Risks while using Browsers

Insulated operation

Recommendation of the "German gouvernmental agency for security in information technology" (BSI):
"Computers carrying applications that are critical for organization company or authority are to be used without email and internet connection."

Active Contents

The german federal gouvernment departments of Economy/Technology and Interior recommend generally to disable javascript and not to use HTML in emails.
"Active contents are in principle problematical. ... Thats why anyone should go back to a ... textbased mailer without automatic previews and attachments."

The "German gouvernmental agency for security in information technology" BSI warns against MS-Office links against mailing of *.XLS and *.DOC-files and recommends those who offer internet sites and their users should relinquish javascript.

Active-X and JavaScript

US-CERT recommends the following: "Disable Active Scripting as specified in the Securing Your Web Browser document." "ActiveX is a technology that has been plagued with various vulnerabilities and implementation issues."

Recommendation for internet sites:

"today many WWW-servers are not navigable without JavaScript; internet-users using safe preferences are consequently locked out of these sites. But JavaScript isn't necessary on the big majority of WWW-servers. In most cases it's only used for optical gimcracks. These WWW-servers could offer the same functionality and information without using JavaScript. Thats why BSI strongly recommends to relinquish JavaScript or at least to offer an alternative site that's browsable without active contents."
"The internet is the most suitable medium to spread information world wide, containing both usual as unwanted or harmful content. that's why webmasters are to bind steps against computer viruses."
[unauthorized translation - see german original text]

Recommendation for users:

"inside the common used WWW-browsers Microsoft Internet Explorer and Netscape Communicator" "many new security lacks" have been found. "that could be exploited by active contents (ActiveX, JavaScript, Java and so on) in WWW-documents. Attacker are able to spy user accounts whith passwords or local stored files from private or commercial internet users. Cause internet user holds an inappreciable risk the BSI recommends strongly renouncing active contents while using internet." ...
Press speaker M.Dickopf
German gouvernmental agency for security in information technology 1999
[unauthorized translation - see german original text]
Advice from BSI in january 2002:
The statements from press release at Sept 21, 1999 are still valid.

Extra dangerous systems

Proud to be 100% Microsoft free The BSI warns against MS-Office links and agains mailing of *.DOC-Files.
"Caused by existing points of attack Microsoft Windows- and Office products represent the most hazardous danger"
[unauthorized translation - see german original text]
Earlier examinating of WWW-browsers often found security lacks especially in Microsoft Internet Explorer .


The "German gouvernmental agency for security in information technology" recommends blocking the creation of cookie-files
"Long ago swindlers used secret signs to inform their 'colleagues' after spy out."
Today modern gangs of thieves also leave secret signs. Uni Bielefeld describes (in german) risks by enabling Cookies without hesitation.

