<<< Date Index >>>     <<< Thread Index >>>

Re: MS web designers -- "What Security Initiative?"



In-Reply-To: <40CB8263.18297.7605685C@localhost>

I have to applaud your specific examples of where Microsoft's aims have been 
redirected (pun intended) and have become woefully presumptuous. Having worked 
in web hosting and website development in past lives I would agree that 
correcting the weblinks would be a truer solution than just performing all of 
the sneaky redirects that require scripting to be enabled.

Here's my question. Everyone please feel free to point out its validity as 
necessary. Why not add www.microsoft.com to your Trusted Sites list and allow 
this Internet Zone to have Active Scripting function as prompted? Are there 
cross-site exploits present that even make this a poor solution? This is the 
interim solution I have in place at my business locations. We have to use 
Internet Explorer for work-related application requirements. Otherwise I 
wouldn't switched to something like Mozilla. 

In lieu of Microsoft patching the latest round of Secunia announced security 
holes I am disabling Active Scripting for all Internet Zones but the Trusted 
Sites Zone. If this isn't the best alternative what is if we *have* to use 
MSIE? 

Anyone??