Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Kristen
Test
22859 Posts |
 Posted - 2006-01-28 : 01:59:19
|
| My system has just [I think!] started barfing about external scripts on the page. The only one I can see is:<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>is that newly added? [I happen have not being using my normal computer for the last week or so, and have just returned to its higher-security settings!]Can IE tell the difference between benign stuff like that and real ActiveX stuff that might be [much] less benign? 'Coz I'm really reluctant to mark the site as "trusted" if the adverts might supply their own external code etc. ... and the alternative to clicking OK on every "do you want to load ActiveX etc." dialog on every page is pretty bad too!Kristen |
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2006-01-28 : 08:24:03
|
| Hmmm. I just added that last weekend. It's the Google Analytics tool. I've been considering using it to track the traffic. Is anyone else having a problem with it?===============================================Creating tomorrow's legacy systems today.One crisis at a time. |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2006-01-28 : 10:39:39
|
| "Is anyone else having a problem with it"I'm not having a problem, per se. Its just that my IE is set to "Ask" when a script is run. I do that so that when something wants to run an ActiveX I get to choose whether I trust the site or not. When sites have adverts in them I worry that it might be the advert running the code, rather than the site, and then I get nervous. I don't know any way to blank turn off the Scripts thingie for a given site, so I'm stuck with confirming each page (or setting the site to be Trusted).Maybe I'm being overly anxious, but to put it in context its one my ways to keep Spyware, and other more malicious stuff, off my machine.Edit: I wonder if I could just "trust" www.google-analytics.com - I'll try that.Edit2: Nope. These are the two messages I get:"Do you want to allow software such as ActiveX controls and plug-ins to run?" -> YES"A script is accessing some software (an ActiveX control) on this page which has been marked safe for scripting. Do you want to allow this?" -> YESKristen |
|
|
|
rockmoose
SQL Natt Alfen
3279 Posts |
Posted - 2006-01-28 : 17:36:18
|
I have not noticed anthing at all yet. My box(es) are not as paranoid as Kristen's. (Maybe they should be).Running both IE and Firefox (thank you firefox crew  ), on all machines.rockmoose |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2006-01-29 : 04:50:43
|
| "My box(es) are not as paranoid"It seems a bit of a blunt instrument in IE - just turn off ALL scripts; and then the message that comes up says something like "Do you want to let things like ActiveX run on this page"That includes Flash ... external JavaScript [both of which I reckon are "safe"] ... AND the more hairy stuff [like real ActiveX spyware].Am I just being paranoid - is it impossible for any of this stuff to do real damage in practice? (and if so why does SpyBot find so much junk to complain about?)Kristen |
|
|
|
SamC
White Water Yakist
3467 Posts |
Posted - 2006-01-29 : 08:52:13
|
Spybot and Lavasoft both report unneeded stuff, registry keys, cookies, which are relatively benign in order to boost the perception that your PC is really in need of these products. That, and technically, they're correct. Passive tracking stuff is annoying, and it is spyware. Nuts, maybe they're right.No single product (including MS AntiSpyware, Norton, etc..) has done an adequate job of identifying the really malicious stuff: pop-up machines, identity reporting software and more. I had to turn to manual removal tools like HiJackThis to get the job done after my last incident.quote:
Am I just being paranoid - is it impossible for any of this stuff to do real damage in practice?
-- Just because you're paranoid doesn't mean someone isn't out to get you !The key methods of planting unwanted stuff on target PCs is by tricking users into believing the "OK" button is something they want, usually by making it look like something it is not and in a completely believable context. This can allow planting an executable, or an ActiveX script. Flash and JavaScript are relatively safer than ActiveX. MS threw them all into the same kettle to avoid any responsiblity. |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2006-01-29 : 10:12:47
|
| Thanks Sam. Perhaps I should just allow everything "in" and disinfect regularly.Kristen |
|
|
|
graz
Chief SQLTeam Crack Dealer
4149 Posts |
Posted - 2006-01-29 : 10:58:19
|
| I just use FireFox.===============================================Creating tomorrow's legacy systems today.One crisis at a time. |
|
|
|
SamC
White Water Yakist
3467 Posts |
Posted - 2006-01-29 : 11:09:16
|
quote:
Originally posted by graz
I just use FireFox.
I was using Firefox when an executable was planted on my PC. I'd get a pop-up ad about every 5th window that was opened. (Makes you wonder about the designers of these products... if a pop-up occured about every 50 links clicked, it's almost tolerable, every 5th window and something has to be done to eliminate it.I'm not sure how it was planted, but at the time it occured, I received a bevy of alerts from MS AntiSpyware and Norton. I was browsing an MP3 site at the time, back when I was evaluating whether to go iPod or MP3 player. This event tilted the decision to iPod. Seems like the right decision now for several reasons other than this hiJacking event.Footnote in anticipation of Firefox crusaders taking opposition: I suspect that I may have clicked on a "link" which held an executable, and yes, I know I'd have to agree to execute the code. At the time I was doing this, my mind was on finding an MP3 and my defenses were down. The point: Preventative software is becoming so good that today's spyware / malware is designed to infect by social engineering end users into authenticating (activly permitting) an attack. |
|
|
|
|
|
|
|
|
External Script