Results 1 to 3 of 3

Thread: Internet Explorer security zones

  1. August 9th, 2004, 02:39 AM #1
    rcgreen
    rcgreen is offline
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716

    Internet Explorer security zones

    Insecure?

    Internet Explorer is widely condemned as insecure, yet we also
    hear that it is the most used internet browser.
    When people come on these forums and ask for help with IE
    problems, the most common response is "get another browser".

    This tutorial may not interest those who have successfully
    installed a different browser, and are satisfied with it, but
    there are still all those people using IE, and could use some
    practical tips on configuring it for a little more security.

    IE's secutity zones are the most useful feature it
    has, for achieving a degree of security while still preserving
    some functionality. It's too bad that people remain mostly
    ignorant of this feature. Part of the problem is that it is
    somewhat flawed in its implementation.

    Two browsers.

    You may know people who have two or more internet browsers on
    their system, one that is "super secure" so they can surf
    with confidence, and another with all the fancy interactive stuff
    enabled, so that web sites using the latest cool techniques
    will display and work properly.

    IE security zones make it possible to use a strategy like
    this without installing a second browser, because each
    security zone acts almost like a seperate, differently
    configured browser, and it does it seamlessly. Sites are
    shifted to the appropriate zone as you surf.

    Too good to be true?

    Well, there are some problems. There is a learning curve.
    This thing doesn't configure itself. You have to educate
    yourself, and then make a lot of choices. Also, the system isn't
    exactly perfect in its design, so you have to be willing to
    make changes that seem strange. The good news is that it gets
    better as you go along.

    The fundamentals.

    If you go up to your tools menu, select internet options, security tab,
    you see the icons that represent the different zones. Maybe you've
    been there many times and half-heartedly messed with some of the settings.
    Maybe some security guru told you to "disable java", so you did, only
    to discover that your favorite site no longer worked. WTF?

    Maybe you never realized that all of the configuration settings
    are available seperately for several zones, and that sites
    can be assigned to whatever zone you choose.

    The flaw.

    This is a good system, but has one annoying design flaw that reduces
    its effectiveness. Luckily, you can tweak it to get past this weakness.
    By default, every site on the net is assigned to the "internet" zone,
    and this zone is configured, by default, to an intermediate level
    of security. The idea is that, over time, you move the evil sites
    to the "restricted" zone, and the good sites to the "trusted" zone.

    Not good enough.

    By the time you've discovered who the bad sites are, you've already
    suffered a security breach. Don't you wish they had put all sites
    in the restricted zone by default, so you could decide for yourself
    when to take the risk of moving them to intermediate or trusted?
    No problem. Select the internet icon, and proceed to customize your
    internet zone. There's lots of good advice on the net about this.

    Be ruthless.

    My advice is to be absolutely ruthless in the internet zone. go through
    all the choices (research what they mean) and disable everything.
    ActiveX, scripting Java, whatever. Kill all!
    Then you have to "think backward", and make the "restricted" zone into
    your intermediate zone. Cautiously enable some features in this
    zone, in order to enable the sites that need it, and move the sites
    into this zone.

    Take a chance.

    Likewise, enable even more features in the "trusted" zone,
    and then when you have gone to a site numerous times and
    feel like taking a chance, move it toward the less restricted
    zones, depending on your own comfort level, paranoia, or
    impatience.

    The best of both worlds.

    In the end, after you've used this system for some time,
    the inconvience of high security becomes less burdensome
    because you can surf with confidence through unknown regions
    fairly certain that your browser is strict, while your
    personally chosen list of safe sites can have the access
    they need to function without problems.
    I came in to the world with nothing. I still have most of it.
    Reply With Quote Reply With Quote
  2. August 9th, 2004, 03:05 AM #2
    The Grunt
    The Grunt is offline
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Nice tutorial. Won't do much for me but I might have to print this off and give to some family members. Would that be ok for you?

    I LOVE firefox! lol.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.
    Reply With Quote Reply With Quote
  3. August 9th, 2004, 04:34 AM #3
    Soda_Popinsky
    Soda_Popinsky is offline
    Join Date
    Nov 2003
    Posts
    1,426
    Nice tut!

    Not to steal your spotlight-I wrote a similar tut here for anyone interested. It also covers use of the host file.
    http://www.antionline.com/showthread...hreadid=258919

    Greenies for rcgreen.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules