Securing IE ??

Discussion in 'other software & services' started by Bethrezen, Nov 5, 2004.

Thread Status:
Not open for further replies.
  1. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    in an effort to stop me getting confused I changed my mind and decided to move this to its own thread hope no one minds

    now obviously the settings for IE are incomplete and I could do with a lil help filling in the blanks but is what I have so far ok ?? or do a few of the settings need changing ?? the reason I ask is coz the 2 sources I been using

    http://www.lavasoftsupport.com/index.php?showtopic=14537
    http://www.dslreports.com/forum/remark,1333507~root=security,1~mode=flat

    don't seem to entirely agree on what the best set up should be now I know there is going to be a lil bit of personal preference involved here but I'm after a general purpose configuration that offers maximum security while still remaining functional and not annoying people with a torrent of prompts

    well anyway here is what I got so far


    we will start with Internet Explorer first

    Open Internet Options either through control panel or by opening Internet Explorer and then clicking Tools\Internet Options

    Select The "Security Tab"

    Select "Internet Zone"

    Press the Custom Level button and re-configure the settings as follows

    ActiveX Controls and Plug-ins: prompt, disable, disable, prompt, enable
    Downloads: enable, prompt
    Miscellaneous: prompt, enable, prompt, disable, enable, prompt, disable, enable, high safety, enable, disable
    Scripting: enable, prompt, prompt
    Authentication: prompt

    you may also see settings for Java and Net Framework if so configure them as follows

    Java: high safety
    Net Framework: prompt, prompt

    once done hit ok to close the window then click apply to save the changes

    Next select "Restricted Zone"

    Press the Custom Level button and re-configure the settings so that everything is set to Disable or Prompt (setting it to "High" is not enough) once done hit ok to close the window then click apply to save the changes

    Next we need to Enable active scripting for trusted sights like windows update because you may find that the above settings will brake sights like windows update that require active scripting this said you don't want to give "Trusted sites" a completely free reign on your computer just in case so what I would suggest is to reconfigure your "Trusted Sites" zone so its not as "Trusted" as it is by default. this can be done as follows

    Select "Trusted Zone"

    Press the Custom Level button and re-configure the settings as follows

    ActiveX Controls and Plug-ins:
    Downloads:
    Miscellaneous:
    Scripting:
    Authentication:

    Java:
    Net Framework:

    Once done hit ok to close the window then click apply to save the changes

    Ok so that done how do we add sights Like Windows Update to our Trusted Sights list this can be done as follows

    Select the Trusted Zone tab again press the Sights button then either cut and paste or type the URL of the trusted sight and hit the add button then ok the change and exit internet options then just refresh the page when you are done

    Ok next we need to configure Internet Explorers Cookie settings

    Select the "Privacy Tab"

    Select the Advanced Button

    Check the Override Automatic Cookie Handling box then Select Block under both First & Third-party Cookies and check the Always allow session cookies box

    Ok the change and exit cookie settings window

    If you find that there is a sight that requires the use of cookies such as logging in to your on line banking, email, forum boards Etc then all you need to do is go back in to your cookie settings press the edit button then type in the appropriate URL and press allow then ok the change clear your cache reload the page and you should now be able to log in

    Now the above settings are my personal preference however these slightly less restrictive settings are also accepted as safe

    Check the Override Automatic Cookie Handling box then Select Block under Third-party Cookies and accept under first party cookies & check the Always allow session cookies box

    Finally select the Advanced Tab and re-configure as follows

    Accessibility:

    Browsing:

    HTTP 1.1 Settings:

    Java:

    Multimedia:

    Printing:

    Security:
     
    Last edited: Nov 8, 2004
  2. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    is no one able to help me out here ??
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
    Would a link help?

    IE6
     
  4. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    thanks for ya reply

    what I really need though is a good complete and solid set of configuration instructions that are easy to follow

    I also need a lil guidance as to what the best set up should be because this is a lil over my head now I know there is a lil personal preference involved here but surely there must be some middle ground here

    restrictive enough that its secure but at the same time retaining its functionality with out annoying people with a torrent of prompts

    what I think would help is to take what I have got above and kind of fill in the blanks as it where

    If I need to make a correction because I have something wrong then maybe quote the relevant section highlighting in red the bit/s that need fixing

    or maybe if its a section that don't contain any information you could again quote the relevant section posting instructions

    if you see where I mean
     
  5. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
  6. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    I don't mean to be rude but i think you kind of missed the point of my request the reason I'm asking for IE set up is not for me I don't use IE and have every thing set to disable except for access to windows update

    what I'm looking for is a configuration that I can add to the guide I'm working on that is both safe and functional without annoying people with prompts

    also as it going in to the guide that I'm writing up i must be absolutely 100% sure that its not going to cause people problems because there is nothing worse then help guides get it wrong

    if you see my point that's why I'm asking for a lil guidance

    plus although the 2 links you and Ronjor have provided do have a lot of information regarding IE its not the information I'm looking for or at least I cant find it if it’s there if there
     
