posted on May 24, 2001 07:54:06 PM new
Hello everyone. My two week house guests FINALLY left today and so I'm now FREEEE!! There were many questions in the eBay Java Script Announcement thread and I couldn't get back online to answer them earlier because I was tied up with my house guests. I decided to start another thread that deals with Active Scripting in general and securing your computer and email.
Java Script is a scripting language, that allows a Web site to add features to a web page. (Note: JavaScript and Java are both programming languages, but unrelated) Java Script can be a very useful tool but, unfortunately, there are also many potential dangers if you allow it to run unchecked on your computer. Here is a quote from a CNET article concerning the dangers of malicious Java Script code:
QUOTE
"Finally, some Web sites may inadvertently hide rogue code, often JavaScript or VBScript, that performs tasks you haven't authorized. These sneaky bits of programming can upload files to your system that are small enough to go unnoticed on high-bandwidth connections. The file may be a virus, a Trojan horse (a file that appears normal but may hide a virus), or just a mole, which collects information on you and sends it back to whomever is interested in your data. To protect yourself against these sneaky scripts, set your browser to prompt you before it downloads any file to your system. In IE 5, for example, select Tools/Internet Options/Security, click the Internet icon, then click the Custom Level button and set your preferences for ActiveX and Scripting."
END QUOTE
http://home.cnet.com/internet/0-3761-7-2426166.html?tag=st.int.3761-7-2426162.txt.3761-7-2426166
EBay has decided to not allow some forms of Java Script on the auction listing page and this is an excellent move on their part because of the security problems inherent in the scripting language. I remember when eBay DIDN'T allow the use of Java Script and I was quite surprised to see it being used by some of the sellers on their auction listing page in the last year or so. I even sent an email to eBay and told them about my concerns for their user's safety. We've seen incidents where some of the chat and message boards have been defaced because of the use of a Java Script as well as the problems with Comet Cursor and Human Click to name only a few. IMO, there is absolutely no need to use scripting in your auction listing and the dangers outweigh the advantages.
There are ways to protect your computer from many privacy and security problems simply by changing the settings in your IE browser and your Outlook Express mail program. I personally have the following disabled in my IE browser settings:
all SCRIPTING, UNSAFE ACTIVE X, ACCESS DATA SOURCES ACROSS DOMAINS, INSTALLATION OF DESKTOP ITEMS (stops Comet Cursor), LAUNCHING PROGRAMS AND FILES IN AN IFRAME, MICROSOFT JAVA MACHINE, USER PERSISTENCE, SCRIPT DEBUGGING and ENABLE INSTALL ON DEMAND. The safe ACTIVE X controls are set to PROMPT.
Here is another excellent article explaining the dangers of Java Script, Java and Active X and I suggest everyone interested in this subject to read it. This is an older document dated 1998 but the info is still relevant and the dangers still exist in newer browsers. Actually, if anything, the security problems have increased and will continue to escalate so it's a good idea to keep informed so you can take the proper security measures to protect your computer. http://www.w3.org/Security/Faq/wwwsf7.html
There are quite a few programs out there that will prevent any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS), Java Script (.JS), etc. or you can effectively disable scripting yourself. Here is a site that has a good lists of these programs http://www.staff.uiuc.edu/~ehowes/soft4.htm
If you're using Outlook Express for your mail program you should put it into your restricted zone. Go to TOOLS located in your OE toolbar at the top of the screen and then select OPTIONS and SECURITY and make sure the RESTRICTED ZONE is selected. Also, Please disable the PREVIEW PANE since this will let a script run automatically if it's enabled. Then go to TOOLS in Internet Explorer and under the SECURITY tab select RESTRICTED SITES. Disable or use highest security for everything listed there. This site gives you step by step instructions for securing Outlook Express. http://www.tames.net/security/oesettings.htm
Now for the other MAJOR problem with Windows and security. The Windows Scripting Host (WSH) is an Active Scripting host that lets scripts be executed in the Windows shell. This is Microsoft's Overview of WSH:
QUOTE
Overview
"The Microsoft Windows Script Host (WSH) is a tool that will allow you to run Visual Basic Scripting Edition and JScript natively within the base Operating System, either on Windows 95 or Windows NT 4.0. Using the scripting languages you already know you can now write script to automate common tasks, and to create powerful macros and logon scripts."
UNQUOTE
The Windows scripting host (WSH) has some serious security issues and I advise you to turn it off or change the default behavior in the file types of FOLDER OPTIONS if you aren't a programmer and in need of this component. I've had it removed from my system forever and have not experienced any problems. By removing WSH and using the suggested settings mentioned above for your email and browser you will prevent ALL of the script email viruses from running on your system. Please read the following article about the pros and cons of turning off WSH:
http://www.zdnet.com/zdhelp/stories/main/0,5594,2573079,00.html and Symantec's tutorial on disabling WSH:
http://www.symantec.com/avcenter/venc/data/win.script.hosting.html
You have to make some choices and compromises if you want to effectively secure your computer. Some folks will prefer to keep the active scripting functions intact because of the neat special effects, etc. even though they know the inherent risks and other folks will prefer security and privacy over using these active scripts. It's really up to each individual to decide but it's important to be aware of the issues and dangers first before you can make an educated decision. I hope the info and links I've provided help you to make that choice.
posted on May 24, 2001 08:50:40 PM newBlanche, thanks for another extremely informative post. Now I'm off to follow some of your links and do some reading...
posted on May 24, 2001 09:59:13 PM new
Blanche,
I read your information but have not look at the sites yet. I am still trying to figure out what Java Script means. I tried to relist an item on Ebay and it would not accept it because I had Java Script. I use Auction Watch so does that have anything to do with it. Please help me understand!
