How to make IE safe

Discussion in 'other security issues & news' started by Rasheed187, Jul 16, 2004.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I have already disabled javascript and ActiveX but something I found interesting is that you can also disable downloading of files. Since all of these trojans are also being downloaded (because of holes in IE), isn't this a way to stop them from being downloaded, even with javascript (active scripting) enabled?
     
  2. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Rasheed187

    Even if you have your settings like the picture below you can still be downloaded upon in IE! The "Prompt" is good to stop most downloads but not all. There is a situation known as "drive-by downloading" which is very malefic. Some others here can give you more information regarding this.

    Be seeing you
     

    Attached Files:

  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    But what if you completely disable file downloading? Why I mentioned this is because I read that in XP SP2 (I think) ActiveX, Active scripts and file downloading have been disabled by default. So I figured why did they disable file downloading, maybe because that stops trojan too?

    But I would like to know more about that drive by downloading stuff.
    I'd be rather surprised if people can still download files to your computer with this feature turned off, because if you can really disable javascript and ActiveX why not this? Or do these trojans (download.ject) even can bypass this setting?

    It would be cool if IE could recognize a file being downloaded (either by you or hackers) and would just refuse this, just like with scripts and activeX. So only when you need to download files you can enable "file downloading". Good idea or is this impossible with all these holes in IE?
     
  4. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    You could probably get rid of at least a few holes by changing the settings. But remember, this is a browser with 55 (or is it 56 by now?) Secunia warnings. It has a lot of holes, and MS has not provided patches for several of them.

    To put it shortly: IE sucks.
     
  5. Ronin

    Ronin Guest

    Disabling file downloads? LOL, the things you IE lovers will do just to remain safe. What next, refuse to surf the web at all?
     
  6. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Quite frankly, I'm with Pigman. IE being the most popular browser, makes it the number one target. I'm alway's suspect to "HOW" IE handles it's menus, and I've seen lots of articles about that security "SLIDER". Your best defense is to do a little investigation. It's unfortunate that for the time being we all have to deal with this "GARBAGE". Check out the IE articles at this site if your still curious...

    http://www.spywarewarrior.com/uiuc/main.htm
     
  7. abracadabra

    abracadabra Guest

    The best way i find to make IE safe is, don't use it. Use another browser instead.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well, first of all I'm not an IE fan, but since I'm on a slow computer I don't have any choice but to use it. Opera and Mozilla don't work as smoothly as IE on slow machines, and even more important, I'm using an IE shell that really kicks Opera's and Mozilla's butt. So yes, I want to keep using IE and I was hoping for some usefull feedback.

    But anyway, I think my idea is a good one (if it is possible to implement), just shut down downloads! When you need to download a file you can enable it with one click. So if someone tries to download (or upload) something without your permission, you will get to see "Download denied!" in the statusbar just like with activeX. This way, you will also immediately know that a website has malicous code on it.

    But it won't solve all the holes, IE has too many I agree. I just think it's a shame that javascript can do so much harm, isn't it possible to build some kind of sandbox into the browser or something? There has to be a way to fix this. Btw, I'm not an expert, it's just an idea so if I'm saying something stupid just let me know.
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    this is from http://www.markusjansson.net/exp.html i think you can use sun java too
    Secure your Internet Explorer settings
    -> Control Panel
    --> Network and Internet connections
    ---> Internet Options
    ----> General
    -----> Temporary internet files
    ------> Settings
    -------> Set to: Every visit to page
    -----> Days to keep pages in history
    ------> Set to: 0
    ----> Security
    -----> Internet
    ------> Custom level
    -------> Reset to: High
    --------> Reset (yes)
    ------> Scroll down to "File download"
    -------> Set to: Enable (yes) (THAT IS, IF YOU WANT USERS TO BE ABLE TO DOWNLOAD FILES FROM THE INTERNET!)
    -----> Local intranet
    ------> Sites
    -------> Make sure nothing is selected!
    -----> Trusted sites
    ------> Sites
    -------> Add this web site to the zone:
    --------> Add all the domains here you can absolutely trust here (and press add after each domain)
    ---------> For example, add: *.microsoft.com
    ---------> For example, add: *.passport.com
    ---------> For example, add: *.msn.com
    ---------> For example, add: *.markusjansson.net
    --------> Make sure "require server verification..." is not selected!
    ------> Move the tab to "Medium"
    -----> Restricted Sites
    ------> Custom level
    -------> Reset to: High
    --------> Reset (yes)
    ------> Scroll down to "File download"
    -------> Set to: Enable (yes)
    ----> Privacy
    -----> Advanced
    ------> Override automatic cookie handling
    -------> First party cookies: Block
    -------> Third-party cookies: Block
    -------> Enable: Always allow session cookies
    ----> Content
    -----> Autocomplete
    ------> Disable all
    ------> Clear forms (yes)
    ------> Clear passwords (yes)
    ------> Programs
    ------> Disable: Internet Explorer should check whether it is the default web browser
    ----> Advanced
    -----> Disable everything else, but enable the following
    + Always send URL:s as UTF-8
    + Disable script debugging
    + Enable folder view on FTP sites
    + Enable page transitions
    + Show friendly http error messages
    + Show go button in address bar
    + Use passive ftp
    + Use smooth scrolling
    + Use http 1.1
    + Use http 1.1 through proxy connections
    + Dont display online media content in the media bar
    + Play animations in webpages
    + Play sounds in webpages
    + Play videos in webpages
    + Show pictures
    + Smart image dithering
    + Check for publishers certificate revocation
    + Check for server certificate revocation
    + Check signatures on downloaded programs
    + Do not save encrypted pages to disk
    + Use SSL 3.0
    + Use TLS 1.0
    + Warn about invalid site certificates
    + Warn if form submittal is being redirected
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Thanks iceni60, but I already had configured IE that way, it won't protect you against the latest threaths though, you will have to disable javascript completely.

