Sign in with
Sign up | Sign in
Your question

IE security settings

Last response: in Windows XP
Share
August 7, 2005 7:04:08 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What are recommended IE settings that would promote security and not decrease
performance?

More about : security settings

August 8, 2005 12:19:25 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
Dan <Dan@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> What are recommended IE settings that would promote security and not
> decrease performance?

Each person will likely have different ideas so I suppose it's best to give
you a link to help you decide on your own:

Setting Up Security Zones:
http://www.microsoft.com/windows/ie/using/howto/securit...

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
August 8, 2005 12:19:26 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OK, and what settings do you recommend in the "Security > Custom level >"
and Advanced settings in the Internet options?


"Galen" wrote:

> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
> Dan <Dan@discussions.microsoft.com> had this to say:
>
> My reply is at the bottom of your sent message:
>
> > What are recommended IE settings that would promote security and not
> > decrease performance?
>
> Each person will likely have different ideas so I suppose it's best to give
> you a link to help you decide on your own:
>
> Setting Up Security Zones:
> http://www.microsoft.com/windows/ie/using/howto/securit...
>
> Galen
> --
>
> "But there are always some lunatics about. It would be a dull world
> without them."
>
> Sherlock Holmes
>
>
>
Related resources
August 8, 2005 6:34:08 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:D 45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com,
Dan <Dan@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> OK, and what settings do you recommend in the "Security > Custom
> level >" and Advanced settings in the Internet options?
>
>
> "Galen" wrote:
>
>> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
>> Dan <Dan@discussions.microsoft.com> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>> What are recommended IE settings that would promote security and not
>>> decrease performance?
>>
>> Each person will likely have different ideas so I suppose it's best
>> to give you a link to help you decide on your own:
>>
>> Setting Up Security Zones:
>> http://www.microsoft.com/windows/ie/using/howto/securit...
>>
>> Galen
>> --
>>
>> "But there are always some lunatics about. It would be a dull world
>> without them."
>>
>> Sherlock Holmes

I'm too lazy and too dependant on other software to cover those needs. I
leave it set to medium though sometimes I turn off copy/paste and drag/drop.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
Anonymous
a b 8 Security
August 8, 2005 2:04:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dan,

See "Recommended Minimal Security Settings" in Mike's site:
http://www.mvps.org/winhelp2002/unwanted.htm

--
Ramesh, Windows XP MVP
http://windowsxp.mvps.org


"Dan" <Dan@discussions.microsoft.com> wrote in message
news:D 45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com...
> OK, and what settings do you recommend in the "Security > Custom level >"
> and Advanced settings in the Internet options?
>
>
> "Galen" wrote:
>
>> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
>> Dan <Dan@discussions.microsoft.com> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>> > What are recommended IE settings that would promote security and not
>> > decrease performance?
>>
>> Each person will likely have different ideas so I suppose it's best to
>> give
>> you a link to help you decide on your own:
>>
>> Setting Up Security Zones:
>> http://www.microsoft.com/windows/ie/using/howto/securit...
>>
>> Galen
>> --
>>
>> "But there are always some lunatics about. It would be a dull world
>> without them."
>>
>> Sherlock Holmes
>>
>>
>>
August 8, 2005 9:38:47 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What software do you use?

"Galen" wrote:

> In news:D 45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com,
> Dan <Dan@discussions.microsoft.com> had this to say:
>
> My reply is at the bottom of your sent message:
>
> > OK, and what settings do you recommend in the "Security > Custom
> > level >" and Advanced settings in the Internet options?
> >
> >
> > "Galen" wrote:
> >
> >> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
> >> Dan <Dan@discussions.microsoft.com> had this to say:
> >>
> >> My reply is at the bottom of your sent message:
> >>
> >>> What are recommended IE settings that would promote security and not
> >>> decrease performance?
> >>
> >> Each person will likely have different ideas so I suppose it's best
> >> to give you a link to help you decide on your own:
> >>
> >> Setting Up Security Zones:
> >> http://www.microsoft.com/windows/ie/using/howto/securit...
> >>
> >> Galen
> >> --
> >>
> >> "But there are always some lunatics about. It would be a dull world
> >> without them."
> >>
> >> Sherlock Holmes
>
> I'm too lazy and too dependant on other software to cover those needs. I
> leave it set to medium though sometimes I turn off copy/paste and drag/drop.
>
> Galen
> --
>
> "But there are always some lunatics about. It would be a dull world
> without them."
>
> Sherlock Holmes
>
>
>
August 9, 2005 1:48:39 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:31BB5BA6-7D59-42BC-8664-BC0E1CEFECAD@microsoft.com,
Dan <Dan@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> What software do you use?
>
> "Galen" wrote:
>
>> In news:D 45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com,
>> Dan <Dan@discussions.microsoft.com> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>> OK, and what settings do you recommend in the "Security > Custom
>>> level >" and Advanced settings in the Internet options?
>>>
>>>
>>> "Galen" wrote:
>>>
>>>> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
>>>> Dan <Dan@discussions.microsoft.com> had this to say:
>>>>
>>>> My reply is at the bottom of your sent message:
>>>>
>>>>> What are recommended IE settings that would promote security and
>>>>> not decrease performance?
>>>>
>>>> Each person will likely have different ideas so I suppose it's best
>>>> to give you a link to help you decide on your own:
>>>>
>>>> Setting Up Security Zones:
>>>> http://www.microsoft.com/windows/ie/using/howto/securit...
>>>>
>>>> Galen
>>>> --
>>>>
>>>> "But there are always some lunatics about. It would be a dull world
>>>> without them."
>>>>
>>>> Sherlock Holmes
>>
>> I'm too lazy and too dependant on other software to cover those
>> needs. I leave it set to medium though sometimes I turn off
>> copy/paste and drag/drop.
>>
>> Galen
>> --
>>
>> "But there are always some lunatics about. It would be a dull world
>> without them."
>>
>> Sherlock Holmes

