dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
9148

Wildcatboy
Invisible
Mod
join:2000-10-30
Toronto, ON

Wildcatboy

Mod

IE Security Settings

Click for full size

In the past while I've seen a lot of questions about the security settings in IE and how you can secure your browser by setting those options. What I need to emphasize is that the security setting on your browser should definitely match your needs for security or privacy and there's no cookie cut approach to this. However certain features of IE can put you at risk and it's up to you to decide how far you want to go.

What I'm sharing with you is my setting and how I like them. You can share or chose what you like. Also whatever is set to prompt will always get a NO answer from me first. If the page is not displayed properly or if certain options don't function, a simple refresh with a YES answer will do the job, but only after I see the page first.

If an option is vital for me to have for a certain site, the site will go to my trusted site with only that option allowed and everything else will stay just as tight. Feel free to share your preferences and what you think is safe.

Nsane_iceman
Premium Member
join:2001-02-26
North Richland Hills, TX

Nsane_iceman

Premium Member

Well mostly , that is good , but you have disabled alot of stuff there and don't you think that it would be better to do prompt there buddy ?

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to Wildcatboy

MVM

to Wildcatboy
Nsame_iceman -- I would argue that he does NOT have enough stuff disabled!;)

My settings are the same except:
  • Run ActiveX controls and plug-ins - Disable
  • Font Download - Disable
  • Java permissions - Disable
  • Drag and drop or copy and paste files - Disable
  • Launching programs and files in a IFRAME - Disable
  • Active scripting - Disable
  • Scripting of Java applets - Disable
  • Logon - Prompt for user name and password (I have no Intranet)
My point is that if I don't know and don't trust I web site, why do I want to get bothered by Prompts? I dislike Prompts and find them very annoying -- so I disable them. It make surfing that much easier.

If I find a site that I trust and I want to run Scripts or ActiveX, I click the Trusted sites button on my Toolbar and voila!, I can run these. Afterward, if I desire, and can pull that site from my Trusted list.

I believe this is the safest way to surf the Internet -- especially if your computer is shared by other people. My wife and son both use my computer, so I prefer to be extra safe.

Wahoone
join:2001-06-27
Wahoo, NE

Wahoone

Member

said by R2:
I believe this is the safest way to surf the Internet -- especially if your computer is shared by other people. My wife and son both use my computer, so I prefer to be extra safe.
I agree with you R2. My settings are similar to yours.

My family shares our computers, plus the kids are teenagers and always have friends over telling them about some new cool site. If they can't get to it,then they have to ask me 1st to see where they are going and I may or may not allow them. They are getting educated security wise by having the setiings highly restrictive, and me pointing out why ie: Trojan.Offensive which I heard about this Morning.

tup
Premium Member
join:2001-01-15
Port Elgin, ON

tup to Wildcatboy

Premium Member

to Wildcatboy
WCB--Txs for giving us your settings. I have been playing around with this stuff for several months from info I read on DSLReports which includes many of your posts but I have never seen anything nearly as complete as what you have posted in your screenshot. As you mentioned, there is sometimes a downside to having things like Active-X disabled but I have gotten fairly adept at just going to the Security drop-down and re-checking Active-X if I need it for something specific.
I have two questions which I'm sure you could help me to understand. First is about the Trusted zone. Everything in there is » So even though I put MSUpdates and DSLReports in the Trusted zone, when I go to those sites, they show (on the bottom right hand corner of the screen) as Internet zone. Therefore, I expect the settings I have in Trusted zones don't work. In other words, I can't get updates from the MSUpdate site unless I have Active-x enabled in the Internet zone. So, how does having less secure settings in the Trusted zone help you except when you go to do your banking etc where you actually enter a » Trusted zone.
My second question is simple--how did you do the screen shot post. Did you take several and use a graphics program to combine them?

OzarkMan$
join:2000-12-22
Ozark Mtns.

OzarkMan$

Member

tup....try using just http NOT https !

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

.

