Bohunky0's Web Sucurity
This site updated on 11/14/2005
If you are connected to the Internet with either cable or a dedicated T-1 line you need a firewall. If you do not have a firewall to block someone getting at your data vie that connection, try ZoneAlarm. If you are connected via modem, it is also wise to put up a first line of defense. ZoneAlrm is good for you as well.
WINDOWS SCRIPTING HOST: TOO MUCH POWER?
The recent spate of script viruses proved conclusively that a little power is a dangerous thing and that convenience features in operating systems can easily backfire when exploited. Neil Rubenking's article in our Solutions section isn't about dodging e-mail worms, but about the innards of
the Windows Scripting Host. It's a straightforward description of how to use it, and how to harness the additional power of WSH 2.0. The article includes links to downloadable sample scripts.
StdOut() and other calls that allow you to create commandline programs that can start and control other applications. At the other end of the spectrum, Microsoft's new Windows Script Encoder allows you to encode your scripts in HTML or ASP pages so that users cannot decipher your
Windows automation is a wonderful thing, but I'm getting the feeling that it's a loaded gun. the MSDN scripting site (http://msdn.microsoft.com/scripting) is full of good examples of how to harness the power for seamless, interactive Web pages, but contains nary a word about defending
against rogue scripts. If you would rather have fewer features and more protection, here's a link to the Symantec Knowledge Base article
512031906) that tells you how to turn off scripting support. You can also turn off active scripting in Outlook, but that's not going to stop you from clicking on a script and launching it. Here's a link to the Microsoft article on removing active scripting.
.asp) Note that I haven't tested these solutions myself; I'm passing along the links for your information. For that matter, I don't use Internet Explorer. Given the wide variety of sites that I visit in my reviewing and researching, I consider the risk of ActiveX controls to be greater than
I want to bear, and certificates are essentially meaningless.
Ultimately, we'll need a more secure model than we currently have. But in the meantime, you should familiarize yourself with Windows scripting so that you can make a realistic assessment of the ways it can help--and hurt--you.