I use a plethora of software but for my real-time protection I use Kaspersky
Anti-Virus (Professional) www.kaspersky.ru and for my firewall I use Outpost
Personal Firewall (various dev/beta builds) www.agnitum.com and on top of
that I keep Microsoft Anti-Spyware Beta installed and running in real-time
protection mode.

However... This is not entirely the suite. It is my believe that there's no
such thing as a completely secure system provided it's connected to a known
protocol. So just about every day I manually do a complete drive backup to
my network(ed) drives for my main system(s) and have them scheduled to do so
every week so that if I forget then I'm still covered. I keep all of my
files tucked away on other drives or computers. I burn my weekly Operating
System backups to DVD and keep those DVDs for a 6 month period before I toss
them into the shredder. The only backups kept longer than 6 months are the
ones that I made on immediate installation of the OS so that no matter what
I'm able to do a bare metal restore from outside (or inside) of the OS
itself.

I find the latest releases of KAV to be light and good. I've been using
their AV software since it was actually AVP and that was quite some time
ago. On older systems I still use their old 3.5.x version with the
additional definitions set to be used. My goal is, this week actually, to
get their business edition (for servers) so that I can see what messes I can
cause in an effort to learn more about AD and an Exchange server.

The Outpost Personal Firewall has long since been a passion of mine (and
many others) and it is, in my opinion, as good as any other software
firewall on the market. It's grown much easier to use over the years and a
number of us have contributed rule-sets for various applications. One of the
most interesting things about it is that it has, at first, a rules mode.
During the use of this mode you're prompted for many things and it's a bit
of a pain to some people but the beauty is that it actually recognises a
great number of applications by their .exe name and sizes and will configure
the rules accordingly for you while still allowing you to fine tune it. The
benefit is that after you've had it installed for a while and you've
developed your own personal settings to where you feel a combination of use
and safety you can put the application into block most mode and anything not
already authorized will be blocked by default. It is such an application
that if they did not give it to me I would certainly buy it. They do have a
free version available which will do most anything you ask of it but it's
quite old now and, in my opinion, nothing compared to the newer versions.

I use MSAS as a beta product mostly to make sure that I'm fluent in it's use
and menus and for the added protection. KAV usually jumps up and whacks
stuff in the head before MSAS notices but it has some nice features that are
beneficial such as keeping your startup items secure, warning you about
sites added to security zones, and the likes. Most of the warnings that it
gives me, actually all of them I think, have been for things I had opted to
do personally but it's still been good to know that it was there running in
the background. One thing I do not like is it's enjoyment of updating
whenever it feels inclined to do so. Other than that I can't say that I have
any real issues with it at this point and haven't any qualms about
recommending other people use it provided they know that it is beta software
and that it's not really supported nor fully developed and might just hose
their system. It has not done that here however and I tend to think that
when people report it having done so it was either due to an already
infested PC or a problem between keyboard and chair.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
August 10, 2005 9:23:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If I set Software Channel Permissions to high security, will I still be able
to automatically update patches and my anti-malware?

What is Scripting of Java applets suppose to be used for?