Click for full size
Gotcha, Oz!! It is not quite that easy. You have to remove the above check first.
____

Ignore the fact that I have DSLR list twice on my list. That is not necessary...
[text was edited by author 2001-08-24 21:07:50]

Wahoone
join:2001-06-27
Wahoo, NE

Wahoone to OzarkMan$

Member

to OzarkMan$

IE Security Options Links by Ozarkman

OzarkMan tke711 pointed out a thread you originally started that has some great links
»Internet Explorer Security Options, Part 1-6

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to tup

MVM

to tup

Re: image

I am guessing WCB used a Paint program -- perhaps even just Paintbrush -- and pieced those together.

Great job, wasn't it?

OzarkMan$
join:2000-12-22
Ozark Mtns.

OzarkMan$ to R2

Member

to R2
Not really R2....for MOST individuals that is already unchecked. IE, when installed, comes defaulted with Require server verification unchecked ! So....it's a TWO STEP process IF an individual has checked that box !

tup
Premium Member
join:2001-01-15
Port Elgin, ON

tup to R2

Premium Member

to R2

Re: .

The significance of that check mark about https: never registered. Txs to all for helping educate this old guy. I really appreciate the patience of the people on DSLReports.

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to OzarkMan$

MVM

to OzarkMan$
On all the machines I have checked, that box is CHECKED by default -- and I am very certain that is the problem that tup is having.

OzarkMan$
join:2000-12-22
Ozark Mtns.

OzarkMan$ to Wahoone

Member

to Wahoone
Thanks wahoone....I enjoyed reading that info as much as I enjoyed sharing the info with others.

As with many things....there is definetely more than one way to skin a cat. Many individuals use third party programs with very much success when it comes to a secure surfing experience, while others choose to use the security settings offered with IE with the same amount of success....at least for MY family and I we are able to accomplish this !

BTW R2....I'll stand corrected for now, but I could have sworn that was a default. But hey, the http issue as we both know is tup's problem and if he can add those sites to his trusted zone by un-checking the server verification box....that's all I'm interested in !
Hopefully just another satisfied member
[text was edited by author 2001-08-24 21:27:45]

jmn1207
Premium Member
join:2000-07-19
Sterling, VA

jmn1207 to Wildcatboy

Premium Member

to Wildcatboy

Re: IE Security Settings

WCB,

What would be even more useful would be an explanation of what each setting can help protect you from.

For example, disabling Active Scripting prevents pop under ads like the x10 camera crap. (Just an example, not sure if it really does)

Anyone want to help contribute and start something like this?

tup
Premium Member
join:2001-01-15
Port Elgin, ON

tup to R2

Premium Member

to R2

Re: .

I unchecked the box for https: and re-entered my URLs for various sites in the Trusted zone. Now, I get the Trusted zone designation in the lower right hand screen. Plus, I'm getting things like zoom capability in my favourite weather site etc. that I have done without for months because I thought security was more important that convenience. Thanks again to all at DSLReports that helped me understand this!!

Rocktagon
Slightly Bent
Premium Member
join:2000-11-04
Chattaroy, WA

Rocktagon to jmn1207

Premium Member

to jmn1207

Re: IE Security Settings

said by jmn1207:
WCB,

What would be even more useful would be an explanation of what each setting can help protect you from.

For example, disabling Active Scripting prevents pop under ads like the x10 camera crap. (Just an example, not sure if it really does)

Anyone want to help contribute and start something like this?
InternetExplorer Security Options
Internet Explorer-Outlook Express 6 Tweak guide

These links explain many of the options for Internet Explorer.

Great job WCB!

Wildcatboy
Invisible
Mod
join:2000-10-30
Toronto, ON

Wildcatboy

Mod


Well, as I said a lot of those settings have to do with my personal preferences. As R2 mentioned, I don't see a point in setting an option to prompt when my answer will always be NO. There's two parts to controlling Active scripting. One is the kinds of scripts that need to run locally on your machine. For them, your browser needs to actually download them to your machine and then run them. They are potentially more harmful. The first two options will take care of them for good. The third option of course is self explanatory.

