Internet Explorer and the hidden zone.

When I first started looking 'under the hood' I came across an article relating to a hidden zone within Internet Explorer, unfortunately I can not recall who wrote this article and have long since 'lost' the original. I remembered the basics and then set about writing the tutorial below. If YOU are the person who first posted the article then please accept my apologies for not being able to credit you.

When you right click your Internet Explorer icon and select properties, there is a tab labelled security. Click on this tab and various zones are listed;
· Internet
· Intranet
· Trusted Sites
· Restricted Sites

When you browse through the registry you will come across a fifth zone,
My Computer.

Why is a security zone hidden from the user?
Good question and one I cannot answer as I can see no reason why Microsoft would hide a security setting from a user.

What are the implications of the hidden zone?
Well, imagine the following scenario,
You’re happily surfing the web with your Internet zone configured to disable Java script when you arrive at a site which has a malicious java script embedded into the page, no problem your settings are set up to protect you and you move on, none the wiser.
What you may not be aware of is this page, complete with malicious code, has been saved / cached in your Temporary Internet Files directory.
The next time you decide to check this site out, the first thing your browser does is check your Temporary Internet Files directory and open the page from the cache. BANG !!
This page will be opened from cache and is not being opened in the Internet Zone, but in the My Computer zone, oops!! As you have not configured the security for this zone, you are not protected and the malicious code is executed.

What can I do?
Well the first thing you need to do is display the My Computer zone in the security tab of Internet Explorer. To do this you need to edit the registry.

Warning, editing the registry is potentially dangerous and could lead to unexpected results and CAN cause your system to crash, BEFORE you do anything it is a good idea to export the registry key you are about to amend. See below for instructions to export the registry

Click on Start then in the run dialog box type regedit

Zone information is stored in 2 places in the registry

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

Security settings are loaded from the HKEY_CURRENT_USER key and are dynamic for each user, so if we modify the registry under HKEY_CURRENT_USER then we must do this for all users.
If we modify the registry under HKEY_LOCAL_MACHINE we must add the following registry entry and set it with a dword value of 1 (one)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Security_HKLM_only

This will then ‘disable’ any setting in HKEY_Current_USER

Everything that follows is identical for editing under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER

In the Zone Key we must modify the Flag entry for Zone 0 (zero) to display the My Computer Zone

Zone 0 = My Computer,
The Flag entry is set to 32
This may be different as some software e.g. Zone Alarm, will modify this entry. To change the setting is double click on the Flag key and a dialog box will open.

The table below shows the possible options and the corresponding values available.
For multiple options then we add the number together.

Value Setting

1 Allow changes to custom settings
2 Allow users to add Web sites to this zone
4 Require verified Web sites (https protocol)
8 Include Web sites that bypass the proxy server
16 Include Web sites not listed in other zones
32 Do not show security zone in Internet Properties
64 Show the Requires Server Verification dialog box
128 Treat Universal Naming Connections (UNCs) as intranet
connections

Change the value in the dialog box to your required setting.
* Make sure you select decimal in the dialog box (the default is Hex) *

Tip Count 1 (one), as this will allow you to change the settings under the security tab of Internet Explorer. Or if you’re a SysAdmin do not count 1 (one) as this will prevent ‘clever’ users changing the settings.

Once you have changed the Flag setting, close regedit. You will notice that you are not prompted to save any changes; this is because the registry is edited in ‘real time’ and changes are instant. That’s why editing the registry is potentially dangerous.

Right click on Internet Explorer, select properties, click on security and hey presto the ‘hidden’ zone is now visible.



If you are feeling adventurous whilst in the registry please see below for keys and dword values

Unless stated otherwise, each DWORD value is equal to zero, one, or three.
0 – Allows the actions
1 – Prompts to allow the action
3 – Stops the action.

Value Setting
1001 Download signed ActiveX controls
1004 Download unsigned ActiveX controls
1200 Run ActiveX controls and plug-ins
1201 Initialize and run ActiveX controls and plug-ins not marked as safe
1400 Active scripting
1402 Scripting of Java programs
1405 Script ActiveX controls marked as safe for scripting
1406 Access data sources across domains
1407 Allow paste operations via script
1601 Submit non-encrypted form data
1604 Font download
1605 Unknown
1606 User Data persistence
1607 Navigate sub-frames across different domains
1800 Installation of desktop items
1802 Drag and drop or copy and paste of files
1803 File Download
1804 Load applications and files in an IFRAME
1805 Unknown
1A00 Logon
1A02 Allow cookies that are stored on your computer
1A03 Allow per-session cookies (not stored)
1C00 Java permissions
1E05 Software channel permissions

The File Download (1803) is either allowed or not allowed and does not allow a dword value of 1

Additional Internet Explorer 6 settings

Value Setting

1608 Allow META REFRESH
1609 Display mixed content
1A04 Do not prompt for client certificate selection when no certificates or only
one certificate exists.

The Logon setting has the following four possible values (decimal):

Value Setting

0 Automatically logon with current username and password
65536 Prompt for user name and password
131072 Automatic logon only in the Intranet zone
196608 Anonymous logon

The Java Permissions setting has the following five possible values (decimal):

Value Setting

0 Disable Java
65536 High safety
131072 Medium safety
196608 Low safety
8388608 Custom

Each security zone contains the Description and Display Name string values. The text of these values is displayed on the Security tab when you click a zone in the Zone box. There is also an Icon string value that sets the icon displayed for each zone. With the exception of the My Computer zone, each zone contains a CurrentLevel, MinLevel, and RecommendedLevel DWORD value. The MinLevel value sets the lowest setting that can be used before you receive a warning message, CurrentLevel is the current setting for the zone, and RecomendedLevel is the recommended level for the zone.

What values for Minlevel, RecommendedLevel, and CurrentLevel mean:
Value (Hex) Setting

0x00010000 Low Security
0x00011000 Medium Security
0x00012000 High Security


Exporting the registry
Exporting the registry is easy and you should be comfortable doing this before you start hacking the registry. In order to export the registry
1) Highlight the key, which you are about to change, in the LHS window
2) Click on Registry in the menu
3) Click export registry
4) Provide the path where you wish registry file to be exported to

See told you it was easy!!
If you double click on an exported registry file, it will be written back into the registry and overwrite any changes you have made without prompting.

This article has been written in good faith and is based on my understanding and has been tested on Windows 98, and Windows 2000. The author accepts no responsibility for any loss of data, which may occur.

References / credits:

Unknown author who first put me onto this, experience, knowledge, late nights, & learning from mistakes.

Registry Key values: Microsoft Support

"variable_node"