Active X, IE and security

Discussion in 'other security issues & news' started by JerryM, Feb 13, 2006.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    For a few days I was having trouble with IE loading slowly, and having problems connecting. I suspected that it was a result of following instructions as to how to secure IE. I could not even get to Kaspersky's on-line scan.

    I went into IE, and reduced ActiveX and Script blocking more that recommended, but now I can update Windows, and get to the sites I want. Also, IE now works at the speed that it used to. I do not use IE except for sites that require it. Normally I use FF or Opera.

    Why do some sites, such as Kaspersky's scanner require Active X and such when it is supposed to be vulnerable to malware?

    A few AV sites do not, but more seem to. Why can't all be accessed without Active X??

    I must add that if IE is strapped to the degree that it won't work, that is counterproductive.

    Thanks,
    Jerry
     
  2. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    JerryM


    Lowering the activeX settings was not the answer.....but a mistake.
    Internet Explorer has "ZONES".............Intranet... Trusted Sites...Internet, and Restricted..........plus one hidden Zone..........

    If you are having problems entering a "trusted website" that you know is safe.........simply place it in the Trusted Zone an tweak the activeX settings in that Zone to your needs...................
    You should never experience problems such as you mentioned........in fact, by lowering your activeX settings as you did Opens your computer to viruses, trojans, and Hackers............

    Set you Zones correctly and use them accordingly........Your banking website could go in the Trusted Zone...........a website like lets say google could go in the Restricted Zone,, etc,,,

    The reason for "ZONES" is for your protection.......many bad websites use activeX.........an yes some so-called good websites use activeX as well......this is the poor choice of the webmaster..........many people believe that all webmasters know how to program.....an this is surely not the case.....any body can set up a website these days an know very little about Programing.........thats why you need to use the ZONES in Internet Explorer.........SeeYa
     
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I realize that what you say is correct. However, I put them in the Trusted Zone, and that did not correct the problem. Also it is one thing to say to set them correctly, and to tweak the settings, but nothing I could figure made IE work.

    I only use IE to go to Windows update, and to go to such sites as the Kaspersky on-line scan. I am not very knowledgeable in this area, but I fail to see how I can get infected on the Windows Update or the Kaspersky site. Is the liklihood more theoretical than real on those sites? If I were to go to Wilder's how would I get infected, again considering that I do not browse with IE?

    Thanks,
    Jerry
     
  4. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    JerryM

    Well Jerry you seem to have this subject covered to your liking........actually I am somewhat confused as to why you made the post if you already was satisfied with what you were doing............so you will just need to excuse my confusion......thought you were seeking help.....my mistake...sorry!
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Sorry if I seemed to reject your help. That is not my intent, but what I need is more specific advice as to how to set IE activeX and scripts.
    Spyware blaster will change the settings to a secure zone, but then IE is not usable.

    I do wonder how I would get infected going to known safe sites such as Wilders, for example, or Windows Update.

    Evidently there are settings that are secure, but must be modified when one goes to a site that is known safe, and which must have scripts and ActiveX enabled. That is what I do not know how to do.

    Thanks for the interest, and there was no intent to just reject your suggestions and comments, but I need more specifics as to the settings for IE if I am to change to a safer level. I have experienced this on both my desktop and notebook systems.

    I made the post to express my dismay at the problem of security and usefulness of IE with my level of expertise.

    Have a good evening,
    Jerry
     
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi Jerry,

    Different people program in different ways, and some software is only designed to work the way it does with ActiveX etc, that's just how it is, but of course it could be done in other ways if they wanted to !

    No you won't get infected at Wilders or Windows Update, but if someone left the settings as default in a lowish manner and then moved on to other sites could be a problem.

    If you want know how to set up IE very securely and in the Zones too, please look here. http://www.sysinternals.com/Forum/forum_posts.asp?TID=2470&PN=1


    StevieO
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    StevieO,

    Thanks. Tomorrow I will look at the site, and see if I can figure out how to set IE up better. I admit that when I change things after a while I have forgotten what I changed or at least how I did it.