When you click on something like a .pdf file the forth feature comes to play. By setting that to prompt you'll be able to see those features or listen to music online, etc... by saying yes if you choose so.

The second part to Active scripting is located in the scripting section at the bottom right. The fact is that you can enable all Active scripting options on top and only disable Active scripting in the scripting section and you'll still be safe because even if you download the scripts, they won't be able to run. However when it comes to IE, there's different kind of scripting that falls under that category. Those are scripts that don't need to be downloaded but IE treats them as active scripts. An example of that is the links on top of the security forum. There are also some form actions that use scripting. They are simple scripts but they won't run if this option is not set to enabled or prompt. However they are hardly unsafe. By setting that option to prompt you'll be able to decide.

The cookie options as they are above, will prevent you from being tracked. In fact you'll never see a cookie such as doubclick, etc... on your machine ever again. The above scripting settings will also assure that you'll never see a pop up or a pop under ad again.

I've also set Java on high safety and with that setting you are just about as much in trouble that you would be with Netscape which is my main browser and I'm used to. So again, I personally feel comfortable with although some of you like R2 may not like it. I do believe that the above setting is quite safe. I also believe it can be modified to suit your needs, although I believe any modification should be done to make it tighter and not looser. Anything less than the above setting is not safe IMHO.

FoMoCo
466 C.I.D.
join:2001-01-10
Grand Rapids, MI

FoMoCo to Wildcatboy

Member

to Wildcatboy
WOW knew it would help but didnt think that much thank you wildcatboy for taking the time --- boy I like this forum--

BellBoy
Steven Paul Jobs 1955-2011
Premium Member
join:2001-02-20
Los Angeles, CA

BellBoy to R2

Premium Member

to R2

Re: R2's Trusted List...

It's interesting that you have microsoft.com as a trusted site. I remember reading that some of M$'s own servers weren't patched against CodeRed.

The only site I trust is my own, plain and simple.

Vampirefo
Premium Member
join:2000-12-11
Huntington, WV

Vampirefo to Wildcatboy

Premium Member

to Wildcatboy

Re: IE Security Settings

Click for full size
Click for full size
I wonder if a browser add on, could be made, to turn on and off the security settings, per site. The browser I use has it already built in plus a lot of other features. But if a add on could be made, this will allow people to turn them on and off at will,without having to go into the settings.

Here is some pictures, of what I am talking about, they are already built into my browser like I said. But perhaps someone who knows someone might be able to make a add on for IE.
The first picture is an option of how I want to view a website, I can view it as only text, or I can load pictures, sounds, script,videos. All or just each item.
Picture two is the security settings, I can allow or disallow each or all per webpage.

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to BellBoy

MVM

to BellBoy

Re: R2's Trusted List...

BellBoy - I understand your reservations about Microsoft. However, I am there all the time -- searching the KnowledgeBase, checking out Updates, digging through the TechNet and MS Developer's Network -- that I see no other option but to "Trust" Microsoft. Otherwise using their site is just a nightmare.

What I have done is made my "Trusted sites" zone not as "trusted" as it is by default. That way I feel somewhat secure.

WCB - I understand your settings and do not disagree with them for you, but (again) since I am NOT the only user of my machine, I choose to make my Internet Zone fairly restricted -- very close to my "Restricted Sites" settings. However, since I have five Internet Security zones to play with, I have other choices to use for sites that I desire to be more "enabled".

That is why I think there is no "perfect" setting for all of us. Instead, we can present and discuss our settings -- and our rationale for our choices -- and everyone learns.
R2

R2 to Vampirefo

MVM

to Vampirefo

Re: IE Security Settings

Vampirefo - yes, I think that would be very useful. Very soon this thread will be infiltrated by Proxomitron users and they will tell us all how Proxo can do just that. Proxo allows you to set site specific controls.

However, within IE5 you can only group sites into certain zones. Within each zones you can only selectively choose the settings displayed above. While this gives you a fair degree of control, it certainly is not ideal.

I would even like to see the large and vague category of "ActiveX controls" be broken down into EACH control. I would like to be able to choose WHAT control I would like to run in a given zone.