    Last edited: Nov 8, 2004
  7. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Perhaps if u tell us the guide u are working on, we might have a better understanding of what u are trying to achieve - hence someone will in all probability be able to help u. :)
     
  8. Lurkerella

    Lurkerella Guest

    Goodness, there is a mountain of information on that site!! I am sure what you need is somewhere on it or the links provided.

    As Peaches4U says, in all probability, someone can tell you anything else you may need, though What you could possibly need after all that I haven't the faintest!!

    Try again!! :)
     
  9. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
  10. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    well this is disappointing I would have though that with all the different experts that are floating round this board someone would have been able to give me a set of configuration instructions for IE

    but no all I have goten so far is sights that tell me everything else about IE except what I actually want to know I mean I don't want to sound ungrateful quiet the opposite I'm glad that there have been a few people that have attempted to help its just a shame that they haven't been able to give me the info I'm after

    which is

    A: How each of IEs zones should be configured
    B: How IEs advanced tab should be configured

    now like I have said before I know there is a lil personal preference involved here but I'm sure there must be some middle ground a set up that is both secure and functional while not annoying people with a torrent of prompts
     
    Last edited: Nov 11, 2004
  11. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    I think it is best that u visit this site which has screen shots in configuring IE. http://tinyurl.com/2nn38 - the article explains in detail what I would be typing here.
     
  12. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    grrrrrr ok oviously for about the hundredth time i have failed to get my point across I have to says this is really starting to frustrate me now I hate being given the run a round

    well here goes a 101

    have a look at this quote from my first post look at the partial instructions i have come up with so far

    ok now see the big blanks where I don't have any instructions coz I'm not sure how thoughts sections should be configured

    that is the information I need to know

    and that's why the links that have been posted are no good because they don't contain that information or at least I cant find it if its there

    I mean I'm not trying to be rude or nasty here and I apologise if any one find my tone to be rude or offensive I do appreciate the attempts to answer my question but how many ways do I have to explain what I'm after

    I mean its a simple enough question

    are the instructions I have so far ok ?? because the 2 sources I been using

    http://www.lavasoftsupport.com/inde...showtopic=14537
    http://www.dslreports.com/forum/rem...ity,1~mode=flat

    don't seem to agree on what the best set up should be and can some one who knows what there doing tell me how the rest of them sections that I don't have any instructions for should be configured

    the result that I'm trying to achieve is a general purpose configuration for IE that offers maximum security while still remaining functional and not annoying people with a torrent of prompts

    the reason I want this information is because I’m writing up a help guide to help people secure there computers after they have cleaned up malware infections on there machines so that they don't get re-infected

    I cant make it any clearer
     
  13. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    ....and after all the courtesy and kindness that you've shown them!
    Kind Regards,
    Buck
     
  14. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    ok fair enough i deserved that and I do acknowledge the fact that I could have been a more courteous and I do apologise if I have offended anyone

    In my own defence however you have to understand how frustrating it is when you are trying to accomplish something worth while to help people but despite that you get very little response and you basically get given the run around I would have though that an effort like this would have been commended and would have had hundreds of reply's and the fact that it hasn't is troubling to me

    I mean how am I meant to know if the advice I’m giving is ok ?? if I don't get any feed back

    either yeah its ok or no its not you've got this wrong or you missed that bit of information or there is X patch/fix for X problem that you haven't mentioned and so forth and so on

    I mean I'm sure that every one has noticed the epidemic of hijacking and the like in recent months and no sooner have you helped people clean up there infection than there back re-infected basically because that just don't know how to secure there computer

    So I decided to try and do something about it to come up with a basic set of instructions that if followed correctly will harden there computer against further attack and stop them getting re-infected because there is a lot of good info and patches and fixes out there for different exploits but there no good if people don't know about them so I'm trying to pull all these different things together into 1 place but in order to do this I need people to give me feed back to tell me about the things I don't know to look over my work to make sure I haven't made mistakes to make sure that I'm giving people the best possible advice
     
  15. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Well done!!
    I hope someone has a look at this for you...
    I don't think I can be of much help....i think my settings are basically the XP SP2 default settings....
    I'm sure a gentler and more polite tone will get you much more help on this forum....I have nothing but praise for the people here, they have always been helpful and forthcoming...
    Cheers,
    Buck.
     
