Security says javascript mouseovers are Dangerous ????

R

Richard

I thought I'd pretty much disabled the security shield by following
helpful hints posted here, but not quite...

In the days of my having dial up I pointed IE at my safe archive copy of
my own web page on drive c: rather than a remote web page which would
always give me a 404 if I wasn't connected.

The information bar opens up whenever I do this and says possible
dangerous activeX blah blah blah, so I have to 'allow' my own page to
load off my own drive.

There is *no* activeX or flash on this page. Simple javascript
mouseovers and one standard animated gif.

My IE security settings all look ok, and the proof of that is - if I
load my page off the web IE will download and display it without a
murmur. No security type warning whatsoever - which is exactly as it
should be.

I have found now that other programs, which create help files in html
and load from drive C: instead of from on-line, all get the same
security treatment.

How do I turn this off, please?
 
C

Code-Curious Mom

I had a similar situtation with local HTML files used as custom start
pages. I'm using the 'Mark
of the Web' method which you can find at

http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/lockdown_devimp.aspx

It doesn't specify where in the HTML file it should go and most anywhere
seems to work, but I had a file that actually was saved from the web, and
there it was located at the top just before <HTML>. Just be sure there are
no spaces after the
-->
(end of comment mark)
and <HTML>. Not sure why this has to be, but it won't work if there is a
space there. So something like:

<!-- saved from url=(0028)http://www.InternetZone.net/ -->

at the top of your file immediately before <HTML> should fix it. You can
change InternetZone.net to a real web address if
desired, it doesn't matter. The 28 is the number of characters in the web
address following, if you change the address, you'll have to modify the
character count too.
(Before I found this method, I had tried renaming the file to *.hta, but
that lets off the menu and toolbar, which I didn't like at all.)


I recommend the method above, but if you really want to totally disable this
security feature (not all javascript or other active content is safe):
right click IE|Properties|Advanced| scroll down to 'Security', check 'Allow
active content to run in files on my Computer', click 'OK'.
 
R

Richard

Some people said things, and then:-
Code-Curious Mom added


Thank you thank you thank you! The poxy thing was driving me nuts.

This is all now saved in my useful things to know archive.

The url fix is fine for my web page, but something of a pain to use with
a program that has 100 html help pages - so it looks like I shall be
carefully going off line before 'enable content' for some help files.

Once again, many thanks.

--
Richard

I had a similar situtation with local HTML files used as custom start
pages. I'm using the 'Mark
of the Web' method which you can find at

http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/lock
down_devimp.aspx

It doesn't specify where in the HTML file it should go and most anywhere
seems to work, but I had a file that actually was saved from the web, and
there it was located at the top just before <HTML>. Just be sure there are
no spaces after the
-->
(end of comment mark)
and <HTML>. Not sure why this has to be, but it won't work if there is a
space there. So something like:

<!-- saved from url=(0028)http://www.InternetZone.net/ -->

at the top of your file immediately before <HTML> should fix it. You can
change InternetZone.net to a real web address if
desired, it doesn't matter. The 28 is the number of characters in the web
address following, if you change the address, you'll have to modify the
character count too.
(Before I found this method, I had tried renaming the file to *.hta, but
that lets off the menu and toolbar, which I didn't like at all.)


I recommend the method above, but if you really want to totally disable this
security feature (not all javascript or other active content is safe):
right click IE|Properties|Advanced| scroll down to 'Security', check 'Allow
active content to run in files on my Computer', click 'OK'.
Click to expand...

--
 
C

Code-Curious Mom

You're quite welcome. Don't know if there might be a better way to deal
with the particular program's help files. Might be worth checking the
maker's website for a possible fix, or searching usenet on the name of the
program. If you do end up changing security settings, I found that it did
not seem to take effect until a reboot, don't know if that is always true,
but try it if it's not seeming to change.
 
R

Richard

Some people said things, and then:-
Code-Curious Mom added

You're quite welcome. Don't know if there might be a better way to deal
with the particular program's help files. Might be worth checking the
maker's website for a possible fix, or searching usenet on the name of the
program. If you do end up changing security settings, I found that it did
not seem to take effect until a reboot, don't know if that is always true,
but try it if it's not seeming to change.
Click to expand...

It worked without a reboot. As for the other programs, I'd much rather
change a setting that the *system* uses in regard to files of any given
type, or source, than have to change the set-ups of dozens of programs
that use them.

It's definitely an SP2 thing - I can appreciate them trying to take care
of people who are new to computers or who are never told of the risks by
retailers scared of losing a sale - but I'm a big boy now and if I break
something it's *my* fault. I may well ask for help in sorting out the
mess, but I will put the blame squarely where it belongs. On me.

After more than twenty years of using "PC's", I still like to be the
person who makes the final decision about what does and does not happen
on my machine.
 
C

Code-Curious Mom

Richard said:
It worked without a reboot.
Click to expand...

I just checked and it does here now too. Perhaps that was fixed between RC2
and the final release, or else it was just some temporary oddity on my
machine. Thanks for letting me know.
 
R

Richard

Some people said things, and then:-
Code-Curious Mom added
I just checked and it does here now too. Perhaps that was fixed between RC2
and the final release, or else it was just some temporary oddity on my
machine. Thanks for letting me know.
Click to expand...

You're welcome. ;-)

Since you're so hot and on a roll...

I have security disabled via services.msc and yet I still get a security
shield asking me if I want to open certain programs, such as my Spybot
S&D upgrade.

A nuisance. More so since this thing never bothered asking me about
some spyware running that zone alarm caught trying to phone home.

Why is it still running and how do I turn it off. Any ideas?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

-> Disabling Active Content block (SP2). How??? <- 1
Windows Security Alerts says that my XP Firewall is off, but Firewall Control Panel says it is on??? 6
javascript:void() 3
IE7, JavaScript, Information Bar 3
Will Security Essentials continue to update for XP? 8
Security Center Says Firewall On Even When I Turn It Off 4
Using an ActiveX Control on the Web 1
Security Updates fail to install. 5

Top