configureing IEs internet zone and advanced options tab

hi all

I'm wondering if anyone might be able to help I'm currently working on a set up for internet explorer that will allow it to remain functional but will lock down its more dangerous features so as to keep users safe from active content but I'm a little stuck

here is what I have so far

http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Index.php?page=Internet-Explorer

the problem I'm having at the moment is that I'm unsure of the best way to configure the internet zone and the advanced options tab and I'm wondering what peoples thoughts are on this ?

plus and other general comments regarding what i have already written

 

Re: configuring IEs internet zone and advanced options tab

hi all

having just finished a few more updates to the above page I think it should be about 90% complete so has anyone got any thoughts on the best way to set up the advanced tab and internet zone

obviously there are some settings that should definitely be disabled like active x as most web pages have no need to be running active x applets

but there are some other settings that I'm not so sure about as I don't really understand what there for

for instance

.NET Framework-reliant components

* Run components not signed with Authenticode
* Run components signed with Authenticode

what exactly is .net frame work anyway and is it really necessary to have it installed ??

then to make matters more complicated there are some settings like java that in a perfect world would be disabled to prevent then being used as an attack vector but are not really practical to disable as to many websites would malfunction and not work correctly as they are java driven

 

Re: configuring IEs internet zone and advanced options tab

I found a few suggested IE settings here but it doesnt explain them.

As for .NET Framework, its needed by some programs such as Paint.NET or CDBurnerXP.

Such programs will usually mention .NET Framework in their system requirements along with what version they want (usually 2.0, but some program may need 1.1 or 3.x).

 

hi

thanks for your reply

i see so i take it this is another one of them components of windows that isn't actually needed unless you are running apps that specifically require it

oh well that's Microsoft superfluous bloat that will be getting un-installed by xplite

as for the settings in question

* Run components not signed with Authenticode
* Run components signed with Authenticode

I take it from the wording that .net components are similar in nature to active x applets small web based programs ? and these settings determine whether internet explorer is allowed to access and run these programs

 

.NET Framework are runtimes that you install on your computer; Ive havent heard of them running from a web page.

Also another page I found: Make Internet Explorer 7 Safer- Configure the Security Settings

 

sounds suspiciously like COM (Component Object Model) i could be misunderstanding things here but if .net is basically the new COM then would that mean that .net is basically the new active x and therefore susceptible to all the same issues ??

 

Best IE tweak is to use 0.0.0.0:0 proxy and switch browser

 

lol you'll get no argument from me there i cant stand IE its a horrid pain to code for when creating web pages

it supports technology that is known to be insecure but instead of doing the right thing and removing it they try in vain to fix it putting users at risk

they have a nasty habit of not fixing bugs or taking excessively long periods of time to fix bugs

they have a nasty habit of leaving users exposed when bugs are reported instead of releasing temporary patches to lock down the problem till a proper solution can be found like mozilla and other browser manufactures do

the list just goes on and on

people will argue that IE if set up corectley can be as secure as any other browser and that problem with IE is not the browser but the fact that users don't have it set up properly and granted there may be a grain of truth to that

but i maintain that its microsoft and there browser that are at fault users shouldn't have to reconfigure there browser to make it secure it should be secure right out of the box it shouldn't support insecure technologies and bugs should be fixed in a timely fashion and if they know that a problem is goin to take a long time to fix then they should release temporary patches to keep users safe till a solution can be found

granted even good browsers like firefox have bugs and issues some of which don't get fixed but at least when there is a serious issues its usually fixed in a timely fashion and if it cant be fixed quickly then a temporary fix is usually made available