Pro/Forums - View Single Post - IE & viruses -> so happy together

sunblade · 03-11-2002, 01:01 PM

First, I'm not a security guru. I play around with linux for fun, but I still do my serious work in windows. Everybody knows that IE & Windows are maybe a little lax on security, but today, IE royaly pissed me off.

I was google searching for some genesis emulation stuff (shhhh

) and I clicked a link. Mcafee popped up and said I had a virus somewhere in my user account folder (this was win2k). I decided to quarentine it and track it down. After thinking, I went back to google and clicked the link again, same virus message. WTF? So I viewed the source for the linked web page and found a nice steaming pile of VBscript dealing with Outlook Express and altering my registry (big surprise). So, I backed out of the site, cleared my cache, and delted the offline file.

What I want to say is, WHY DID MICROSOFT PUT VBSCRIPT IN IE WITH NO VISIBLE SECURITY IN THE FIRST PLACE!? I mean, you shouldn't be able to get infected just by visiting a web page. MS probably has patched IE at this point, but the fact is that it was a known virus that should have never existed in the first place. VBscript can be useful when coding ASP and the like, but it needs security constraints. At least java tries to have a security layer around applets.

Now I'm rather pissed, but something cheered me up! My package from Danger Den came today! Woohoo!

Party Time!

<edit> This was on my home machine mind you. </edit>

03-11-2002, 01:01 PM	#1
sunblade Registered User Join Date: Jul 2001 Location: USA Posts: 156	IE & viruses -> so happy together First, I'm not a security guru. I play around with linux for fun, but I still do my serious work in windows. Everybody knows that IE & Windows are maybe a little lax on security, but today, IE royaly pissed me off. I was google searching for some genesis emulation stuff (shhhh ) and I clicked a link. Mcafee popped up and said I had a virus somewhere in my user account folder (this was win2k). I decided to quarentine it and track it down. After thinking, I went back to google and clicked the link again, same virus message. WTF? So I viewed the source for the linked web page and found a nice steaming pile of VBscript dealing with Outlook Express and altering my registry (big surprise). So, I backed out of the site, cleared my cache, and delted the offline file. What I want to say is, WHY DID MICROSOFT PUT VBSCRIPT IN IE WITH NO VISIBLE SECURITY IN THE FIRST PLACE!? I mean, you shouldn't be able to get infected just by visiting a web page. MS probably has patched IE at this point, but the fact is that it was a known virus that should have never existed in the first place. VBscript can be useful when coding ASP and the like, but it needs security constraints. At least java tries to have a security layer around applets. Now I'm rather pissed, but something cheered me up! My package from Danger Den came today! Woohoo! Party Time! <edit> This was on my home machine mind you. </edit>