Custom Search


Secure Internet Explorer 6

There are some changes with the current IE 7.x, but the information below
is a good foundation for fixing it. There is an article at http://WindowsSecrets.com/comp/061026
that goes in to some depth. I disagree with his liberal use of the Disable option among other things,
so just remember that if there's a discrepancy...he's wrong.
With the settings below and your new mindset about clicking 'OK' to everything, you'll be able to pass the
browser test at http://secunia.com/advisories/19738/.

IE7 advanced settings help:
http://www.jmu.edu/computing/helpdesk/selfhelp/IE7/advancedsettings.shtml


Step 1
Drop My Rights .msi

Go to:
http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp

and download:
http://download.microsoft.com/download/f/2/e/f2e49491-efde-4bca-9057-adc89c476ed4/DropMyRights.msi

Read and understand that page, then set Internet Explorer & Outlook Express to use the Untrusted option:

Restricted permissions for Internet Explorer


The only issue I've encountered with DropMyRights is that Outlook Express will now open each hyperlink in a mail message in a new window, instead of reusing existing Internet Explorer windows. I've kept the original OE shortcut to open mail where I need it to open in the same window and show visited hyperlinks in a different color.



Step 2

Go to Internet Explorer -> Tools -> Internet Options:
Internet Explorer - Tools - Internet Options


Click the Security tab:
Internet Explorer - Tools - Options -> Security


Click the Internet icon, then click the Custom Level button:
Internet Explorer - Tools - Options -> Security -> Internet Zone -> Custom Level

Set these options:
Automatic prompting for ActiveX controls:      Enable
Binary and script behaviors:      Disable ( explanation)
Download signed ActiveX controls:      Prompt
Download unsigned ActiveX controls:      Disable
Initialize and script ActiveX controls not marked as safe:      Disable
Run ActiveX controls and plug-ins:      Prompt
Script ActiveX controls marked safe for scripting:      Prompt
Font download:      Prompt
Java VM:      High Safety (If you say 'no' to the popup, Java won't run)
Access data sources across domains:      Disable
Allow META REFRESH:      Disable
Allow scripting of Internet Explorer Webbrowser control:      Disable
Allow script-initiated windows without size or position constraints:      Disable
Drag and drop or copy and paste files:      Prompt
Installation of desktop items:      Prompt
Launching programs and files in an IFRAME:      Prompt
Open files based on content, not file extension:      Enable
Software channel permissions:      High Safety
Web sites in less priveleged web content zone can...etc:      Prompt
Allow paste operations via script:      Prompt ( example)
Scripting of Java applets:      Prompt



Caveats:
Many sites will now prompt you with yes/no dialogs:
ActiveX web page prompt
If this is your saintly Mother's blog, you're probably safe to say 'Yes'. If this is a ...questionable...web site that you wouldn't want your Mother to see, say 'No'.

I'd estimate that 80% of the time, this prompt is for a Flash advertisement that you'd be happy to miss, 10% of the time it's the portal of a web site and if you say 'No' you'll never see the web site, and 10% of the time it is the web sites' navigation system. You can always reload the page and say 'Yes'.

Some sites won't work well or at all. I've left my desktop Internet Explorer icon untouched, and if I must see a site, I'll use that.

The Windows Update web site will prompt you six or more times; you have to say 'Yes' every time. If you click 'No' even once, you'll have to close the window and do it over again.

If you get any other kind of prompt, in my never-humble opinion, you should seriously question visiting the web page that's prompting you. If a web page is trying to install a desktop item without your permission, they probably aren't nice people.

Some sites, such as majorgeeks.com, want to download fonts to your computer when you visit the page. I would never do that. Any time a file is downloaded to your computer, whether you know them or not, you're taking a chance.

Allow META REFRESH:      Disable : This one is tricky. It isn't safe to let a web page redirect you to anywhere it wants, but many sites will use META REFRESH when they move a page. If I go to a page that is blank when it's finished loading, I look at the web page source code and copy-n-paste the URL into the address bar manually.

I would never add any site to the 'Trusted Sites' zone. Any site can be hacked, even Windows Update. Or, they may have great programmers, but what if they mess up their shiny new ActiveX control while they're in your Trusted Zone? You're a statisc...stastici...history.


There will be more or less options than I've listed here; use your God-given intelligence.










Bibliography - Notes - Useful Things

Security for Firefox:
http://prisms.cs.umass.edu/emery/index.php?page=frequently-asked-questions


http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx
http://www.google.com/search?hl=en&q=securing+windows+xp


http://msdn.microsoft.com/security/securecode/columns/
		default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
       -- http://download.microsoft.com/download/f/2/e/f2e49491-efde-
		4bca-9057-adc89c476ed4/DropMyRights.msi
       -- img alt="Restricted permissions for Internet Explorer" src="drop-my-rights.msi.jpg"

 the Security tab in Normal mode for XP Home
1.) Download the NT 4 Security Configuration Manager from: 
	http://www.microsoft.com/ntserver/nts/downloads/recommended/scm/default.asp.
2.) Run the scesp4i.exe file and extract all files to a temporary directory.
3.) Right-click on the setup.inf file and choose the install option.
4.) Answer no if asked to overwrite essent.dll.
http://www.scottxp.com/winxp.php#share



ACLView 1.3.903.10 
Manage NTFS permissions 
ACLView provides an alternate interface to manage NTFS permissions. It allows administrators 
to assign ownership and permission for objects from an Explorer-style interface. The 
permission list can be saved to XML format, so it can be used to quickly load the same 
set of permissions for other objects. The tool is intended for system administrators and requires 
knowledge of ACL.
License: Freeware 
Windows: 2000/XP 
Author: http://www.nativecs.com/  --  http://www.mywebattack.com/gnomeapp.php?id=107467
Release: 12/23/2003



http://www.majorgeeks.com/download4138.html
http://www.korben.tk/
RockXP allows you to: 
- To retrieve and change your XP Key 
- To retrieve all Microsoft Products keys 
- To save your XP activation file 
- To retrieve your lost XP system passwords 
- To retrieve your lost RAS (Remote Access Settings) passwords 
- And to generate new passwords 



Internet Explorer 5 Power Tweaks Web Accessory will give you 
the 'Add To Trusted Sites' & 'Add To Restricted Sites' 
options on your Tools menu:
http://download.microsoft.com/download/ie5/Utility/1/W9XNT4MeXP/EN-US/pwrtwks.exe
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx



http://www.microsoft.com/technet/security/topics/networksecurity/legsgch4.mspx Shared Computer Toolkit for Windows XP http://www.microsoft.com/windowsxp/sharedaccess/overview.mspx




Windows XP notes:
http://www.fiveanddime.net/windows-xp-notes.html

Windows XP services:
http://www.fiveanddime.net/secure-windows-xp/windows-xp-services.html


Windows Vista and Longhorn Coverage:
http://www.scotsnewsletter.com/best_of/vista_coverage.htm


Langa Letter: 5 Essential Steps To PC Security:
http://www.informationweek.com/windows/showArticle.jhtml?articleID=177100010

Securing Your Web Browser
http://www.us-cert.gov/reading_room/securing_browser/





Does your head hurt? Here's an untested alternative:
http://www.amustsoft.com/econdom/ Reviewed by desktoppipeline.com at:
http://www.desktoppipeline.com/175802710








www.fiveanddime.net








Custom Search