1. From the start menu select Find files.
2. Find "wscript.exe" which will be in your "Windows" directory
3. Rename "wscript.exe" to something inoffensive like "wscript.old"
N.B. wscript can always be renamed back again if required.
At the moment the scripting host only runs Visual Basic Script and JScript, both of which are MS proprietary technologies. Nearly all web developers use JavaScript for client-side scripts for web pages. These are run by your web browser's Java Virtual Machine and will not be affected by turning off scripting host (and is much less of a security nightmare). Generally speaking anybody sending you either VBScript or JScript without your knowledge is either a complete fool (thus probably virus prone) or malicious. You never know, if enough people turn off this nightmare, perhaps MS will get round to fixing their security - then again probably not.
*This method has been tried and tested on 95/NT. MS threatens unspecifically that the scripting host "is integrated into Windows 98" whatever that means. On the other hand any application that relies on scripting to function is probably too shonky to have on your machine anyway. Suck it and see.