dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4
reply to BandHeight

Re: Firefox 3 honors Windows Security Zones...

I don't understand your point. YOU had to add the ADS to get Fx to react. Soo....?

Plus, I thought Fx reacted if you had INsecure settings on IE not secure settings. Why would Fx stop you if the IE settings are secure? It should stop you only if the IE settings are insecure.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason



Ctrl Alt Del
Premium
join:2002-02-18
kudos:1

said by Mele20:

I don't understand your point. YOU had to add the ADS to get Fx to react. Soo....?

Plus, I thought Fx reacted if you had INsecure settings on IE not secure settings. Why would Fx stop you if the IE settings are secure? It should stop you only if the IE settings are insecure.
Firefox 3.0 for Windows now uses the same feature that Internet Explorer uses when you download a file from the internet. Firefox tags a downloaded file which then tells Windows to show the prompt. He did not add any ADS, that was Firefox that added the ADS.
--
less talk, more music

BandHeight

join:2004-08-30

4 edits
reply to Mele20


Prompt Recieved Upon Execution of Zone 3 Tagged File DL'd with IE 7

Prompt Recieved Upon Execution of Zone 3 Tagged File DL'd with FF 3.0
said by BandHeight:

Results (image posted: FF-Streams.png)

- IE7 - Added ADS; execution prompts user
- FF 3.0 - Added ADS; execution prompts user
- Opera 9.5 - Did not add ADS; execution proceeds without prompt
- GetRight 5.2d - Did not add ADS; execution proceeds without prompt
said by Mele20:

I don't understand your point. YOU had to add the ADS to get Fx to react. Soo....?
I know that might have been a little confusing, but c'mon ... why would I have even wasted my time with the previous post if I could only achieve those results by manually adding the ADS? Of course I didn't manually add the ADS ... the applications did (or didn't) as the case may have been. For example, when I downloaded the file with FF 3.0, the tags were automatically added based on my Policy because FF 3.0 recognizes and respects the Policy I have set (it uses the aforementioned IAttachmentExecute::CheckPolicy Method to do so) whereas Opera, for example, is Policy agnostic (thus, it does not add the Zone ADS tag).

said by Mele20:

Plus, I thought Fx reacted if you had INsecure settings on IE not secure settings. Why would Fx stop you if the IE settings are secure? It should stop you only if the IE settings are insecure.
None of the applications that recognize Policy react opposite your set Policy. They honor / respect your Policy. If you want to be insecure, the applications respect that. If you want to be secure, they respect that, too. It is your choice which Policy you set (Zone 1, 2, 3 or 4) for specific activities ... so why would FF 3.0 try to do the opposite of what your Policy dictated it to do?

If you have a Policy for high security, it prompts the user or blocks the activity completely (Zone 3 or Zone 4, respectively). If the user chooses a less secure Policy (Zone 1 or 2), the prompting and blocking do not occur at all or are lessened.

I think you are fundamentally misunderstanding this topic.

EDIT:
By the way, once the downloaded file is tagged with a Zone 3 ADS per policy, FF is out of the picture. The prompt that a user gets when the file is executed is then received from the OS and it looks just like the prompt that a Zone 3 file downloaded by IE would look (see images in this post).

Of course, this does not apply for Zone 4 because no file is actually downloaded, so no ADS can be added and the file-blocked message comes immediately from the browser itself (thus the 2 different screen-shots in my previous post).

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4
reply to Ctrl Alt Del

Auto quote isn't working.

I understand what Bandheight said. My reply is that it is not true that Fx3 is placing ADS on downloads. It is not doing for me. Therefore, this feature does not work. Bandheight has Service Pack 3 for XP. I have SP2. Maybe Service Pack 3 is required for this to work? If so, that is another good reason to not install SP3...getting too bossy.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


BandHeight

join:2004-08-30

2 edits

Click for full size
FF 3.0 Adds Zone Tags In Win XP SP 2 Just Like In SP 3
said by Mele20:

Auto quote isn't working.
I just auto-quoted. It never ceases to amaze me how many things don't work for you.

said by Mele20:

I understand what Bandheight said.
No comment.

said by Mele20:

My reply is that it is not true that Fx3 is placing ADS on downloads.
Really?

said by Mele20:

It is not doing for me.
Of course not.

Please understand saying that something is not true (which makes me what by extension?) just because it doesn't work for you is insulting to say the least. I did not fabricate the FF 3 functionality (nor did anyone else in this thread for that matter), and I did not fabricate the test results and screen-shots I posted here.

Edit:

And because I can (but shouldn't have), I tested Win XP SP2, and of course as I expected, the ADS tags were added by FF 3.0 just as they were in Win XP SP3. See image above. For the record, my SP 3 tests were on XP Pro (which I failed to mention), so the tests thus far seem to validate the same functionality in SP 2 and SP3 and Pro and Home versions. This is not surprising.


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
reply to Mele20

said by Mele20:

Auto quote isn't working.

I understand what Bandheight said. My reply is that it is not true that Fx3 is placing ADS on downloads. It is not doing for me. Therefore, this feature does not work. Bandheight has Service Pack 3 for XP. I have SP2. Maybe Service Pack 3 is required for this to work? If so, that is another good reason to not install SP3...getting too bossy.
Your settings are insane so you may have turned them off in Internet Explorer's Internet Settings. If you're worried about this feature, you can turn it off so it acts exactly like it did before.

