Medium setting in IE ok for home user?

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

It is ok for a home user on WinXP to set IE6's Security Settings to
'Medium'.

Are there any malware exploits, malicious websites, etc which might
cause my PC damage on that setting?
12 answers Last reply
More about medium setting home user
  1. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com says...
    > It is ok for a home user on WinXP to set IE6's Security Settings to
    > 'Medium'.
    >
    > Are there any malware exploits, malicious websites, etc which might
    > cause my PC damage on that setting?

    There is a very good explanation of how you should have your internet
    security settings configured available from Microsoft - I'll post the
    link at the bottom.

    Here is what I tell clients when asked about IE Security:

    In the last month we've seen a large number of customers and friends
    that have home computers that are constantly getting pop-ups and other
    nasties. The easiest way to clean a machine is to download SpyBot Search
    and Destroy from http://www.safer-networking.org/index.php?page=download
    and the update and run it several times (about half-way down the page).

    Once you get your machine cleaned, you can make the following changes to
    your Internet Explorer settings to help keep web sites from installing
    bad things on your computers.

    There are a couple simple things that you can do if you are using IE,
    they make browsing a little more of a challenge, but they make it more
    secure and still provide full ability on sites you trust:

    1) Open IE, select TOOLS, Internet Options
    2) Select Security TAB
    3) Select "Internet" globe
    4) Click DEFAULT LEVEL, then SELECT HIGH
    5) Select "Custom Level"
    6) Select "Scripting - Active Scripting - Prompt"
    7) Click OK
    8) Select "Trusted Sites Check Mark Circle"
    9) Select "SITES", uncheck "Require Server Verification" - you will be
    adding the normal and secure sites in here that you trust, if you don't
    uncheck this you can't enter non-secure sites in this list.
    10) Type "http://v4.windowsupdate.microsoft.com" in the ADD box and
    click ADD
    11) Type "http://Windowsupdate.microsoft.com" in the ADD box and click
    ADD, click OK to close window
    12) Click "Default Level" then change to "Medium".
    13) Select "Privacy" tab, set to MEDIUM HIGH
    14) Select "General" tab, select "Temporary Internet Files - Settings"
    15) Select "Every visit to the page"
    16) Select 20MB for the temp internet files size, click OK
    17) Select "Advanced" Tab
    18) Uncheck both "Enable Install On Demand" items
    19) Uncheck "Enable third-party browser extensions"
    20) Uncheck "Play Animations, sounds, videos in web pages"
    21) Select/Check "Empty Temporary Internet file folder..."
    22) Click OK to close the settings window

    Now, when you browse to a site you want to trust, it may not work, you
    are going to have to ADD the site to the TRUSTED SITES in the OPTIONS /
    SECURITY tab. This can be a real pain, but it can save your butt when it
    comes to sites that can compromise your system.

    You will find that after the first week that you are not adding sites to
    the list any more and that you're experience is a lot nicer, less pop-
    ups, and less chance for something to hack your browser.

    Don't forget, you should only ADD TRUSTED SITES to the list. Even if you
    make a mistake, we set the TRUSTED SITES to MEDIUM in stead of it's
    default LOW, but you really want to limit the ones you add to verifiable
    commercial quality sites.

    The Microsoft version of this suggestion is at:
    http://www.microsoft.com/security/incident/settings.mspx

    If I were you, I would download and install Mozilla Firefox 0.9.2 from:
    http://www.mozilla.org/download.html

    I use Mozilla on almost every web site, except MS Outlook Web Access
    sites, and it's a very capable browser, even works at my online bank.

    Good Luck,
    Mark

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  2. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    > It is ok for a home user on WinXP to set IE6's Security Settings to
    > 'Medium'.

    I have mine set to low, and then I go looking for trouble
    to see if I can block it ( job ). So far, I've been able to
    stop malicious sites with 2 apps. PopupStopper and
    f-secure ( McAffee at home ). F-secure in particular
    seems socially aware, and speaks up about malware
    coming down .. and stops it. Believe me when I say
    I've been on some pretty crummy sites, and let them
    have a go at my machine. So far, about the only
    problem I've had from these sites is spam. No problem.
    I have two spam filters running interference for me on
    my email accounts ( Postini and a work el-cheapo ).
    Spybot complains a bit about garbage in Temp Internet
    Files, but gets it. I find it easier to just delete that stuff
    fairly often. Occasionally, I do find a site that is really
    trying to do harm, but then I do my best to put that
    individual in prison. I don't hesitate to call the FTC and
    their State Attorney Generals office and file a complaint
    spelling out exactly what I have learned about them.
    You will be fine as long as you have a good AV program,
    and run PopupStopper. Your greatest threat is email.
    There, you really need Postini ... not one of the local
    so-called filters. You need layers of defense before
    that email gets to you.

    johns
  3. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    "Leythos" <void@nowhere.com> wrote in message
    news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...
    > In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com says...
    > > It is ok for a home user on WinXP to set IE6's Security Settings to
    > > 'Medium'.
    > >
    > > Are there any malware exploits, malicious websites, etc which might
    > > cause my PC damage on that setting?
    >
    > There is a very good explanation of how you should have your internet
    > security settings configured available from Microsoft - I'll post the
    > link at the bottom.

