Active Contents
are contents on WWW sites, which have been programmed in script languages like Java, Javascript or ActiveX. Script languages execute program code on your computer. A malicious operator of a WWW site can thus program his/her contents so as to ensure that data on your computer are read or even damaged. Attacks of this kind become particularly problematical when the malicious attacker is operating a WWW site which resembles that of a recognized institution or a recognized company. The only way to protect yourself against attacks of this nature is to switch off script languages – either directly in your browser or through a central filter, e.g. on your firewall. Only a few filters, however, are able to filter out the script languages entirely, since this necessitates a syntactical analysis. Another option is to have the browser run on computers in a separate network, in which there are no sensitive data at all. Under Linux and Unix-type operating systems, this is simple to set up: although the browser is displayed on your workplace machine, it is actually running on a machine in a test network.
