Sunday, July 10, 2005

Perhaps the stupidest Internet Explorer quirk ever

A couple of days ago, I found that I couldn't copy and paste from the body of my blog. I could highlight text starting from the header, but once I got to any part of the body, everything would highlight, and only everything. Strangely enough, I could copy any part just fine while my blog was loading or refreshing.

By pure luck I traced this bug to the "content" width specification in my blog's HTML template. I removed it recently when tweaking the layout, letting it default to 100% wide. Once I put it back, even just to specify 100% width, I could copy any part of my blog normally.

Mozilla Firefox didn't have this problem. I don't use it on my main PC, which runs Windows XP, but I do use Firefox on my second PC when it's running Linux (98% of the time). I don't use Firefox on my main PC because a few web pages, including my blog, still don't look quite right. This doesn't mean IE is better, just that most pages are optimized for it. Hopefully as Firefox develops, it will become more compatible with current accepted HTML. Not standard HTML, but Microsoft's "dialect" that has become the norm. Then Firefox will hopefully gain more and more market share.

Firefox is unquestionably a far safer browser, and its search function is better designed. Its feature to right-click a picture and block images from a certain domain or subdomain is nothing short of terrific. IE doesn't have that, and a lot of third-party programs claim to do that but often don't work (Norton Internet Security, for example). Also, when Firefox clears all your cache, history and cookies, it means it. IE since the beginning has had the unforgivable habit of retaining history in index.dat, which you can't delete while Windows is running. When I ran Win98 and Win95, to delete the IE cache I restarted in MS-DOS mode and deleted the directories manually.

Here's what I do to make Internet Explorer a safer browser:

1. Lock down your Internet Zone. Click Tools, Internet Options, the Security tab, then the Internet globe. Scroll through and disable everything involving ActiveX controls (even signed), Java and all scripting. I disable "scripting of Internet Explorer Webbrowser controls" and "script-initiated windows" to be on the safe side. I also like to set "Drag and drop or copy and paste files," "Installation of desktop items," "Launching programs and files in an IFRAME," and "Navigate sub-frames across different domains" to prompt. These prevent a few exploits by which malicious websites install files on your computer, and they also tell you if a website is trying to display parts of another domain. Set "Software channel permissions" to high safety.

Disabling ActiveX controls will stop Flash movies from showing. This is good because it stops annoying Flash advertisements, but then you can't use a Flash-dependent website. If I'm sure a website is trustworthy, and I'll only visit it once to, say, see a Flash movie, I'll temporarily enable signed ActiveX for the Internet Zone. If it's a trustworthy website I'll visit often, I'll put it in my Trusted Sites zone...

2. Put trustworthy sites in the Trusted Sites zone. Here you can enable Java, scripting and signed ActiveX controls so the sites can have full functionality. You can enable "Launching programs and files in an IFRAME" and "Navigate sub-frames across different domains," though I'd keep the other settings as in step #1. Among my trusted sites are GMail and Microsoft. I've sometimes wondered about the irony of putting un.org in that list...

3. I use the Restricted Zone for sites requiring JavaScript but no more. Naturally you want to enable scripting, but keep the settings like step #1: disabled ActiveX, Java, etc. A nice thing about this zone is that none of its sites can leave cookies on your computer.

4. Cookies are important for accurate marketing, but I dislike my hard drive filling up with hundreds of them from individual advertisers. So I go to the Privacy tab under Internet Options, then the Advanced button, and Block both types of cookies. If a site is in your Trusted Zone, it automatically can create cookies on your computer. Regular Internet Zone sites might need cookies, so for those you can click the Sites button and add them to the list.

5. Make sure to update Windows and IE via the official Windows Update website. Microsoft never, ever e-mails updates, or even links to updates. Such an e-mail is almost always a ruse. If it has an attachment, it's probably a virus, worm or Trojan horse. If it's a link, it usually takes you to a pernicious website that tries to install viruses, worms or Trojans on your computer, or "only" spyware.

The website might even simulate Microsoft's website so well that it can trick you into installing an "update." This new phenomenon of phishing is increasingly common with alleged links to banks, eBay and Paypal. The e-mails typically threaten that your account will be deactivated unless you "immediately" go to the website and confirm your information; and you must go through that link and only that link. Often the website URL won't be a regular domain name, but a raw IP address (numbers), so that less savvy people won't suspect they're at a fake website. This is further faciliated by HTML links, like http://www.yahoo.com, which looks like one site but actually takes you to another.

Phishing has shown how trusting people are when online: an official-looking e-mail directs them to an official-looking website, where they'll enter in their full names, addresses, credit card number or account number, etc. Would you trust a letter purportedly from your bank, no matter how authentic it appears, that asks you to "confirm" your account information, sign and return to a PO box? Actually, that happens too, with instructions to fax it.

Safe browsing, everybody.

3 Comments:

Blogger TKC said...

Perry, our esteemed economist, has two fours. (cheapshot!)

My solution to IE is to use Netscape.

Sunday, July 10, 2005 4:58:00 PM  
Blogger Perry Eidelbus said...

Oh whoops! Heh. I added the part about cookies and forgot to renumber the one about Windows Update.

I've seen too many crashes with the various versions of Netscape. If it's not IE, I'd rather use Mozilla.

Sunday, July 10, 2005 6:25:00 PM  
Blogger Quincy said...

Perry -

When I'm working on my site design, I always use Firefox to check my work since it's 100% standards compliant. From my point of view, this is a much safer way to go, IE does a pretty respectable job of rendering a standards-compliant page. In fact, except for the LLP (Life, Liberty, and Property) Group blorgoll, the two browsers render everything identically.

Sunday, July 10, 2005 11:47:00 PM  

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home