http://www.pcworld.com/news/article/0,aid,116992,00.asp
A couple of snips from the article:
Microsoft is doing something unprecedented: It wants you to break one of Internet Explorer's key features. Why? Because only by limiting the browser's functionality can you be sure of stopping a sneaky--and dangerous--new breed of Internet virus. This latest targeted attack scenario, which uses malicious code dubbed "Scob" or "downlad.ject," exploits three flaws: two in Windows and one in Internet Explorer. One of the holes involves JavaScript; targeting this flaw, the Scob code lets a hacker attach a program written in JavaScript to Web pages. If you visit an infected Web site, the program automatically executes in IE, and voila! you're infected.
Microsoft also wants you to take the extreme step of disabling JavaScript. Many sites use JavaScript--to display video, say--and without this programming language, some sites, including Microsoft's own Windows Update site, won't even function properly.
