Malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser. It will bypass security measures such as a firewall because it runs through the user's browser.

So if you are suspecting any malicious ting while " simply browsing", just close the browser or go to another website. If the symptom stops, be sure that the site was attempting(or successfully done) an attack.

But now many browser such Internet Explorer 6 SP2 OR Firefox can we set not to enabled javascripts function.

Also the syntax like WScript.CreateObject("Wscript.Shell") to create object that can manipulate system isnt supported by web browser. That syntax is the base part for vbs/js virus to take an action. So there is a little chans that infected by javascript/vbscript.

Thing that we must take care is when some site is want to install software/ActiveX. If that site we didnt trust or the site has bad reputation, then dont install the software. It may contain a virus!.

This post has been edited by masterio: Aug 25 2006, 09:15 AM

good advice One thing i learnt on work experience was the windows scripting shell and i'd say that all home users should disable it completely, or atleast zip the actually program that runs the scripts.



If you disable the scripting engine then scripts such as this cant run even if your browser lets them. The only real reason for wscript to be enabled on any computer is if its part of a large-ish network because wscript can help to manage multiple computers very quickly but for home users its not really needed.

if anyone wants to disable wscript there is a download from symantec that will do it for you

http://www.symantec.com/security_response/...-011610-5007-99

It also further explains what ive said and the risks of wscript.

As time goes , hackers find their own way of getting their spyware and adware into other computers. I never experienced any such attack through my browsers yet.

Anywway, thaks for the info ..

I use IE explorer 7, apparently its safer than Mozilla

you know jvscript isn't that powerful as a matter of fact jvscript is very limited the most damage you can do with jvscript is problably just delete or add some files you can't really hijack a pc with jvscript now if you use java or flash action script then you have the power to hijack and totaly hack somones pc

Just give the hackers some time to find exploitable stuff in it and it'll be the same sh*t as IE6... just a matter of time I guess.

The CreateObject sutff probably won't work, but soon there will be something else to exploit and get your pc some trouble The good thing is that Mozilla updates FireFox Browser as soon as they find some critical problem in it. Now, for coincidence there is a Firefox update I have to do here, I clicked 'Later' because I'm doing some important stuff here xD

I dunno if IE does it too, this whole update thing, but if if does not, I think it should

I can't imagine javascript doing much damage to a computer. If you're really paranoid, you can turn off javascript, which won't really affect your browsing experience.

if you use firefox noscript is a good security measure, it only lets the javascript you want through, once it's saved you don't have to do it again for that site, so after a week of browsing most sites you can just block or allow the ones you want to and then only do it on rare occasions,

did that make any sense?