Linux Today: Linux News On Internet Time.

CNN.com: Protection against IE holes may create more problems than solutions

Nov 26, 1999, 05:40 (3 Talkback[s])
(Other stories by D. Ian Hopper)

"Every couple of weeks Georgi Guninski, a 27-year-old Bulgarian computer security expert, posts another Microsoft Internet Explorer security hole to BugTraq, a mailing list dedicated to computer vulnerabilities.

"The majority of Guninski's latest discoveries have involved Internet Explorer 5.0's Active Scripting... The suggested workaround is always the same: Disable Active Scripting."

"JavaScript isn't confined to Internet Explorer 5, although many of the security holes are only evident in Microsoft's latest browser. It's used in almost all modern browsers as well as across platforms.

"The problem occurs because IE5 includes many more features... They've added a whole lot more features in IE5. This is typical for Microsoft. They add all kinds of features and only then wonder how they might interact."

"Microsoft's own ActiveX controls have been a security headache as well... ActiveX controls have full access to the Windows operating system."

Complete story.