I have no idea if AW uses JavaScript [I don't think they do?] but here's the info that eBay posted on the Announcement Board this week.
***JavaScript Incompatibility***
Starting today, the use of certain JavaScript will be disabled on eBay. The following JavaScript functions will be affected:
**You may not use a JavaScript to drop or read a cookie on any eBay page.
**You may not use a JavaScript that redirects the user from eBay to another page (such as the "replace" script).
**You may not use a JavaScript Include.
These scripts will be disabled on all eBay pages where text can be entered, including the Sell Your Item form, the About Me pages and certain other areas of the site. In addition, all JavaScript will be disabled on the general chat boards.
Only those scripts that are incompatible with the eBay system or policies are being disabled. Other JavaScript will still be able to be used, outside those areas where JavaScript has been disabled completely.
The changes to JavaScript may impair certain third-party auction management tools. Please contact your auction management software
provider if you have any questions or concerns about whether these changes will impact your software.
posted on May 24, 2001 10:53:50 PM new
Hello sweetpie. I'm not sure what the problem is with the auction you're trying to relist because I haven't actually viewed it myself but it could be related to a number of things. Do you have any programs in your auctions that use Java Script like Human Click or anything that produces a pop-up window? Some photo programs use a Java Script code to open another window in order to show a larger picture of the auction photo.
If your auction doesn't have any software that uses JS then there could be something in AW's code or logo that's causing the error. I noticed a number of threads in the AW Services Forum relating to listing errors. Maybe they can help you there.
The other possibility has to do with your browser settings if you're using Internet Explorer. You may need to turn off all of the scripting options by going to TOOLS in your browser's toolbar located at the top portion of your window and then to INTERNET OPTIONS. Move to the SECURITY tab and click on the INTERNET icon and then click on CUSTOM LEVEL. Scroll down to SCRIPTING and make sure all three options are set at DISABLE. Then you'll need to refresh your page and see if that takes care of your relisting problem.
Hi reddeer. It sure feels good to be able to sit down and leisurely play with my computer again.
posted on May 25, 2001 09:23:32 AM new
I added a java script code into my auction program (Sellers Assistant) so that no one can right click my pictures. Its been working so far, I sure hope that this is one that ebay doesn't allow
posted on May 25, 2001 11:34:42 AM new
Hello NearTheSea. I'm not sure how eBay can easily allow the use of some Java Script in the auction listing page but not all Java Script. The easiest solution for them would be to not allow ANY JS to be used on the auction listing page. If that's the case then your code to stop the right click won't be allowed. There's no way to determine that until you either relist those auctions or list new ones.
posted on May 25, 2001 12:54:19 PM new
nearthesea -- as all javascript is being disabled, your coding will not work. It really is only a superficial fix anyway, as one can still view (and copy) source code through View:Source.
posted on May 25, 2001 01:29:20 PM newsweetpie, I think your relisting problem has to do with the PayPal link because it uses a Java Script code. Here is a sample of the PayPal code:
<!-- PayPal Logo --><P align="center"><A HREF="https://www.paypal.com/xclick-auction/business=YOUR-PAYPAL-ID-HERE&auction_type=Ebay" target="_blank">******* LANGUAGE="Javascript" SRC="http://images.paypal.com/images/js/logov.js"></SCRIPT><NOSCRIPT><IMG SRC="http://images.paypal.com/images/lgo/pplvd.gif" border=0 ALT="I prefer PayPal, the #1 payment service in online auctions!"></NOSCRIPT></A>
Anyone who is using the current PayPal link will have to either edit it or wait until PayPal comes out with a non Java link.
posted on May 25, 2001 02:16:45 PM new
I just checked new ones I just listed and they still work-the java script
I know its only superficial fix, and there's an easier way then View Source to get pics too, but the person that had been doing it, I hope she is not even that bright...
posted on May 25, 2001 03:36:20 PM new
Blanche-this is the code I use
<SCRIPT LANGUAGE="JavaScript1.1"><!-- Begin
function right(e) {
if (navigator.appName == 'Netscape' &&
(e.which == 3 || e.which == 2))
return false;
else if (navigator.appName == 'Microsoft Internet Explorer' &&
(event.button == 2 || event.button == 3)) {
alert("Sorry, you do not have permission to right click.";
return false;
}
return true;
}
document.onmousedown=right;
document.onmouseup=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
if (document.layers) window.captureEvents(Event.MOUSEUP);
window.onmousedown=right;
window.onmouseup=right;
// End -->
</script>
AND ANY winkie thing, is there because its got a semi colon and parenthesis in it, I didn't put it there.....
This is automatically put in the program, I don't have to do this each time, its in there, until I take it out. And as of today, its still not letting you right click... dunno? Maybe because Sellers Assistant is now ebays? (which would be wrong, but.. )
There were many questions in the eBay Java Script Announcement thread and I couldn't get back online to answer them earlier because I was tied up with my house guests. I decided to start another thread that deals with Active Scripting in general and securing your computer and email.
;