  16. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Here are settings for advanced tab which should be secure without causing trouble for most users. If anyone disagrees please feel free to update.

    Hope this is one of the things you were looking for. Great job on the guide!

    Thanks,

    Chris
     

    Attached Files:

  17. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Quite a daunting task you have taken on there Bethrezen, my commends.

    I looked over your first post over at the Spyblocker forums and made a few notes.
    Please by no means take anything that follows as derogatory or critical, they are only my observations.

    Personally I would not downplay the importance of a paid for AV. Most people getting underway with their first system have probably been advised by the manufacturer's sales tech or friends the vital nature of acquiring an AV with their purchase, likely Norton or McAfee with included subscription service.

    For IE security settings, why not link to this page for it? Eric has done all the homework for you.

    *******​

    Explain here the step by step of exposing "all" system files.
    System cleanup may also be an easier method for the novice to toss those temp files.
    You might suggest a trip over to Answers That Work after a peek at msconfig.
    Novices will NOT be able to tell what's what. Just a thought.
    Go ahead and incorporate this one with number four.
    Trojans do a good job of hiding there. Lose underlined and just say delete "all" restore points.
    Here I'd omit the underlined and link "safe mode".
    Considering the AVG windows program doesn't run in safe mode, offer the workaround or,

    To run AVG in Safe Mode with Command Prompt: cd c:\program files\grisoft\avg6 then type avg,
    if thats where the program resides.

    Credits and reference.......
    http://www.grisoft.com/faq/us_faqtext.php?id=53&id_lang=2&sid=3
    http://www.experts-exchange.com/Operating_Systems/Q_21040936.html
    Until users become a bit more affluent with their pc's, BHODemon comes highly recommended
    (various security sites and universities) as a safe alternative to file deletion. Just disable the BHO.

    Regedit is fine for experienced users, though Regisrtar Lite is highly considered by Wilders elite the novice friendly utility.
    If they're going to access the registry, better safe than sorry!
    As for those emergency utilities, nice choices. Process Explorer (double-duty task manager and then some!) and KillBox.
    May I suggest two additional tools: IE SpyAds, this easily one of the first add-ons for anyone running IExplorer,
    and the XP Emergency Utility from Doug Knox. Here's a helpful page for the novice not knowing where to place HJT.

    At the end there maybe incorporate the Online HJT Log File Analysis, with reference to posting at one of their sites,
    The Alliance Of Security Analysis Professionals.

    Like I mentioned, I appreciate the noble work you've done to help users become more discriminating online.
    If anything here is viable, great! If it's only the second part you're trying to get a handle on, I'll be back.....

    *Note - I have made a few small tweaks to your passages, hope you don't mind.

    One request, *Update that page of yours and remove Wilders from the HJT posting reference.
    I'm sure you're aware this service is no longer available at the present time.......


    Best Regards,
    GF
     
    Last edited: Nov 15, 2004
  18. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    Chris12923 thanks for them settings ill update what I got appropriately a lil later when I'm not so tried coz its like 5:40 am here

    GlobalForce

    thanks for the feed back when I get round to updating part 1 again ill be sure to make note of your comments but for now I don't want to split my focus to much coz iv already got like 4 topics going in regard to different bits of this guide

    topic you are reading

    the main guide part 2 here https://www.wilderssecurity.com/showthread.php?t=52037

    one about securing OE here https://www.wilderssecurity.com/showthread.php?t=53398

    and one about securing WMP here https://www.wilderssecurity.com/showthread.php?t=54354

    anyway I'm getting side tracked as I was saying for now I'm only working on part 2 so if you haven't done so already you may want to look at part 2 and then give me ya thoughts in that

    iv coloured new bits in blue to make it easy for anyone looking over my work to see what iv added

    the newest revision is at the bottom of the page because for some reason I'm only able to edit my posts for a certain number of days after posting so by the time I get round to making additions I usually have to re post the whole thing most annoying coz really for something like this I could do with an unlimited ability to edit my posts that way i could just update the first post as necessary oh well
     
  19. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Send a pm to the administrators with your request...​

    GF
     
  20. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    that's not a bad idea I may just do that

    anyway back to the task at hand I just been updating the instructions for IE specifically the bit at the end the covers the advanced tab thanks to the screen shot posted by Chris12923 which also helped me to understand the ordinal source I was using so here is what I got by combining the 2 could someone look it over for me ? let me know if its ok or if there are any changes that are requiered

     
    Last edited: Nov 18, 2004
Loading...
Thread Status:
Not open for further replies.