    I do not mind trying to make IE more secure if I can do it and still use it.

    I apppreciate the help.

    Jerry
     
  8. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    JERRY SAID:

    *** Spyware blaster will change the settings to a secure zone, but then IE is not usable. ***

    _____________________________________________________________



    Jerry


    Ok friend.....now you are geeting into the problem.........Friend spywareBlaster OFFERS PROTECTION FROM KNOWN BAD WEBSITES, ETC.....if its keeping you out of a website its most likely saving your computer........, howeverm you have a choice to disable the protection spywareblaster offers........an if you start doing that....whats the point in using spywareblaster...........not much sense in disabling its protection.....

    so, this is one cause of your problems....but its not preventing you access to windows update or Kav update.....thats for sure.....!!!


    ___________________________


    So, seems you want to surf........but don't enjoy being prevented from entering known dangerous websites................can't help you there jerry....

    ________________________________________________________________

    TRUSTED ZONE




    ActiveX Controls and Plug-ins


    Download signed ActiveX controls
    Enable

    Download unsigned ActiveX controls
    disable

    Initialize and script ActiveX controls not marked as safe
    disable

    Run ActiveX controls and plug-ins
    Enable

    Script ActiveX controls marked safe for scripting
    Enable




    Cookies


    Allow cookies that are stored on your computer
    Enable

    Allow per-session cookies (not stored)
    Enable




    Downloads


    Download files
    prompt

    Download fonts
    disable




    Java


    Java permissions
    high Safety




    Miscellaneous


    Access data sources across domains
    disable

    Drag and drop or copy and paste files
    prompt

    Installation of desktop items
    prompt

    Launching programs and files in an IFRAME
    disable

    Navigate sub-frames across domains
    disable

    Software channel permissions
    high Safety

    Submit nonencrypted form data
    prompt

    Userdata persistence
    disable




    Scripting


    Active scripting
    Enable

    Allow paste operations via script
    prompt

    Scripting of Java applets
    disable (on rare occassion you can enable at VERY trusted sites)(only in this zone)




    User Authentication


    Logon
    Automatic logon with current username and password

    ________________________________________________________________


    The above settings are for your trusted zone......most people do not set the security in the trusted zone as high.......but these settings work just fine an offer just a tad bit more security than the average User uses


    BUT BE HEREWITH WARNED.....don't just put any website in the Trusted Zone.........

    _______________________________________________________________



    the other zones should be locked-up tight........but here again its a Users choice.......an most times its a bad choice....cause Users get tired of the restrictions.............oh well, I am not going to even bother going there,




    In ADVANCE: disable> "install on demand"
     
  9. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    JERRYM


    The above was my last post on this subject. Wanted to wish you well Jerry........hope you find a solution to fit your particular needs. I may not be around the forum much longer so very best.....an good luck.



    Snowie The Snowman
     
  10. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Snowman,
    Thanks for the help.
    I must correct one assumption, that I want to surf with IE. That is not the case. I never surf with it. I only use it for sites that require IE, and those that I can think of are the Windows Update, and some on-line scanners. ALL surfing is done with FF and Opera.

    Anyway, thanks, and if it gets down to it, I can use IE at lower security settings than those who surf with it. If I only use it for sites such as those mentioned, then the security is low anyway for those sites.

    I do intend to work with it to see if I can get it to do what I want in the area of safe sites. I have had such settings for a long time, but recently I think what I have read about tweaking IE has set the security too high.

    Sorry that you will not be here much longer. Take care.

    Jerry
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    My personal preference with IE is to assure the Internet Zone is set to High. I then place any\all Trusted sites in the Trusted Zone where the setting is left at default of Low. Trusted Sites to me may be different from what you view as Trusted but as examples any\all Security Forums, financial, Microsoft....etc.
     