    >-- snip--<
    > If I were you, I would download and install Mozilla Firefox 0.9.2 from:
    > http://www.mozilla.org/download.html
    >
    > I use Mozilla on almost every web site, except MS Outlook Web Access
    > sites, and it's a very capable browser, even works at my online bank.

    Firefox is a joke in comparison to features. Teach SECURITY, not options
    that are woeful in comparison.

    RaYzor
  4. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    "RaYzor" <no@no.no.net.org.tv.com.edu.welf> wrote in news:OhZNc.85561
    $bp1.37922@twister.nyroc.rr.com:

    >
    > "Leythos" <void@nowhere.com> wrote in message
    > news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...
    >> In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com
    says...
    >> > It is ok for a home user on WinXP to set IE6's Security Settings to
    >> > 'Medium'.
    >> >
    >> > Are there any malware exploits, malicious websites, etc which might
    >> > cause my PC damage on that setting?
    >>
    >> There is a very good explanation of how you should have your internet
    >> security settings configured available from Microsoft - I'll post the
    >> link at the bottom.
    >
    >>-- snip--<
    >> If I were you, I would download and install Mozilla Firefox 0.9.2
    from:
    >> http://www.mozilla.org/download.html
    >>
    >> I use Mozilla on almost every web site, except MS Outlook Web Access
    >> sites, and it's a very capable browser, even works at my online bank.
    >
    > Firefox is a joke in comparison to features. Teach SECURITY, not
    options
    > that are woeful in comparison.
    >
    > RaYzor
    >
    >

    A jewel from RaYzor the ZA security expert's expert. I am sure it meet
    his tests. ;-)

    Duane :)
  5. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    In comp.security.misc RaYzor <no@no.no.net.org.tv.com.edu.welf> wrote:

    > "Leythos" <void@nowhere.com> wrote in message
    > news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...
    >> In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com says...
    >> > It is ok for a home user on WinXP to set IE6's Security Settings to
    >> > 'Medium'.
    >> >
    >> > Are there any malware exploits, malicious websites, etc which might
    >> > cause my PC damage on that setting?
    >>
    >> There is a very good explanation of how you should have your internet
    >> security settings configured available from Microsoft - I'll post the
    >> link at the bottom.

    >>-- snip--<
    >> If I were you, I would download and install Mozilla Firefox 0.9.2 from:
    >> http://www.mozilla.org/download.html
    >>
    >> I use Mozilla on almost every web site, except MS Outlook Web Access
    >> sites, and it's a very capable browser, even works at my online bank.

    > Firefox is a joke in comparison to features. Teach SECURITY, not options
    > that are woeful in comparison.

    Security -is- about being careful with features. IE throws in and uses
    everuthing like a turkish market, mozilla has a few *selected* features
    well designed and working.

    The popup blocking alone would be strong reasons to consider mozilla.


    --
    Peter Håkanson
    IPSec Sverige ( At Gothenburg Riverside )
    Sorry about my e-mail address, but i'm trying to keep spam out,
    remove "icke-reklam" if you feel for mailing me. Thanx.
  6. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    RaYzor wrote:
    >
    > "Leythos" <void@nowhere.com> wrote in message
    > news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...

    > > If I were you, I would download and install Mozilla Firefox 0.9.2 from:
    > > http://www.mozilla.org/download.html
    > >
    > > I use Mozilla on almost every web site, except MS Outlook Web Access
    > > sites, and it's a very capable browser, even works at my online bank.
    >
    > Firefox is a joke in comparison to features. Teach SECURITY, not options
    > that are woeful in comparison.

    Security is about making choices. Less options is usually better than more
    vulnerabilities, especially if the options in question are superfluous to
    the task.

    Follow-ups set.

    Thor

    --
    http://www.anta.net/
  7. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    Franky <franklin_lo@mail.com> wrote in news:9534CCE6F133431E75@127.0.0.1:

    > It is ok for a home user on WinXP to set IE6's Security Settings to
    > 'Medium'.
    >
    > Are there any malware exploits, malicious websites, etc which might
    > cause my PC damage on that setting?

    In view of recent events you may think it wiser to use the 'High' setting,
    or even to suspend use of IE6. See:

    http://news.bbc.co.uk/1/hi/technology/3840101.stm
    http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx
  8. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    Leythos <void@nowhere.com> wrote:
    >
    > Once you get your machine cleaned, you can make the following
    > changes to your Internet Explorer settings to help keep web
    > sites from installing bad things on your computers.
    >
    > There are a couple simple things that you can do if you are
    > using IE, they make browsing a little more of a challenge, but
    > they make it more secure and still provide full ability on
    > sites you trust: {pasted below]


    Mark/Leythos

    When I tried these settings you recommended I found there were
    quite a few sites which I could not access properly.

