Lostgallifreyan wrote in
:

"Mayayana" wrote in
news:j8rjar$33e$1@dont- email.me:

Ironically, if the tool were an EXE you would have
little way of knowing what's in it.


True. I disable VBS in mine, I'd like to do that to
JavaScript too but I use that myself, and it's worth the
risk. I used to like the BASIC language, still do in its
influence on Lua and Psion OPL, but so many of the recent
forms popularised means to write bad code, bloated code,
and I found disabling it the easiest choice to make. I also
disable Java because that IS pretty much a sealed
executable. Flash too, I distrust, same reason, plus it's
very definitely exploited to do dodgy things. A system can
crash by flash just because too much of it is on a page, it
doesn't have to be malicious to do more harm than most
genuinely malicious code can do.

I use ScriptSentry, and while it catches all scripts (of various
kinds) when I mess around offline, it has yet to warn me against
a script on a webpage. But then again, I use OB1 99.5% of the
time.

In the past, I just had all vbs files removed from the win
directory, but that impedes you from doing certain things
offline which are useful.

And when you are using a full-featured browser, there are many
more way to mess you up than a vbs script. Curse the damn WWW.



--
"Well, Steve, I think there's more than one way of looking at
it. I think it's more like we both had this rich neighbor named
Xerox and I broke into his house to steal the TV set and found
out that you had already stolen it."
Bill Gates to Steve Jobs, around 1983