-
August 9th, 2004, 02:39 AM
#1
Internet Explorer security zones
Insecure?
Internet Explorer is widely condemned as insecure, yet we also
hear that it is the most used internet browser.
When people come on these forums and ask for help with IE
problems, the most common response is "get another browser".
This tutorial may not interest those who have successfully
installed a different browser, and are satisfied with it, but
there are still all those people using IE, and could use some
practical tips on configuring it for a little more security.
IE's secutity zones are the most useful feature it
has, for achieving a degree of security while still preserving
some functionality. It's too bad that people remain mostly
ignorant of this feature. Part of the problem is that it is
somewhat flawed in its implementation.
Two browsers.
You may know people who have two or more internet browsers on
their system, one that is "super secure" so they can surf
with confidence, and another with all the fancy interactive stuff
enabled, so that web sites using the latest cool techniques
will display and work properly.
IE security zones make it possible to use a strategy like
this without installing a second browser, because each
security zone acts almost like a seperate, differently
configured browser, and it does it seamlessly. Sites are
shifted to the appropriate zone as you surf.
Too good to be true?
Well, there are some problems. There is a learning curve.
This thing doesn't configure itself. You have to educate
yourself, and then make a lot of choices. Also, the system isn't
exactly perfect in its design, so you have to be willing to
make changes that seem strange. The good news is that it gets
better as you go along.
The fundamentals.
If you go up to your tools menu, select internet options, security tab,
you see the icons that represent the different zones. Maybe you've
been there many times and half-heartedly messed with some of the settings.
Maybe some security guru told you to "disable java", so you did, only
to discover that your favorite site no longer worked. WTF?
Maybe you never realized that all of the configuration settings
are available seperately for several zones, and that sites
can be assigned to whatever zone you choose.
The flaw.
This is a good system, but has one annoying design flaw that reduces
its effectiveness. Luckily, you can tweak it to get past this weakness.
By default, every site on the net is assigned to the "internet" zone,
and this zone is configured, by default, to an intermediate level
of security. The idea is that, over time, you move the evil sites
to the "restricted" zone, and the good sites to the "trusted" zone.
Not good enough.
By the time you've discovered who the bad sites are, you've already
suffered a security breach. Don't you wish they had put all sites
in the restricted zone by default, so you could decide for yourself
when to take the risk of moving them to intermediate or trusted?
No problem. Select the internet icon, and proceed to customize your
internet zone. There's lots of good advice on the net about this.
Be ruthless.
My advice is to be absolutely ruthless in the internet zone. go through
all the choices (research what they mean) and disable everything.
ActiveX, scripting Java, whatever. Kill all!
Then you have to "think backward", and make the "restricted" zone into
your intermediate zone. Cautiously enable some features in this
zone, in order to enable the sites that need it, and move the sites
into this zone.
Take a chance.
Likewise, enable even more features in the "trusted" zone,
and then when you have gone to a site numerous times and
feel like taking a chance, move it toward the less restricted
zones, depending on your own comfort level, paranoia, or
impatience.
The best of both worlds.
In the end, after you've used this system for some time,
the inconvience of high security becomes less burdensome
because you can surf with confidence through unknown regions
fairly certain that your browser is strict, while your
personally chosen list of safe sites can have the access
they need to function without problems.
I came in to the world with nothing. I still have most of it.
-
August 9th, 2004, 03:05 AM
#2
Nice tutorial. Won't do much for me but I might have to print this off and give to some family members. Would that be ok for you?
I LOVE firefox! lol.
[H]ard|OCP <--Best hardware/gaming news out there--|
pwned.nl <--Gamers will love this one --|
Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.
-
August 9th, 2004, 04:34 AM
#3
Nice tut!
Not to steal your spotlight-I wrote a similar tut here for anyone interested. It also covers use of the host file.
http://www.antionline.com/showthread...hreadid=258919
Greenies for rcgreen.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|