WiFi Finder

Locate wireless services by a specific address, city, state, country, airport, or zip code.

Get Connected Now

RSS Feeds

Get our latest content via convenient RSS feeds.

See All RSS Feeds

Become a PCW Member

Join the community and start enjoying the benefits:

Get tech advice from thousands of PC World Members
Rate and recommend the latest tech products
Share your thoughts in blog and article comments
Get free excerpts and exclusive discounts on Super Guides

Signing up is free and easy.

Bugs and Fixes

Contributing Editor Stuart J. Johnston advises you on how to fix the latest problems affecting your operating system, your browser, your other software, and your hardware.

Show article:

Bugs and Fixes: Microsoft: Cripple IE to Protect Your PC

The company says that you should disable one of the browser's features.

Stuart J. Johnston

With HP wireless printers, you could have printed this from any room in the house. Live wirelessly. Print wirelessly.

Illustration: Campbell Laird

Microsoft is doing something unprecedented: It wants you to break one of Internet Explorer's key features. Why? Because only by limiting the browser's functionality can you be sure of stopping a sneaky--and dangerous--new breed of Internet virus. This latest targeted attack scenario, which uses malicious code dubbed "Scob" or "downlad.ject," exploits three flaws: two in Windows and one in Internet Explorer. One of the holes involves JavaScript; targeting this flaw, the Scob code lets a hacker attach a program written in JavaScript to Web pages. If you visit an infected Web site, the program automatically executes in IE, and voila! you're infected.

Taking advantage of these multiple flaws, a group of Russian crackers recently mounted attacks on several hundred Web sites--aimed at putting lots of visitors at risk. Included on their hit list were some very reputable sites.

Some Scob virus strains installed keystroke-logging software on users' PCs--apparently to steal financial data (head to "Known Trojan Still Plagues Web Servers" for more details).

Microsoft says that your PC will be protected if you're running the beta version of Windows XP Service Pack 2. (Visit "Windows XP Service Pack 2 Release Candidate 2 Preview" for a link to the close-to-final version of SP2). The company says it is still working on a patch to deal specifically with this combination of flaws.

Microsoft also wants you to take the extreme step of disabling JavaScript. Many sites use JavaScript--to display video, say--and without this programming language, some sites, including Microsoft's own Windows Update site, won't even function properly.

If you want to go this far--and I recommend that you do--you need to adjust your IE settings. To disable JavaScript in IE, click Tools, Internet Options and choose the Security tab. Click the Internet icon, click the Default Level button, and move the slider to High. To get around any problems with sites not loading, in IE click Tools, Internet Options and choose the Security tab. Click the Trusted Sites icon and add the sites you want to access. Your machine is still protected. (For Microsoft's full list of safety measures, visit "Increase Your Browsing and E-Mail Safety".)

If all this sounds like too much hassle, you might want to consider switching to a browser like Mozilla or Opera. You can have JavaScript turned on in these browsers, yet remain safe from IE-like attacks. At least, for now.