enable it when you're going to run them):

Windows 98

WSH is installed in a standard installation of the operating system, or if you install Internet Explorer 5, or if you download WSH from Microsoft.

To disable WSH, preventing scripts from being run:

  1. From the Windows taskbar, select Start|Settings|Control Panel.
  2. In the 'Control Panel' screen, double-click the 'Add/Remove programs' icon.
  3. In the 'Add/Remove Programs' window, open the 'Windows Setup' tabbed page.
  4. Select 'Accessories' and double-click.
  5. In the 'Accessories' list, find 'Windows Scripting Host'.
  6. Click on the check-box by 'Windows Scripting Host' to deselect it.
  7. Click OK to return to 'Add/Remove Programs' window. Then click on 'OK'.

To prevent scripts with a .VBS extension from being run:

  1. On the 'Desktop', or in 'Windows Explorer', right-click on 'My Computer'.
  2. Select 'Open' from the menu.
  3. In the 'My Computer' window, open the 'View' menu and select 'Options...'.
  4. Open the 'File Types' tabbed page.
  5. Look for 'VBScript Script File' in the list of file types (if you can't find it, your machine is safe and you don't need to do anything else).
  6. Click on the 'Remove' button.
  7. If you see a dialog asking you to confirm removal, click 'Yes'.

Windows NT 4.0

WSH is installed if you install Internet Explorer 5, or if you download WSH from Microsoft. To prevent scripts with a .VBS extension from being run:

  1. Log on as an administrator.
  2. On the 'Desktop', or in 'Windows Explorer', right-click on 'My Computer'.
  3. Select 'Open' from the menu.
  4. In the 'My Computer' window, open the 'View' menu and select 'Options'.
  5. Open the 'File Types' tabbed page.
  6. Look for 'VBScript Script File' in the list of file types (if you can't find it, your machine is safe and you don't need to do anything else).
  7. Click on the 'Remove' button.
  8. If you see a dialog asking you to confirm removal, click 'Yes'.

Windows 2000 and Windows ME

WSH is installed by default.
To prevent scripts with a .VBS extension from being run:

  1. Log on as an Administrator.
  2. On the 'Desktop', or in 'Windows Explorer', right-click on 'My Computer'.
  3. Select 'Open' from the menu.
  4. In the 'My Computer' window, open the 'Tools' menu and select 'Folder Options'.
  5. Open the 'File Types' tabbed page. Look for 'VBScript Script File' in the list of file types (if you can't find it, your machine is safe and you don't need to do anything else).
  6. Click on the 'Delete' button.
  7. If you see a dialog asking you to confirm removal, click 'Yes'.

Additionally, you should send email in PLAIN TEXT ONLY. Possibly many of you like using HTML email because it's "pretty." But is pretty mail worth risking the integrity of your system? HTML is meant for the WWW; not for mailing lists, Usenet newsgroups postings, proper business Email correspondence and preferably not for personal Email unless the recipient is expecting it. Follow this link to determine how to configure your software to send plain text messages: http://www.geocities.com:0080/CapitolHill/1236/nomime.html

Finally, you should never, never, never send attachments through a mailing list unless it is expected. Preferably though, you send it only to those who request it. Even in this age of DSL and Cable, some people are still using a dialup connection and won't appreciate the time it takes to download an attachment they never requested. If the file is something you will be showing often, find a spot on the WWW to place it, and send the URL instead.

(posted to online forum)

Firefox Web Browser Script Blocking

Firefox (http://www.mozilla.org/firefox) has become a popular alternative to Internet Explorer, that is bundled with Windows. You can add many terrific addons (extensions) to Firefox that protect you from Internet nasties. "NoScript" (https://addons.mozilla.org/en-US/firefox/addon/722) is one of the best addons. It allows complete control. You can enable scripts on your trusted websites and disable others. You may enable scripts temporarily. Another great script is called "Cookie Monster" (https://addons.mozilla.org/en-US/firefox/addon/4703), which does the same function for cookie storage on your computer.

TOP back