Terry's Computer Tips - Newsletter
November 28, 2005

---

Terry's Computer Tips Newsletter
http://www.terryscomputertips.com
A computer tips newsletter for users of PC's.

---

Volume 1, Number 24 -- Monday, November 28, 2005

IN THIS ISSUE:
   1.   YAIESH! Yet Another I.E. Security Hole!
   2.   Updates This Week
   3.   Turning off I.E.'s Active Scripting
   4.   Web Find: Clif Notes Newsletter
   5.   Get a Free Domain Name
   6.   Hard Drive Space Discrepancies
   7.   The Mystery of the Missing Hard Drive Space
   8.   Shareware/Freeware Pick of the Week
   9.   Recommend my Terry's Computer Tips Newsletter to Your Friends
   10.   Just for Fun!
   11.   Send me some email!

Welcome to the online version of my Terry's Computer Tips newsletter.  My free, emailed newsletter includes a special "Just for Subscribers" article, an announcement that the new issue of Terry's Computer Tips has been published online, and the table of contents for the issue.

The emailed newsletter is sent weekly to individuals who have subscribed to the newsletter, have received an email confirmation notice that required them to confirm their subscription request, and who confirmed their request.

---

1.  YAIESH! Yet Another I.E. Security Hole!

As I wrote in my Special Edition email newletter late last week to my subscribers, last week was a bad week for Internet Explorer users. By the way, all you need to do to get my email newsletter is to Subscribe! It's free.

There was yet another Internet Explorer security hole -- yet another one that could give full remote control of your computer to someone else.

This one was a flaw in Microsoft's Active Scripting (Microsoft's name for their custom implementation of JavaScript). All you have to do is visiting a malicious web site, and the bad guys can take full control of your computer.

The relatively unusual aspect of this one is that, on the first day of the announcement about the security hole, there was also an exploit in the wild. That is, there was already at least one web site trying to make use of the security hole to attack its visitors.

According to an article at TechWeb, Microsoft has known of the vulnerability since May and this vulnerability affects IE 5.0.1, 5.5 and 6.0 including those running on up-to-date editions of Windows XP SP2, Windows Server 2003 and Windows 2000 SP4. Until recently, though, the vulnerability was expected to enable "Denial Of Service" (DOS) attacks against a (e.g., your) computer. This release shows that it can give remote control of a computer to a malicious web site.

The big tech web sites are recommending that you turn off Active Scripting in Internet Explorer. This really is necessary because of the ubiquitous nature of I.E. Since Microsoft decided to build I.E. "into the operating system," its functions are easily used by many other programs.

For example, Outlook and Outlook Express use I.E. in embedded windows to display HTML emails. This is why "previewing an email" is effectively the same thing as "opening" or "double-clicking" on the email.

Similarly, other email programs can use I.E., but some allow you to use non-I.E. HTML display methods -- Eudora can display HTML using "Microsoft's Viewer" (an embedded I.E. window) or its own viewer, depending on the options you select (I uncheck the "Use Microsoft's Viewer" option in Eudora).

However, if you use I.E. and turn off Active Scripting, many web sites will not display properly.

So, what do you do?

Now is the time, and you have an excuse if you needed one, to try the Mozilla Firefox web browser.

Read more about Firefox on my Firefox web pages and then download and try it. Firefox is free!

The most common question I hear is "do I have to uninstall Internet Explorer?" The answer is "no." I have Firefox, I.E., Opera and Mozilla, all installed and coexisting peacefully on my computer. One of them needs to be the default browser, and Firefox is my choice for that. I only use I.E. to do my Windows Updates.

---

2.  Updates Last Week

Microsoft (operating systems, email, web browser, office suites):  None. After the information and sample exploit code were released on last week's Internet Explorer's Active Scripting security hole by a U.K. security company and a Zero-Day Exploit (a real-world attack on the day of the security hole annoucement), Microsoft has announced that they will provide a patch "in an upcoming security bulletin" but has not committed as to which monthly update would have the patch. Microsoft's next regular patch day is December 13th (the second Tuesday of the month).

Firefox (web browser):  None.

Opera (web browser):  Version 8.51 released.

User interface:

• Added Answers.com search option, with 'a' as keyword to search from address field. The version number of search.ini has not been increased; the change will only be visible in fresh installs.

Security and plug-ins

• Macromedia Flash version shipped with Opera is now 7r61. Addresses issue reported in Secunia Advisory 17437.
• Solved severe stability issue when using the Acrobat Reader 7.0.5 plug-in.

Miscellaneous

• Fixed multiple stability issues.

Eudora (email):  Eudora version 7.0 is out of beta status and has now been released. The official release is version number 7.0.0.16, which is the same number as that of the "open beta" version I was testing. Eudora continues with its choice of paid-mode, sponsored-mode and light-mode. Sponsored mode includes an ad within the Eudora window and up to 3 sponsored toolbar links (on the Eudora toolbar). The light version has fewer features but is free and has no ads.

---

3.  Turning off I.E.'s Active Scripting

Active Scripting is Microsoft's name for its own implementation of JavaScript, which is widely used on the Internet to provide interactivity on web sites. Many sites, including mine, use JavaScript and will not display properly if JavaScript (or Microsoft's Active Scripting) is turned off.

However, right now, you should turn it off. That's why I recommended in the first article that you install Firefox now.

You can change your Internet Explorer security settings in two places. Both open the same menu program. You can start Internet Explorer and, from the menu bar, pick Tools, then Internet Options.

Alternatively, you can click on Start, Control Panel, "Network and Internet Connections," and Internet Options.

Either way, you get this user dialog box:

Select the Security tab. Then, click on the globe labelled Internet, and then click on the button "Custom Level..."

A new, smaller window labelled Security Settings will open.
Scroll to the bottom of the list of settings.
Scroll up a few entries (4 in my case) to "Scripting - Active Scripting"

By default, this will say "Enable." Rather than completely disabling Active Scripting, let's change it to Prompt. That way, on sites we trust, we will be inconvenienced by having to click "Yes" for every JavaScript on the page, when I.E. asks if we want to allow the script to run.

Click on the radio button labelled "Prompt"
Click the OK button at the bottom of the dialog window

Now, you will be back to the Internet Options dialog box. Click OK, and you will be done.

Now, if you didn't do that from the first article, go read about Firefox, download it and start using it for all your web browsing needs. Hopefully, you will already have downloaded it and switched to Firefox. Otherwise, you will get a dialog box for every JavaScript that is on every web page. Sticking with I.E. when it is in Prompt mode is a pain.

Try Firefox. You will be a lot happier and have a lot less security worries.

---

Continued in Part 2

Volume 1, Number 24 -- Monday, November 28, 2005
Part 1 | Part 2 | Part 3

Copyright © 2005 Terry A. Stockdale.  All rights reserved.