IE Security settings

Can someone tell me the safest "Internet" settings in IE 5.00? It's more complicated than NS, KM or Moz since you have more options than just Java, JS and Cookies.

Medium setting isn't THAT safe? You have to do a Custom setting from Medium to disable scripting etc? Should _anything_ related to ActiveX be disabled?

What about the Intranet (only for if on a LAN not home single PC?), Restricted and Trusted sites settings?

 

Pertaining to just ActiveX controls - those who want to retain functionality with Windows Update, Office Update, and other similar sites (the Symantec vulnerability scanner also uses ActiveX) may find the following custom settings useful:

-Download signed ActiveX controls: PROMPT
-Download unsigned ActiveX controls: DISABLE
-Initialize and script ActiveX controls not marked as safe: DISABLE
-Run ActiveX controls and plug-ins: ENABLE
-Script ActiveX controls marked safe from scripting: ENABLE
(some people may want to set the last one to prompt, although you may get a lot of pop up windows asking for permission because of it)

If you feel no need for ActiveX in your internet zone, you may also decide to totally disable all of those features in the Internet Zone, and add Windows Update and related sites to your "Trusted Sites Zone", where I still recommend that you apply the above options (i.e. disabling unsigned and un-safe ActiveX controls).

-Javacool

 

Also, you may find it useful to edit the following two settings:

-Allow paste operations via script: DISABLE
-Scripting of Java applets: DISABLE

If you decide not to disable Active Scripting, because many sites you visit use it, then disabling the two features noted above will provide a *slightly* more secure environment, in that area (there are vulnerabilities that exploit both).

I have no issues disabling the two above settings in the Internet Zone (or any other zone for that matter).

-Javacool

 

Javacool has you covered on this and here are some sites that might help....

IE safe setting

http://www.markusjansson.net/eienbid.html#safe

http://www.markusjansson.net/eienbid.html

IE Settings - A Simple Tutorial
http://members.tccoa.com/ryang/ie.html

 

Hi Polo! Here's a link to the Microsoft IE Support Center:

Internet Explorer Support Center


Hope this helps you out!

 

If I remember, there was also a bug that allowed exploitation using the folder view for FTP sites...so if that option appears under your Advanced settings toolbar in the Internet Options, I would disable it (look for "Enable folder view for FTP sites").

-Javacool

 

Hi Javacool,

For confidentiality purpose, I should also disable "permanence des données utilisateur" (user 's data permanence, in Eng or something of the kind)

Rgds,

 

User data persistance I think you mean.

 

I like http://members.tccoa.com/ryang/ie.html
So from what I understand you don't have to actually choose an IE setting since you will be customising the settings anyway. Even "High" setting is dangerous without user modification.

The Intranet zone is redundant for home PC if you are using a dial-up to 1 PC?

The Restricted and Trusted sites allow you to configure those sites you add separately from the "general" Internet one, saves you always going to Options and changing the settings?

Just a bit scary at first if you've been using Netscape and others. They have no ActiveX features or IFRAME,- simpler set of options. Plus there's no Restricted or Trusted settings.

Other than that which IE should you have for Win98? IE5.0 is old... You should make sure all patches are added too.

 

IE Security Settings
Wildcatboy
(with screenshot)

http://www.dslreports.com/forum/remark,1333507;root=security,1;mode=flat;start=0

 

Heres a follow on from this, recieved today from Kaspersky;


Microsoft Offers Security Fixes for Explorer, XP and NT 4.0
Microsoft has announced several security flaws in its software, with
some of the flaws given a high degree of importance.

Critical flaws are reported in Internet Explorer 5.01, 5.5 and 6.0 that
could allow an attacker to access a victim's computer and run
unauthorized commands. Also announced are less serious security
vulnerabilities in Windows XP Professional and Windows NT 4.0, which
give an attacker the chance the crash these systems.

Fixes for the vulnerabilities described above can be found on the
Microsoft Web site at: http://www.microsoft.com/security