Secure Internet Explorer 6
There are some changes with the current IE 7.x, but the information below
is a good foundation for fixing it. There is an article at http://WindowsSecrets.com/comp/061026
that goes in to some depth. I disagree with his liberal use of the Disable option among other things,
so just remember that if there's a discrepancy...he's wrong.
With the settings below and your new mindset about clicking 'OK' to everything, you'll be able to pass the
browser test at http://secunia.com/advisories/19738/.
IE7 advanced settings help:
//www.jmu.edu/computing/helpdesk/selfhelp/IE7/advancedsettings.shtml
Step 1
Drop My Rights .msi
Go to:
http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
and download:
http://download.microsoft.com/download/f/2/e/f2e49491-efde-4bca-9057-adc89c476ed4/DropMyRights.msi
Read and understand that page, then set Internet Explorer & Outlook Express to use the Untrusted option:

The only issue I've encountered with DropMyRights is that Outlook Express will now open each hyperlink in a mail message in a new window, instead of reusing existing Internet Explorer windows. I've kept the original OE shortcut to open mail where I need it to open in the same window and show visited hyperlinks in a different color.
Step 2
Go to Internet Explorer -> Tools -> Internet Options:
Click the Security tab:
Click the Internet icon, then click the Custom Level button:
Set these options:
Automatic prompting for ActiveX controls: Enable
Binary and script behaviors: Disable ( explanation)
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disable
Initialize and script ActiveX controls not marked as safe: Disable
Run ActiveX controls and plug-ins: Prompt
Script ActiveX controls marked safe for scripting: Prompt
Font download: Prompt
Java VM: High Safety (If you say 'no' to the popup, Java won't run)
Access data sources across domains: Disable
Allow META REFRESH: Disable
Allow scripting of Internet Explorer Webbrowser control: Disable
Allow script-initiated windows without size or position constraints: Disable
Drag and drop or copy and paste files: Prompt
Installation of desktop items: Prompt
Launching programs and files in an IFRAME: Prompt
Open files based on content, not file extension: Enable
Software channel permissions: High Safety
Web sites in less priveleged web content zone can...etc: Prompt
Allow paste operations via script: Prompt ( example)
Scripting of Java applets: Prompt
Caveats:
Many sites will now prompt you with yes/no dialogs:

If this is your saintly Mother's blog, you're probably safe to say 'Yes'. If this is a ...questionable...web site that you wouldn't want your Mother to see, say 'No'.
I'd estimate that 80% of the time, this prompt is for a Flash advertisement that you'd be happy to miss, 10% of the time it's the portal of a web site and if you say 'No' you'll never see the web site, and 10% of the time it is the web sites' navigation system. You can always reload the page and say 'Yes'.
Some sites won't work well or at all. I've left my desktop Internet Explorer icon untouched, and if I must see a site, I'll use that.
The Windows Update web site will prompt you six or more times; you have to say 'Yes' every time. If you click 'No' even once, you'll have to close the window and do it over again.
If you get any other kind of prompt, in my never-humble opinion, you should seriously question visiting the web page that's prompting you. If a web page is trying to install a desktop item without your permission, they probably aren't nice people.
Some sites, such as majorgeeks.com, want to download fonts to your computer when you visit the page. I would never do that. Any time a file is downloaded to your computer, whether you know them or not, you're taking a chance.
Allow META REFRESH: Disable : This one is tricky. It isn't safe to let a web page redirect you to anywhere it wants, but many sites will use META REFRESH when they move a page. If I go to a page that is blank when it's finished loading, I look at the web page source code and copy-n-paste the URL into the address bar manually.
I would never add any site to the 'Trusted Sites' zone. Any site can be hacked, even Windows Update. Or, they may have great programmers, but what if they mess up their shiny new ActiveX control while they're in your Trusted Zone? You're a statisc...stastici...history.
There will be more or less options than I've listed here; use your God-given intelligence.
Bibliography - Notes - Useful Things
Security for Firefox:
http://prisms.cs.umass.edu/emery/index.php?page=frequently-asked-questions
//www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx
//www.google.com/search?hl=en&q=securing+windows+xp
http://msdn.microsoft.com/security/securecode/columns/
default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp
-- http://download.microsoft.com/download/f/2/e/f2e49491-efde-
4bca-9057-adc89c476ed4/DropMyRights.msi
-- img alt="Restricted permissions for Internet Explorer" src="drop-my-rights.msi.jpg"
the Security tab in Normal mode for XP Home
1.) Download the NT 4 Security Configuration Manager from:
//www.microsoft.com/ntserver/nts/downloads/recommended/scm/default.asp.
2.) Run the scesp4i.exe file and extract all files to a temporary directory.
3.) Right-click on the setup.inf file and choose the install option.
4.) Answer no if asked to overwrite essent.dll.
//www.scottxp.com/winxp.php#share
ACLView 1.3.903.10
Manage NTFS permissions
ACLView provides an alternate interface to manage NTFS permissions. It allows administrators
to assign ownership and permission for objects from an Explorer-style interface. The
permission list can be saved to XML format, so it can be used to quickly load the same
set of permissions for other objects. The tool is intended for system administrators and requires
knowledge of ACL.
License: Freeware
Windows: 2000/XP
Author: //www.nativecs.com/ -- //www.mywebattack.com/gnomeapp.php?id=107467
Release: 12/23/2003
//www.majorgeeks.com/download4138.html
//www.korben.tk/
RockXP allows you to:
- To retrieve and change your XP Key
- To retrieve all Microsoft Products keys
- To save your XP activation file
- To retrieve your lost XP system passwords
- To retrieve your lost RAS (Remote Access Settings) passwords
- And to generate new passwords
Internet Explorer 5 Power Tweaks Web Accessory will give you
the 'Add To Trusted Sites' & 'Add To Restricted Sites'
options on your Tools menu:
http://download.microsoft.com/download/ie5/Utility/1/W9XNT4MeXP/EN-US/pwrtwks.exe
//www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
//www.microsoft.com/technet/security/topics/networksecurity/legsgch4.mspx
Shared Computer Toolkit for Windows XP
//www.microsoft.com/windowsxp/sharedaccess/overview.mspx
Windows XP notes:
//www.fiveanddime.net/windows-xp-notes.html
Windows XP services:
//www.fiveanddime.net/secure-windows-xp/windows-xp-services.html
Windows Vista and Longhorn Coverage:
//www.scotsnewsletter.com/best_of/vista_coverage.htm
Langa Letter: 5 Essential Steps To PC Security:
//www.informationweek.com/windows/showArticle.jhtml?articleID=177100010
Securing Your Web Browser
//www.us-cert.gov/reading_room/securing_browser/
Does your head hurt? Here's an untested alternative:
//www.amustsoft.com/econdom/
Reviewed by desktoppipeline.com at:
//www.desktoppipeline.com/175802710
www.fiveanddime.net