Why Is Gmail Blocking It?
How Can I Protect Myself?
Here’s an easy method to avoid that, without disabling scripts entirely. You can set Windows to open .JS files with a program that doesn’t execute code: Notepad. Here’s how.
Open Notepad by clicking your Start Menu and typing Notepad.
With a blank file open, head to File > Save As. Save the open blank document on your desktop as
Blank.js , making sure you delete the .txt file extension.
Close Notepad. Right-click the fake .JS file you just created and find “Open With” in the contextual menu. Click “Choose Another App.”
Pick “Notepad” from the list and make sure that the checkbox beside “Always Open With” is checked.
You can also disable Windows Script Host by default for your computer, ensuring that any kind of code that it executes, bad or good, can’t be run without being enabled again. This might be overkill, but is a reasonable thing to do to keep a loved one’s computer safe. Here’s a Microsoft recommended method for how to disable Windows Script Host entirely.
Of course, never forget the basics, either: never open email attachments from untrusted or unknown senders, or from known senders if the email looks suspicious or confusing. Simply doing this will cut your risk to all malicious Trojan code down to almost nothing, since the majority of it comes from spam or hijacked email accounts.