    Are some of your settings below more "aggressive" than is really
    necessary wand which I could weaken off?

    Franky


    >
    > 1) Open IE, select TOOLS, Internet Options
    > 2) Select Security TAB
    > 3) Select "Internet" globe
    > 4) Click DEFAULT LEVEL, then SELECT HIGH
    > 5) Select "Custom Level"
    > 6) Select "Scripting - Active Scripting - Prompt"
    > 7) Click OK
    > 8) Select "Trusted Sites Check Mark Circle"
    > 9) Select "SITES", uncheck "Require Server Verification" - you
    > will be adding the normal and secure sites in here that you
    > trust, if you don't uncheck this you can't enter non-secure
    > sites in this list. 10) Type
    > "http://v4.windowsupdate.microsoft.com" in the ADD box and
    > click ADD 11) Type "http://Windowsupdate.microsoft.com" in the
    > ADD box and click ADD, click OK to close window
    > 12) Click "Default Level" then change to "Medium".
    > 13) Select "Privacy" tab, set to MEDIUM HIGH
    > 14) Select "General" tab, select "Temporary Internet Files -
    > Settings" 15) Select "Every visit to the page"
    > 16) Select 20MB for the temp internet files size, click OK
    > 17) Select "Advanced" Tab
    > 18) Uncheck both "Enable Install On Demand" items
    > 19) Uncheck "Enable third-party browser extensions"
    > 20) Uncheck "Play Animations, sounds, videos in web pages"
    > 21) Select/Check "Empty Temporary Internet file folder..."
    > 22) Click OK to close the settings window
    >
    > Now, when you browse to a site you want to trust, it may not
    > work, you are going to have to ADD the site to the TRUSTED
    > SITES in the OPTIONS / SECURITY tab. This can be a real pain,
    > but it can save your butt when it comes to sites that can
    > compromise your system.
    >
  9. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    In article <953B8C24F7F231E75@127.0.0.1>, franklin_lo@mail.com says...
    > When I tried these settings you recommended I found there were
    > quite a few sites which I could not access properly.
    >
    > Are some of your settings below more "aggressive" than is really
    > necessary wand which I could weaken off?

    No, they are not more "aggressive" if you want to be secure. The sites
    that don't work, if you trust them, need to be added to your trusted
    zone - make sure that you set the trusted Zone to Medium.

    I use IE in this mode until I find a site I trust and then add it to my
    trusted zone (set to Medium). I also use Firefox 0.9.1 on my system and
    have not had to worry about most sites using it's default settings.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  10. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    On Wed, 04 Aug 2004 13:46:36 +0100, Franky wrote:
    >
    > When I tried these settings you recommended I found there were
    > quite a few sites which I could not access properly.
    >
    > Are some of your settings below more "aggressive" than is really
    > necessary wand which I could weaken off?


    It is kinda funny, Microsoft recommands you realy tighten down and
    only place sites you know are safe in the safe list.

    You have to ask yourself; the company which knows what is wrong with
    their product but does not want people to think the product is
    insecure, but tells you to realy tighten down something, do you want
    to run in a "more weaken" mode.
  11. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    In article <slrnch1ofi.c2l.BitTwister@wb.home.invalid>,
    BitTwister@localhost.localdomain says...
    > On Wed, 04 Aug 2004 13:46:36 +0100, Franky wrote:
    > >
    > > When I tried these settings you recommended I found there were
    > > quite a few sites which I could not access properly.
    > >
    > > Are some of your settings below more "aggressive" than is really
    > > necessary wand which I could weaken off?
    >
    >
    > It is kinda funny, Microsoft recommands you realy tighten down and
    > only place sites you know are safe in the safe list.
    >
    > You have to ask yourself; the company which knows what is wrong with
    > their product but does not want people to think the product is
    > insecure, but tells you to realy tighten down something, do you want
    > to run in a "more weaken" mode.

    Yea, that's one reason I use FireFox 0.9.x on my Windows system, except
    for sites that must have IE.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  12. Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

    Franky wrote:
    > Leythos <void@nowhere.com> wrote:
    >
    >>Once you get your machine cleaned, you can make the following
    >>changes to your Internet Explorer settings to help keep web
    >>sites from installing bad things on your computers.
    >>
    >>There are a couple simple things that you can do if you are
    >>using IE, they make browsing a little more of a challenge, but
    >>they make it more secure and still provide full ability on
    >>sites you trust: {pasted below]
    >
    >
    >
    > Mark/Leythos
    >
    > When I tried these settings you recommended I found there were
    > quite a few sites which I could not access properly.
    >
    > Are some of your settings below more "aggressive" than is really
    > necessary wand which I could weaken off?
    >

    Depends how often you want to have to reinstall Windows.

    Steve
Ask a new question

Read More

Firewalls Internet Explorer Security Computers Microsoft Networking