Is this good for the Internet zone:

Run components not signed with Authenticode - Disable
Run components signed with Authenticode - Prompt

Automatic Prompting For ActiveX Controls - Disable
Binary And Script Behaviors - Enable
Download signed ActiveX controls- Prompt
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Enabled
Script ActiveX controls marked safe for scripting - Enable

Access data sources across domains - Disable
Drag and drop or copy and paste files - Disable
Installation of desktop items - Disable
Launching programs and files in an IFRAME - Disable
Navigate sub-frames across different domains - Disable
Software channel permissions (High safety)
Userdata persistance - Disable

Allow paste operations via script - Disable
Scripting of Java applets - Prompt
August 12, 2005 4:55:00 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:7C8E4F24-3A87-478C-96DC-880E668F0469@microsoft.com,
Dan <Dan@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> If I set Software Channel Permissions to high security, will I still
> be able to automatically update patches and my anti-malware?
>
> What is Scripting of Java applets suppose to be used for?
>
> Is this good for the Internet zone:
>
> Run components not signed with Authenticode - Disable
> Run components signed with Authenticode - Prompt
>
> Automatic Prompting For ActiveX Controls - Disable
> Binary And Script Behaviors - Enable
> Download signed ActiveX controls- Prompt
> Download unsigned ActiveX controls - Disable
> Initialize and script ActiveX controls not marked as safe - Disable
> Run ActiveX controls and plug-ins - Enabled
> Script ActiveX controls marked safe for scripting - Enable
>
> Access data sources across domains - Disable
> Drag and drop or copy and paste files - Disable
> Installation of desktop items - Disable
> Launching programs and files in an IFRAME - Disable
> Navigate sub-frames across different domains - Disable
> Software channel permissions (High safety)
> Userdata persistance - Disable
>
> Allow paste operations via script - Disable
> Scripting of Java applets - Prompt

You'll get a lot of prompts with that. Disable the launching of apps in
IFRAME is always a good measure. Navigation sub-frames isn't always a bad
thing. Sometimes, say in the Microsoft Expert Zone chat, you will want to be
able to paste data in to post. Setting it to disable will prevent that from
happening.

http://www.nwnetworks.com/iezones.htm

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
August 12, 2005 4:56:53 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:7C8E4F24-3A87-478C-96DC-880E668F0469@microsoft.com,
Dan <Dan@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:

> If I set Software Channel Permissions to high security, will I still
> be able to automatically update patches and my anti-malware?
>
> What is Scripting of Java applets suppose to be used for?
>
> Is this good for the Internet zone:
>
> Run components not signed with Authenticode - Disable
> Run components signed with Authenticode - Prompt
>
> Automatic Prompting For ActiveX Controls - Disable
> Binary And Script Behaviors - Enable
> Download signed ActiveX controls- Prompt
> Download unsigned ActiveX controls - Disable
> Initialize and script ActiveX controls not marked as safe - Disable
> Run ActiveX controls and plug-ins - Enabled
> Script ActiveX controls marked safe for scripting - Enable
>
> Access data sources across domains - Disable
> Drag and drop or copy and paste files - Disable
> Installation of desktop items - Disable
> Launching programs and files in an IFRAME - Disable
> Navigate sub-frames across different domains - Disable
> Software channel permissions (High safety)
> Userdata persistance - Disable
>
> Allow paste operations via script - Disable
> Scripting of Java applets - Prompt

Additionally? I dug this up:

http://search.msn.com/results.aspx?q=recommended+settin...

I know it's just a search but the first links are actually really pretty
good and well worth checking into.

Galen
--

"But there are always some lunatics about. It would be a dull world
without them."

Sherlock Holmes
August 12, 2005 12:29:43 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have McAfee Security Center installed. Should I keep "Script ActiveX
controls marked safe for scripting" enabled, since it needs to use ActiveX
controls?

What is administrator approved anyway?
And when would I need to use "Run components signed with Authenticode"?


"Galen" wrote:

> In news:7C8E4F24-3A87-478C-96DC-880E668F0469@microsoft.com,
> Dan <Dan@discussions.microsoft.com> had this to say:
>
> My reply is at the bottom of your sent message:
>
> > If I set Software Channel Permissions to high security, will I still
> > be able to automatically update patches and my anti-malware?
> >
> > What is Scripting of Java applets suppose to be used for?
> >
> > Is this good for the Internet zone:
> >
> > Run components not signed with Authenticode - Disable
> > Run components signed with Authenticode - Prompt
> >
> > Automatic Prompting For ActiveX Controls - Disable
> > Binary And Script Behaviors - Enable
> > Download signed ActiveX controls- Prompt
> > Download unsigned ActiveX controls - Disable
> > Initialize and script ActiveX controls not marked as safe - Disable
> > Run ActiveX controls and plug-ins - Enabled
> > Script ActiveX controls marked safe for scripting - Enable
> >
> > Access data sources across domains - Disable
> > Drag and drop or copy and paste files - Disable
> > Installation of desktop items - Disable
> > Launching programs and files in an IFRAME - Disable
> > Navigate sub-frames across different domains - Disable
> > Software channel permissions (High safety)
> > Userdata persistance - Disable
> >
> > Allow paste operations via script - Disable
> > Scripting of Java applets - Prompt
>
> Additionally? I dug this up:
>
> http://search.msn.com/results.aspx?q=recommended+settin...
>
> I know it's just a search but the first links are actually really pretty
> good and well worth checking into.
>
> Galen
> --
>
> "But there are always some lunatics about. It would be a dull world
> without them."
>
> Sherlock Holmes
>
>
>
!