Active X, IE and security

For a few days I was having trouble with IE loading slowly, and having problems connecting. I suspected that it was a result of following instructions as to how to secure IE. I could not even get to Kaspersky's on-line scan.

I went into IE, and reduced ActiveX and Script blocking more that recommended, but now I can update Windows, and get to the sites I want. Also, IE now works at the speed that it used to. I do not use IE except for sites that require it. Normally I use FF or Opera.

Why do some sites, such as Kaspersky's scanner require Active X and such when it is supposed to be vulnerable to malware?

A few AV sites do not, but more seem to. Why can't all be accessed without Active X??

I must add that if IE is strapped to the degree that it won't work, that is counterproductive.

Thanks,
Jerry

 

JerryM


Lowering the activeX settings was not the answer.....but a mistake.
Internet Explorer has "ZONES".............Intranet... Trusted Sites...Internet, and Restricted..........plus one hidden Zone..........

If you are having problems entering a "trusted website" that you know is safe.........simply place it in the Trusted Zone an tweak the activeX settings in that Zone to your needs...................
You should never experience problems such as you mentioned........in fact, by lowering your activeX settings as you did Opens your computer to viruses, trojans, and Hackers............

Set you Zones correctly and use them accordingly........Your banking website could go in the Trusted Zone...........a website like lets say google could go in the Restricted Zone,, etc,,,

The reason for "ZONES" is for your protection.......many bad websites use activeX.........an yes some so-called good websites use activeX as well......this is the poor choice of the webmaster..........many people believe that all webmasters know how to program.....an this is surely not the case.....any body can set up a website these days an know very little about Programing.........thats why you need to use the ZONES in Internet Explorer.........SeeYa

 

I realize that what you say is correct. However, I put them in the Trusted Zone, and that did not correct the problem. Also it is one thing to say to set them correctly, and to tweak the settings, but nothing I could figure made IE work.

I only use IE to go to Windows update, and to go to such sites as the Kaspersky on-line scan. I am not very knowledgeable in this area, but I fail to see how I can get infected on the Windows Update or the Kaspersky site. Is the liklihood more theoretical than real on those sites? If I were to go to Wilder's how would I get infected, again considering that I do not browse with IE?

Thanks,
Jerry

 

JerryM

Well Jerry you seem to have this subject covered to your liking........actually I am somewhat confused as to why you made the post if you already was satisfied with what you were doing............so you will just need to excuse my confusion......thought you were seeking help.....my mistake...sorry!

 

Sorry if I seemed to reject your help. That is not my intent, but what I need is more specific advice as to how to set IE activeX and scripts.
Spyware blaster will change the settings to a secure zone, but then IE is not usable.

I do wonder how I would get infected going to known safe sites such as Wilders, for example, or Windows Update.

Evidently there are settings that are secure, but must be modified when one goes to a site that is known safe, and which must have scripts and ActiveX enabled. That is what I do not know how to do.

Thanks for the interest, and there was no intent to just reject your suggestions and comments, but I need more specifics as to the settings for IE if I am to change to a safer level. I have experienced this on both my desktop and notebook systems.

I made the post to express my dismay at the problem of security and usefulness of IE with my level of expertise.

Have a good evening,
Jerry

 

Hi Jerry,

Different people program in different ways, and some software is only designed to work the way it does with ActiveX etc, that's just how it is, but of course it could be done in other ways if they wanted to !

No you won't get infected at Wilders or Windows Update, but if someone left the settings as default in a lowish manner and then moved on to other sites could be a problem.

If you want know how to set up IE very securely and in the Zones too, please look here. http://www.sysinternals.com/Forum/forum_posts.asp?TID=2470&PN=1


StevieO

 

StevieO,

Thanks. Tomorrow I will look at the site, and see if I can figure out how to set IE up better. I admit that when I change things after a while I have forgotten what I changed or at least how I did it.

I do not mind trying to make IE more secure if I can do it and still use it.

I apppreciate the help.

Jerry

 

JERRY SAID:

*** Spyware blaster will change the settings to a secure zone, but then IE is not usable. ***

_____________________________________________________________



Jerry


Ok friend.....now you are geeting into the problem.........Friend spywareBlaster OFFERS PROTECTION FROM KNOWN BAD WEBSITES, ETC.....if its keeping you out of a website its most likely saving your computer........, howeverm you have a choice to disable the protection spywareblaster offers........an if you start doing that....whats the point in using spywareblaster...........not much sense in disabling its protection.....

so, this is one cause of your problems....but its not preventing you access to windows update or Kav update.....thats for sure.....!!!


___________________________


So, seems you want to surf........but don't enjoy being prevented from entering known dangerous websites................can't help you there jerry....

________________________________________________________________

TRUSTED ZONE




ActiveX Controls and Plug-ins


Download signed ActiveX controls
Enable

Download unsigned ActiveX controls
disable

Initialize and script ActiveX controls not marked as safe
disable

Run ActiveX controls and plug-ins
Enable

Script ActiveX controls marked safe for scripting
Enable




Cookies


Allow cookies that are stored on your computer
Enable

Allow per-session cookies (not stored)
Enable




Downloads


Download files
prompt

Download fonts
disable




Java


Java permissions
high Safety




Miscellaneous


Access data sources across domains
disable

Drag and drop or copy and paste files
prompt

Installation of desktop items
prompt

Launching programs and files in an IFRAME
disable

Navigate sub-frames across domains
disable

Software channel permissions
high Safety

Submit nonencrypted form data
prompt

Userdata persistence
disable




Scripting


Active scripting
Enable

Allow paste operations via script
prompt

Scripting of Java applets
disable (on rare occassion you can enable at VERY trusted sites)(only in this zone)




User Authentication


Logon
Automatic logon with current username and password

________________________________________________________________


The above settings are for your trusted zone......most people do not set the security in the trusted zone as high.......but these settings work just fine an offer just a tad bit more security than the average User uses


BUT BE HEREWITH WARNED.....don't just put any website in the Trusted Zone.........

