Zone Labs, Inc. Security you can trust.
Search ZoneLabs.com
    

Helpful Hints & Links
Register  ·  Login  ·  Help
 
Having download problems (About mobile code)  
MuffinCharizard
Senior Contributor
Registered: 08-23-2003


Viewed 213 times
1 rating - 4.0 average


There are a number of users who have found that, because of a slight misconfiguration in ZoneAlarm Pro, are unable to download executables, pdf's,Zip files, and so on. If you are one of those people, you will find the answer to your problem in this text, along with other useful infomation about just what "Mobile code" is.

When you go to the privacy tab and click on the custom button for Mobile Code Control, you will see a list of four things that are blocked (when checked). They are JavaScript, VBScript, ActiveX/Java and Mime-type integrated objects. If Mime-type integrated objects blocking is ON, then downloads, such as executables, pdf files, Zip files will be blocked. If you attempt to download when blocking is on for mime-type integrated objects, you will get a "You are not authorized to view this page" error in your browser. Turning this off will allow downloads again.

But what is the importance of the whole moblile code feature?

Browsers have the ability to use mobile code because mobile code enhances web pages much more than what you can do with plain HTML. Popup windows, chat windows, cool looking menus, mobile code can do a lot to make a web page look good, but mobile code also has enough power to damage your system or invade your privacy. Each mobile code has its own danger level. ActiveX, for example, is more dangerous than JavaScript. I will explain each one...

JavaScript qualifies releitivly low in danger. JavaScript is very commonly used in DHTML to enhance web sites. JavaScript also has security measures to prevent against malicious code. It cannot, for example, modify important system files or read your registry. Nothing is perfect however, so a few bugs in a browser could mean a way for JavaScript to be abused. However, because of its limit of power over a system and its overall usefulness, most just leave it on.

VBScript is another scripting language, like JavaScript. However, VBScript has a dangerous amount of power over a system. If you go to this link, you can see the horror for yourself. Needless to say, I reccommend turning it off.

Java has more power than JavaScript, most noted by all the Java games found in places such as Jippii.com. Using a "Java Virtual Machine", all browsers will read Java code the same way, allowing a Java applet to run on many platforms. Java is another cool way to enhance a web site, but is it safe? Java does have its holes here and there, but Java has a method called "sandboxing" to guard against malicious code. However, I reccommend turning Java off.

ActiveX is Microsoft's answer to Java. ActiveX has the most power over all mobile code in that it can be run automatically and that it can install programs, such as Browser Helper Objects, without the users knowladge. Pleanty of spyware, such as Xupiter, is installed using ActiveX. However, pleanty of good stuff comes from ActiveX too, such as Flash and Shockwave, which both need ActiveX to run on Internet Explorer (Mozilla uses Java to use Flash). With the immense abilities that ActiveX has...turn it off.

Mime-type integrated objects are things like Zip files, PDF files, executables and other things that you must click on a link in order to download. They are not run automatically, unlike all mentioned above, however keep in mind that whenever you download something like an executable or ZIP, it could contain a virus/trojan. Be careful who you trust.

So now all that is explained, you should know where to go in ZoneAlarm Pro to pick and choose what you wish to block. Remember: If you find a site that you trust with any of that mobile code, you need only find them on the privacy list and allow mobile code for that site.

Your browser security settings also have options on what to do with mobile code. (Internet Explorer's click tools, then internet options and then go to security || Mozilla users click on edit, preferences and then advanced) If you have Scripts allowed in ZoneAlarm Pro, but not your browser, scripts will be off!



That is all. Enjoy muffins!

-------------------------

Beware the Charizard that eats muffins...he has issues.
What muffin? I don't see any muffin! ::BURP::

09-16-2003 01:06 PM  
  SUBJECT AUTHOR RATING DATE/TIME
•  Having download problems (About mobile code) 
MuffinCharizard  1 rating - 4.0 average   09-16-2003 01:06 PM

    Home    Home/Office Products     Download & Buy     Enterprise Solutions     Service & Support     Partner Programs     About Zone Labs  

Copyright ©1999-2002 Zone Labs, Inc.