For example, PDF files are fairly safe (esp. if you only have Acrobat Reader), so I do not see any reason to Disable those. However, since I must choose to disable ActiveX in an all-or-noting fashion, I have chosen to disable PDF files in my Internet zone.

Wouldn't it be more convenient to select EXACTLY which controls you would like to allow in each zone?

Wildcatboy
Invisible
Mod
join:2000-10-30
Toronto, ON

Wildcatboy to R2

Mod

to R2

Re: R2's Trusted List...

said by R2:
That is why I think there is no "perfect" setting for all of us. Instead, we can present and discuss our settings -- and our rationale for our choices -- and everyone learns.
I agree and that's exactly why I started this thread. I'm hoping that eventually we'll have others join the thread and discuss it further.

bangaroo
Premium Member
join:2000-08-13

bangaroo to Wildcatboy

Premium Member

to Wildcatboy

Re: IE Security Settings

Click for full size
For those that want to prevent other family members or employees from changing the Security Settings (or anything in Internet Options), rename the following file located in your System folder:

inetcpl.cpl

Rename it to something like inetcpl_.cpl.

You have to close your browser to make the change.

The error message above will appear if anyone trys to change any settings in Tools > Internet Options.

Just don't forget the file name.

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ to Wildcatboy

Premium Member

to Wildcatboy
I have found this whole question of IE security settings frustrating to say the least. The most annoying thing to me is the fact that anything Microsoft needs far too many things enabled in order to work eg: Windows Update, Hotmail etc (My security unconscious husband uses it!).

Someone recently recommended a neat little free program called "IE Zone Editor" which has solved the problem for me. You can create your own custom designed security zones which means that you can put Site A into it's own zone and *only* enable the things it needs to run. If you use trusted Zone in this way, some sites actually finish up with some settings enabled that they themselves *don't* need. You can put multiple sites into your newly created Zone - for instance, I have Hotmail, MSN and a couple of others all within one zone as they all require the same settings.

The program is very simple to use and so far, works extremely well. Why does M$ never build these things into their software in the first place I wonder?

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2

MVM

I used Security Zone Editor initially, but the program was exceedingly frustrating for me. Perhaps this is a minor thing, but I did NOT like the way it handled the icons. It tried to always make the new icon into the globe with tools next to it. Oh, you could override it, but it limited you on exactly what you could choose. Then, the last straw was if you decided to use an icon it did not like, the program would simply CRASH! So I gave up on it and made a .reg file that would do the same thing. This part of the registry is very easy to edit.

Here is the result of that:
»My newest Zone arrangement...

For me, this was the best solution. I can use whatever icon I want -- unlike how Security Zone Editor works.
[text was edited by author 2001-08-25 11:10:54]

CNZ
Schnook's Kiwi
Premium Member
join:2001-07-07
Kakanui, NZ

CNZ

Premium Member


I am more concerned with security issues than icons!

IamZed
Premium Member
join:2001-01-10
Dayton, OH

IamZed to Wildcatboy

Premium Member

to Wildcatboy
I am not so paranoid. I do not wear safety glasses when operating a PC. I do not store my last will and testament on my hard drive. The experiance of the web is why I come to the web. Limiting it to a text box makes me want to log off. It may seem dangerous to you all, but you will not loose the leg or arm that you fear you will. Get real.

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to CNZ

MVM

to CNZ
CNZ - I guess so, but when the program keeps crashing because of something as simple as using a different icon, I have to wonder what else they did wrong!

IamZed - sadly, this is real. If you choose to bury your head in the sand, then fine -- go right ahead. It is your choice. The risks of ActiveX and Scripting are real. If you choose to ignore them, it is OK by me. It's your computer.
[text was edited by author 2001-08-25 19:54:33]

IamZed
Premium Member
join:2001-01-10
Dayton, OH

IamZed to Wildcatboy

Premium Member

to Wildcatboy
It never gets hit. I dont know why. It never gets hit with anything I dont do myself. Hell, I dont even get Spam. Of any kind ever. I must do something right.