    But what about this article, will it protect you from all or most of the security holes?:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;833633
     
  11. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Wait a minute... how old is your computer? How much RAM does it have? So long as you're not using several other programs while browsing, 64 megs of RAM is quite enough for Firefox...
     
  12. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  13. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    A very good article about drive-by downloading can be found here.
     
  14. IE user

    IE user Guest

    Here is a simple way to keep most hackers out:

    Set the IE security slider to the highest level while surfing and until you have to download something, then set it to the next lower level, but not in a site you don't trust.

    After down-loading, reset it to the highest level and keep surfin'. Makes sense to run a firewall also!

    This works well for me and is not too much of an inconvienence. Only a few mouse clicks to make the changes.
     
  15. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Still no good, IE User. IE has plenty of holes that won't be affected by changing the settings.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    iceni60, I have taken the test you can see my reaction in that thread. About drive by downloading, the article doesn't really impress me since I have disabled activeX and have a powerful popupblocker.

    But of course I wonder if download.ject would work on my system with file downloading disabled. And Pigman what about the link I gave, will it protect me for the latest serious threats? About Mozilla and Opera, they are slow and their GUI sucks, sorry.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;833633
     
  17. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    I've heard that Opera's GUI is quite different from IE's, so I get what you're saying. But Mozilla/Firefox has a very IE-like GUI. But both Mozilla/Firefox and Opera are generally much faster than IE... Meh, whatever works for you. Just remember that, if you continue using IE or IE shells, you have to be extremely careful...
     
  18. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am useing opera version 7.53 and IE is nowhere near as fast as opera. And if you don't like the gui you can skin it and completely change the look.
     
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well well, this is the first time I have ever come across someone saying that IE was faster than Mozilla (did you try the lean-and-mean Firefox also?) or Opera. Early versions of Opera 7 were slower than 6 (which can still be downloaded from the Opera archives) but later ones should have been pepped up a bit (I still use 6.05 - mainly due to my dislike about the skinning on 7 which won't work with WindowBlinds and it is noticeable faster at rendering than IE). If your PC is really old then consider an ultra-lightweight browser like the DOS-based Arachne.

    IE Shell or not, you will still have problems with IE's sloppy security (see the Secunia vulnerability list for IE6) so dropping it should still be a serious option if security is your main goal.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    This isn't about which browser is better, but Opera and Mozilla are slow in starting up, and I also don't see that much difference when it comes to loading pages. The GUI also isn't as good as Maxthon's. So Opera and Mozilla are no options for me, why do you think I started this thread?

    But when I look at Secunia, it seems like IE 5.01 is a lot saver than IE 6, that's good news for me. And I read (not on Secunia) that the latest high risk holes like download.ject and the varation on it (which really got me worried) don't seem to work on IE 5.01, can anyone confirm this?
     
  21. Ronin

    Ronin Guest

    Well why not try IE 4 then, I bet it's even more "Secure".
     
  22. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Opera and Mozilla are slow at starting up because they aren't integrated into your OS, IIRC. Just deal with the extra 5 seconds - once they get started, they're much faster than IE.
     
  23. f123

    f123 Guest

    Have a 600MHz PIII CPU with 384MB RAM. Firefox 0.92 is tweaked to look just like IE6 (with only one horizontal toolbar). Launch time is 2.2 seconds vs. 0.8 sec for IE6. Most launch time issues are caused by the lack of physical memory or a poorly configured PC. If you have a modern PC, then you will be able to launch FF in under 1.5 second!

    So why do I use FF?

    -better security
    -faster webpage rendering (20 to 26% faster than IE6)
    -tabbed browsing
    -mouse gesture functions
    -better cookies manager
    -huge list of extensions...with new extension each week

    and the cons:

    -uses more RAM than IE and you need to minimize FF to release all RAM (typical load is 35 to 45MB)
    -unrefined built-in download manager...suggest download extension download manager
    -higher CPU load...probably won't do well in a 300MHz system

    I still use MyIE2 with poorly coded webpages...perhaps four times last year.
     
  24. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    FF works perfectly well on my 300 MHz Pentium 2 box, with 64 megs of RAM. I've never seen it use more than 30 megs of RAM, usually less. (Maybe this is affected by my computer's configuration? Not sure.) As for CPU usage, it doesn't seem to be very significant.

    Minimizing the window does not free up any RAM, though.
     
  25. f123

    f123 Guest

    It should if you minimized FF to the windows taskbar. My experience is that FF dynamically adjusts the CPU load, much more than IE.
     
Loading...
Thread Status:
Not open for further replies.