This feature was added in SP2, so your machine already has the framework for this feature.
--
less talk, more music

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4

Auto quote worked the next time I tried it. Every now and then it won't work. If you had bothered to do a search you would find a number threads over the years about auto quote not working for awhile or working intermittently. I meantioned out of politeness but that was lost on you.

What "feature" was added in SP2?
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4
reply to BandHeight

said by BandHeight:

If you have a Policy for high security, it prompts the user or blocks the activity completely (Zone 3 or Zone 4, respectively). If the user chooses a less secure Policy (Zone 1 or 2), the prompting and blocking do not occur at all or are lessened.

I think you are fundamentally misunderstanding this topic.

EDIT:
By the way, once the downloaded file is tagged with a Zone 3 ADS per policy, FF is out of the picture. The prompt that a user gets when the file is executed is then received from the OS and it looks just like the prompt that a Zone 3 file downloaded by IE would look (see images in this post).

Of course, this does not apply for Zone 4 because no file is actually downloaded, so no ADS can be added and the file-blocked message comes immediately from the browser itself (thus the 2 different screen-shots in my previous post).
What are these "zones"? I don't use IE but rarely. I am a Mozilla person. I used Netscape when I got my first compter, then Mozilla, then Phoenix also and then Firebird/Firefox and SeaMonkey. I remember something called local/internet/trusted/restricted tabs in IE options. I never paid much attention to them. I kept everything in the internet tab except Spyware Blaster puts stuff in the restricted tab. I used custom settings for IE privacy from the beginning ...no slider or other junk but basically I don't use IE and would rip it out if I could. The only thing I use IE for, and the only reason to keep it around (if I could get rid of it), was for Java speedtests until the beginning of this year when I finally stopped using MSJava. I still don't allow Java on Fx. I have IE for speed tests and for the few sites that still won't work in Fx. (I also keep IE on a virtual machine that runs XP Pro SP1 for my ONLY install of Flash Player. I have it installed just so I can see how awful my ISP is now that they ditched the best speed test for a crap Flash one that cost a lot less. I never have allowed Flash on Fx or Mozilla/Seamonkey).

I thought we were talking about this:

"Reset system Internet security settings - Windows

Starting in Firefox 3: When you attempt to download an executable file (e.g., an .exe or .msi file) you may see a Firefox Downloads window with one of these messages under the filename:

* Blocked: Download may contain a virus or spyware (Firefox 3 Beta 5 image)
* This download has been blocked by your Security Zone Policy (Firefox 3 RC1 image).

This issue does not occur in Firefox 2 or earlier.

Firefox 3 may block downloads of all executable files if the Internet security option, "Launching applications and unsafe files" is set to "Disabled". [18] [19] To change this setting, open Internet Options (via Control Panel or from Internet Explorer -> Tools) and click the "Security" tab. Select the "Internet" zone, click the "Custom level..." button, then find the "Launching applications and unsafe files" setting (under Miscellaneous) and select "Prompt (Recommended)" "

»kb.mozillazine.org/Unable_to_sav···_Windows
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
reply to Mele20

said by Mele20:

What "feature" was added in SP2?
In Windows XP Service Pack 2, Microsoft added something called the Attachment Manager.

said by »support.microsoft.com/?kbid=883260 :

The Attachment Manager in Windows XP SP2 can help protect your computer from unsafe attachments that you might receive with an e-mail message and from unsafe files that you might save from the Internet.

If the Attachment Manager identifies an attachment that might be unsafe, the Attachment Manager prevents you from opening the file, or it warns you before you open the file.

The Attachment Manager uses the IAttachmentExecute application programming interface (API) to find the file type, to find the file association, and to determine the most appropriate action.

Microsoft Outlook Express, Microsoft Windows Messenger, Microsoft MSN Messenger, and Microsoft Internet Explorer use the Attachment Manager to handle e-mail attachments and Internet downloads.

When you save files to your hard disk from a program that uses the Attachment Manager, the Web content zone information for the file is also saved with the file. For example, if you save a compressed file (.zip) that is attached to an e-mail message to your hard disk, the Web content zone information is also saved when you save the compressed file.
More simply...

said by »smallvoid.com/article/ie-attachm···ger.html :

Windows XP SP2 includes a new feature called Attachment Manager, which monitors files downloaded from the Internet or received as e-mail attachments.

When a downloaded file is saved to a disk formatted with NTFS, then it will update the meta data for the file with the zone (Internet- / Restricted-zone) it was downloaded from. The meta data is saved as an Alternate Data Stream (ADS), which is a feature of NTFS where the same filename can be used to cover multiple data streams.
For example, if you use Windows XP SP2's Internet Explorer to download an executable, Internet Explorer will tag that file as potentially dangerous using Attachment Manager's IAttachmentExecute. Then when you try to run that executable, Windows will show the following dialog:



Because the Attachment Manager was added in XP SP2, when you said:

I understand what Bandheight said. My reply is that it is not true that Fx3 is placing ADS on downloads. It is not doing for me. Therefore, this feature does not work. Bandheight has Service Pack 3 for XP. I have SP2. Maybe Service Pack 3 is required for this to work? If so, that is another good reason to not install SP3...getting too bossy.
Was incorrect. Service Pack 3 is not required, Service Pack 2 is, which you already have.

Now, Firefox 2 did not use the Attachment Manager at all. If you downloaded an executable with Firefox 2, you never saw that Security Warning dialog. However, Firefox 3 does use the Attachment Manager with the default settings. When you download an executable with Firefox 3, you will get the same Security Warning dialog that IE would show.

Both websites in the quotes above show the Group Policy settings or Registry keys that control this feature.
--
less talk, more music