  12. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    RESTRICTED ZONE





    ActiveX Controls and Plug-ins


    Download signed ActiveX controls
    disable

    Download unsigned ActiveX controls
    disable

    Initialize and script ActiveX controls not marked as safe
    disable

    Run ActiveX controls and plug-ins
    diable

    Script ActiveX controls marked safe for scripting
    disable




    Cookies


    Allow cookies that are stored on your computer
    disable

    Allow per-session cookies (not stored)
    disable




    Downloads


    Download files
    prompt

    Download fonts
    disable




    Java


    Java permissions
    disable




    Miscellaneous


    Access data sources across domains
    disable

    Drag and drop or copy and paste files
    prompt

    Installation of desktop items
    prompt

    Launching programs and files in an IFRAME
    disable

    Navigate sub-frames across domains
    disable

    Software channel permissions
    high Safety

    Submit nonencrypted form data
    prompt

    Userdata persistence
    disable




    Scripting


    Active scripting
    disable

    Allow paste operations via script
    prompt

    Scripting of Java applets
    disable



    *********************************************************


    INTERNET ZONE


    ActiveX Controls and Plug-ins


    Download signed ActiveX controls
    disable

    Download unsigned ActiveX controls
    disable

    Initialize and script ActiveX controls not marked as safe
    disable

    Run ActiveX controls and plug-ins
    disable

    Script ActiveX controls marked safe for scripting
    disable




    Cookies


    Allow cookies that are stored on your computer
    disable

    Allow per-session cookies (not stored)
    Enable




    Downloads


    Download files
    prompt

    Download fonts
    disable




    Java


    Java permissions
    disable




    Miscellaneous


    Access data sources across domains
    disable

    Drag and drop or copy and paste files
    prompt

    Installation of desktop items
    prompt

    Launching programs and files in an IFRAME
    disable

    Navigate sub-frames across domains
    disable

    Software channel permissions
    high Safety

    Submit nonencrypted form data
    prompt

    Userdata persistence
    disable




    Scripting


    Active scripting
    disable

    Allow paste operations via script
    prompt

    Scripting of Java applets
    disable




    *********************************************************


    In Advance


    "UN-CHECK" > enabled folder view for ftp sites

    un-checking will disable.


    *********************************************************


    Jerry..

    These settings should keep you fairly safe as you surf.........some websites will "complain" because you don't have activeX enable.......ignor it.......an you will be much safer...........the websites you Trust simply place in the TRUSTED ZONE...................notice that BUBBA gave you some examples........if you should have any questions I feel sure that Bubba wont mind answering......he'll help you out.........(p.s. anything wanting to download now will ask your permission.....no drive-by downloads)

    an no....I am not assumming that you surf with internet explorer......just making sure that whenever you do need to use internet explorer you will have a fair set of "rules" in place.........


    SeeYa Friend


    Snowie The Snowman
     
  13. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    OPPS forgot!



    In Advance......make certain that ENCRYPTED DATE IS NOT SAVED TO HARDDISK
     
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Many thanks to you both. I went to the site mentioned and changed some settings. I think they are probably in line with your Snowman, but I'll double check.
    After every few changes I would go to Kaspersky, and see it it worked. I was able to make all the changes, and everything is working OK. As I said, I never use it for surfing. In addition I NEVER visit high risk sites, such as porn or wrestling, or gaming, P2P, or music.

    I think the problem is fixed now, and again thank you for the help.

    Jerry
     
  15. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    JERRY

    Sounds great.......an you are more than welcome ........have yourself a great surfing day........


    Regards

    Snowie The Snowman
     
  16. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    In making IE secure, and in the Security section I see "USE SS 2.0" and the same for 3.0 and TLS 1.0.

    What are those? I had originally had 2.0 and 3.0 checked, and TLS 1.0 unchecked. Now 2.0 is unchecked as shown on the instructions which I used, and TLS 1.0 checked.

    But I have no idea what those are about.
    Help educate me?

    Thanks,
    Jerery
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It is how we are protected when doing financial transactions for example.

    Transport Layer Security
     
  18. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Bubba,
    Thanks, you were Johnny er Bubba on the spot.:D

    Jerry
     
  19. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm on my second pot of java so clicking is quick :D
     
Loading...
Thread Status:
Not open for further replies.