June 18th, 2004, 08:31 PM
Ad Blocking w/o Third Party Software
Ad Blocking without Third Party Software
Hardening IE to prevent users from downloading malicious material from untrusted sites, while blocking pop ups and ads as well.
What this will do is configure Internet Internet Explorer to allow scripts and such to run on certain, trusted sites. This benefits the work enviroment to prevent users from visiting and downloading malicious material onto their computers, but allows them to use company web applications that require scripts.
1. Open Internet Explorer -> Tools -> Click the Security Tab
You should see 4 security zones. This is where you will outline the policys regarding certain types of sites. The globe represents the internet, and is where most of the action will happen.
2. Click the globe, press custom level below.
Google definition of active x:
Basically, it's through these scripts that brower hijacks and popups are allowed. With these functions denied, pop ups and hijacks simply don't work. Looking at the custom options for the internet, It's your decision what you should allow and not allow. If your office is rampant with spyware, then consider disabling a lot. If you don't want your users to download anything at all, then you have the option to block that as well. This should help slow things like kazaa from entering your network.
Set of platform independent technologies developed by Microsoft that enable software components to interact with one another in a networked environment, like the Internet. In addition to adding functionality within the browser (for example, by enabling Microsoft Word to be opened in a browser) Active X components can be exploited by malicious mobile code.
If you were to leave the settings as they are now, then your users wouldn't be able to access the web applications with scripts to do their jobs. If your company's site relies on java and flash, then you need to allow that do run their scripts.
1. Click the trusted sites icon (green icon with a check)
2. Click Custom level below
You will be in the same window as before, but these settings won't change the settings of the other zone. This zone represents sites you trust, the last one represented the rest of the sites on the internet. Change the settings accordingly to allow more functionality to the sites your users need to use for their job. Warez and porn obviously not included. Once this is done-
1. Click the sites button above the custom level button
2. Uncheck the https:// option if necessary, and add the URL's to the sites you trust.
If you work for Microsoft, then add Microsoft.com. If you do business with Amazon, then add Amazon.com to the list. Be sure to include all the sites your users will need to use. The same process is used for the intranet zone.
The Privacy Tab
In the internet options window, navigate to the privacy tab. This panel will allow you to adjust cookie handling for certain sites. Adjusting the slider will give you information about each setting. You can also click customize, and have it block all cookies. Under this tab, there is an edit sites option. You can allow your trusted sites in here as well, to accept cookies. Unfortunately, you have to add them again manually, as they aren't imported from your other trusted sites.
Manual Ad Blocking
I don't think I recommend this for office environments, but on an individual basis, this helps. Open the host file for your Windows OS, found in one of these places:
Win 98 or ME c:\windows
Windows 2K c:\winnt\system32\drivers\etc
Windows XP c:\windows\system32\drivers\etc
You will be editing a system file here, so the obvious warnings apply. Open the "Hosts" file with notepad. Mine looks like this:
What this file does is associate a word with an IP. When you type http://localhost in your browser, it redirects it to your local address, "127.0.0.1".
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 18.104.22.168 rhino.acme.com # source server
# 22.214.171.124 x.acme.com # x client host
if you added the entry:
Then by typing http://antionline in your browser would lead you to antionline.com (126.96.36.199).
This file can be used to redirect ads. These entries
Will block the ads on Antionline.com. mjxads.internet.com is the home of the flash ads, and the IP is for the gif ads that replace them if scripting is disabled. The Ads are redirected to 127.0.0.1, and never appear in the browser. You can handle ad servers on a case by case basis, adding them to the host file. Some anti-spyware software looks at the host file, so I would be careful when running it, and adding entries to the host file. When you see this file, you might see some entrys that have been added by spyware as well. Remember, this is a system file, so the obvious warnings apply when editing it.
All suggestions, complaints and whatever are welcome.