Bugtraq: Re: MS web designers -- "What Security Initiative?"

[Greg Kujawa <greg.kujawa () diamondcellar com>]

In-Reply-To: <40CB8263.18297.7605685C () localhost>

I have to applaud your specific examples of where Microsoft's aims have been redirected (pun intended) and have become 
woefully presumptuous. Having worked in web hosting and website development in past lives I would agree that correcting 
the weblinks would be a truer solution than just performing all of the sneaky redirects that require scripting to be 
enabled.

Here's my question. Everyone please feel free to point out its validity as necessary. Why not add www.microsoft.com to 
your Trusted Sites list and allow this Internet Zone to have Active Scripting function as prompted? Are there 
cross-site exploits present that even make this a poor solution? This is the interim solution I have in place at my 
business locations. We have to use Internet Explorer for work-related application requirements. Otherwise I wouldn't 
switched to something like Mozilla. 

In lieu of Microsoft patching the latest round of Secunia announced security holes I am disabling Active Scripting for 
all Internet Zones but the Trusted Sites Zone. If this isn't the best alternative what is if we *have* to use MSIE? 

Anyone??