_______________________________________________________________



the other zones should be locked-up tight........but here again its a Users choice.......an most times its a bad choice....cause Users get tired of the restrictions.............oh well, I am not going to even bother going there,




In ADVANCE: disable> "install on demand"

 

JERRYM


The above was my last post on this subject. Wanted to wish you well Jerry........hope you find a solution to fit your particular needs. I may not be around the forum much longer so very best.....an good luck.



Snowie The Snowman

 

Snowman,
Thanks for the help.
I must correct one assumption, that I want to surf with IE. That is not the case. I never surf with it. I only use it for sites that require IE, and those that I can think of are the Windows Update, and some on-line scanners. ALL surfing is done with FF and Opera.

Anyway, thanks, and if it gets down to it, I can use IE at lower security settings than those who surf with it. If I only use it for sites such as those mentioned, then the security is low anyway for those sites.

I do intend to work with it to see if I can get it to do what I want in the area of safe sites. I have had such settings for a long time, but recently I think what I have read about tweaking IE has set the security too high.

Sorry that you will not be here much longer. Take care.

Jerry

 

My personal preference with IE is to assure the Internet Zone is set to High. I then place any\all Trusted sites in the Trusted Zone where the setting is left at default of Low. Trusted Sites to me may be different from what you view as Trusted but as examples any\all Security Forums, financial, Microsoft....etc.

 

RESTRICTED ZONE





ActiveX Controls and Plug-ins


Download signed ActiveX controls
disable

Download unsigned ActiveX controls
disable

Initialize and script ActiveX controls not marked as safe
disable

Run ActiveX controls and plug-ins
diable

Script ActiveX controls marked safe for scripting
disable




Cookies


Allow cookies that are stored on your computer
disable

Allow per-session cookies (not stored)
disable




Downloads


Download files
prompt

Download fonts
disable




Java


Java permissions
disable




Miscellaneous


Access data sources across domains
disable

Drag and drop or copy and paste files
prompt

Installation of desktop items
prompt

Launching programs and files in an IFRAME
disable

Navigate sub-frames across domains
disable

Software channel permissions
high Safety

Submit nonencrypted form data
prompt

Userdata persistence
disable




Scripting


Active scripting
disable

Allow paste operations via script
prompt

Scripting of Java applets
disable



*********************************************************


INTERNET ZONE


ActiveX Controls and Plug-ins


Download signed ActiveX controls
disable

Download unsigned ActiveX controls
disable

Initialize and script ActiveX controls not marked as safe
disable

Run ActiveX controls and plug-ins
disable

Script ActiveX controls marked safe for scripting
disable




Cookies


Allow cookies that are stored on your computer
disable

Allow per-session cookies (not stored)
Enable




Downloads


Download files
prompt

Download fonts
disable




Java


Java permissions
disable




Miscellaneous


Access data sources across domains
disable

Drag and drop or copy and paste files
prompt

Installation of desktop items
prompt

Launching programs and files in an IFRAME
disable

Navigate sub-frames across domains
disable

Software channel permissions
high Safety

Submit nonencrypted form data
prompt

Userdata persistence
disable




Scripting


Active scripting
disable

Allow paste operations via script
prompt

Scripting of Java applets
disable




*********************************************************


In Advance


"UN-CHECK" > enabled folder view for ftp sites

un-checking will disable.


*********************************************************


Jerry..

These settings should keep you fairly safe as you surf.........some websites will "complain" because you don't have activeX enable.......ignor it.......an you will be much safer...........the websites you Trust simply place in the TRUSTED ZONE...................notice that BUBBA gave you some examples........if you should have any questions I feel sure that Bubba wont mind answering......he'll help you out.........(p.s. anything wanting to download now will ask your permission.....no drive-by downloads)

an no....I am not assumming that you surf with internet explorer......just making sure that whenever you do need to use internet explorer you will have a fair set of "rules" in place.........


SeeYa Friend


Snowie The Snowman

 

OPPS forgot!



In Advance......make certain that ENCRYPTED DATE IS NOT SAVED TO HARDDISK

 

Many thanks to you both. I went to the site mentioned and changed some settings. I think they are probably in line with your Snowman, but I'll double check.
After every few changes I would go to Kaspersky, and see it it worked. I was able to make all the changes, and everything is working OK. As I said, I never use it for surfing. In addition I NEVER visit high risk sites, such as porn or wrestling, or gaming, P2P, or music.

I think the problem is fixed now, and again thank you for the help.

Jerry

 

JERRY

Sounds great.......an you are more than welcome ........have yourself a great surfing day........


Regards

Snowie The Snowman

 

In making IE secure, and in the Security section I see "USE SS 2.0" and the same for 3.0 and TLS 1.0.

What are those? I had originally had 2.0 and 3.0 checked, and TLS 1.0 unchecked. Now 2.0 is unchecked as shown on the instructions which I used, and TLS 1.0 checked.

But I have no idea what those are about.
Help educate me?

Thanks,
Jerery

 

It is how we are protected when doing financial transactions for example.

Transport Layer Security

 

Bubba,
Thanks, you were Johnny er Bubba on the spot.

Jerry

 

I'm on my second pot of java so clicking is quick