IE security settings

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What are recommended IE settings that would promote security and not decrease
performance?
10 answers Last reply
More about security settings
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
    Dan <Dan@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > What are recommended IE settings that would promote security and not
    > decrease performance?

    Each person will likely have different ideas so I suppose it's best to give
    you a link to help you decide on your own:

    Setting Up Security Zones:
    http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx

    Galen
    --

    "But there are always some lunatics about. It would be a dull world
    without them."

    Sherlock Holmes
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    OK, and what settings do you recommend in the "Security > Custom level >"
    and Advanced settings in the Internet options?


    "Galen" wrote:

    > In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
    > Dan <Dan@discussions.microsoft.com> had this to say:
    >
    > My reply is at the bottom of your sent message:
    >
    > > What are recommended IE settings that would promote security and not
    > > decrease performance?
    >
    > Each person will likely have different ideas so I suppose it's best to give
    > you a link to help you decide on your own:
    >
    > Setting Up Security Zones:
    > http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
    >
    > Galen
    > --
    >
    > "But there are always some lunatics about. It would be a dull world
    > without them."
    >
    > Sherlock Holmes
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:D45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com,
    Dan <Dan@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > OK, and what settings do you recommend in the "Security > Custom
    > level >" and Advanced settings in the Internet options?
    >
    >
    > "Galen" wrote:
    >
    >> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
    >> Dan <Dan@discussions.microsoft.com> had this to say:
    >>
    >> My reply is at the bottom of your sent message:
    >>
    >>> What are recommended IE settings that would promote security and not
    >>> decrease performance?
    >>
    >> Each person will likely have different ideas so I suppose it's best
    >> to give you a link to help you decide on your own:
    >>
    >> Setting Up Security Zones:
    >> http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
    >>
    >> Galen
    >> --
    >>
    >> "But there are always some lunatics about. It would be a dull world
    >> without them."
    >>
    >> Sherlock Holmes

    I'm too lazy and too dependant on other software to cover those needs. I
    leave it set to medium though sometimes I turn off copy/paste and drag/drop.

    Galen
    --

    "But there are always some lunatics about. It would be a dull world
    without them."

    Sherlock Holmes
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dan,

    See "Recommended Minimal Security Settings" in Mike's site:
    http://www.mvps.org/winhelp2002/unwanted.htm

    --
    Ramesh, Windows XP MVP
    http://windowsxp.mvps.org


    "Dan" <Dan@discussions.microsoft.com> wrote in message
    news:D45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com...
    > OK, and what settings do you recommend in the "Security > Custom level >"
    > and Advanced settings in the Internet options?
    >
    >
    > "Galen" wrote:
    >
    >> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
    >> Dan <Dan@discussions.microsoft.com> had this to say:
    >>
    >> My reply is at the bottom of your sent message:
    >>
    >> > What are recommended IE settings that would promote security and not
    >> > decrease performance?
    >>
    >> Each person will likely have different ideas so I suppose it's best to
    >> give
    >> you a link to help you decide on your own:
    >>
    >> Setting Up Security Zones:
    >> http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
    >>
    >> Galen
    >> --
    >>
    >> "But there are always some lunatics about. It would be a dull world
    >> without them."
    >>
    >> Sherlock Holmes
    >>
    >>
    >>
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    What software do you use?

    "Galen" wrote:

    > In news:D45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com,
    > Dan <Dan@discussions.microsoft.com> had this to say:
    >
    > My reply is at the bottom of your sent message:
    >
    > > OK, and what settings do you recommend in the "Security > Custom
    > > level >" and Advanced settings in the Internet options?
    > >
    > >
    > > "Galen" wrote:
    > >
    > >> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
    > >> Dan <Dan@discussions.microsoft.com> had this to say:
    > >>
    > >> My reply is at the bottom of your sent message:
    > >>
    > >>> What are recommended IE settings that would promote security and not
    > >>> decrease performance?
    > >>
    > >> Each person will likely have different ideas so I suppose it's best
    > >> to give you a link to help you decide on your own:
    > >>
    > >> Setting Up Security Zones:
    > >> http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
    > >>
    > >> Galen
    > >> --
    > >>
    > >> "But there are always some lunatics about. It would be a dull world
    > >> without them."
    > >>
    > >> Sherlock Holmes
    >
    > I'm too lazy and too dependant on other software to cover those needs. I
    > leave it set to medium though sometimes I turn off copy/paste and drag/drop.
    >
    > Galen
    > --
    >
    > "But there are always some lunatics about. It would be a dull world
    > without them."
    >
    > Sherlock Holmes
    >
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:31BB5BA6-7D59-42BC-8664-BC0E1CEFECAD@microsoft.com,
    Dan <Dan@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > What software do you use?
    >
    > "Galen" wrote:
    >
    >> In news:D45D7622-AD56-4F6A-A525-EE113F28C8ED@microsoft.com,
    >> Dan <Dan@discussions.microsoft.com> had this to say:
    >>
    >> My reply is at the bottom of your sent message:
    >>
    >>> OK, and what settings do you recommend in the "Security > Custom
    >>> level >" and Advanced settings in the Internet options?
    >>>
    >>>
    >>> "Galen" wrote:
    >>>
    >>>> In news:ADD3B892-7FA0-469A-AFF5-B5D9A7AD822F@microsoft.com,
    >>>> Dan <Dan@discussions.microsoft.com> had this to say:
    >>>>
    >>>> My reply is at the bottom of your sent message:
    >>>>
    >>>>> What are recommended IE settings that would promote security and
    >>>>> not decrease performance?
    >>>>
    >>>> Each person will likely have different ideas so I suppose it's best
    >>>> to give you a link to help you decide on your own:
    >>>>
    >>>> Setting Up Security Zones:
    >>>> http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
    >>>>
    >>>> Galen
    >>>> --
    >>>>
    >>>> "But there are always some lunatics about. It would be a dull world
    >>>> without them."
    >>>>
    >>>> Sherlock Holmes
    >>
    >> I'm too lazy and too dependant on other software to cover those
    >> needs. I leave it set to medium though sometimes I turn off
    >> copy/paste and drag/drop.
    >>
    >> Galen
    >> --
    >>
    >> "But there are always some lunatics about. It would be a dull world
    >> without them."
    >>
    >> Sherlock Holmes

    I use a plethora of software but for my real-time protection I use Kaspersky
    Anti-Virus (Professional) www.kaspersky.ru and for my firewall I use Outpost
    Personal Firewall (various dev/beta builds) www.agnitum.com and on top of
    that I keep Microsoft Anti-Spyware Beta installed and running in real-time
    protection mode.

    However... This is not entirely the suite. It is my believe that there's no
    such thing as a completely secure system provided it's connected to a known
    protocol. So just about every day I manually do a complete drive backup to
    my network(ed) drives for my main system(s) and have them scheduled to do so
    every week so that if I forget then I'm still covered. I keep all of my
    files tucked away on other drives or computers. I burn my weekly Operating
    System backups to DVD and keep those DVDs for a 6 month period before I toss
    them into the shredder. The only backups kept longer than 6 months are the
    ones that I made on immediate installation of the OS so that no matter what
    I'm able to do a bare metal restore from outside (or inside) of the OS
    itself.

    I find the latest releases of KAV to be light and good. I've been using
    their AV software since it was actually AVP and that was quite some time
    ago. On older systems I still use their old 3.5.x version with the
    additional definitions set to be used. My goal is, this week actually, to
    get their business edition (for servers) so that I can see what messes I can
    cause in an effort to learn more about AD and an Exchange server.

    The Outpost Personal Firewall has long since been a passion of mine (and
    many others) and it is, in my opinion, as good as any other software
    firewall on the market. It's grown much easier to use over the years and a
    number of us have contributed rule-sets for various applications. One of the
    most interesting things about it is that it has, at first, a rules mode.
    During the use of this mode you're prompted for many things and it's a bit
    of a pain to some people but the beauty is that it actually recognises a
    great number of applications by their .exe name and sizes and will configure
    the rules accordingly for you while still allowing you to fine tune it. The
    benefit is that after you've had it installed for a while and you've
    developed your own personal settings to where you feel a combination of use
    and safety you can put the application into block most mode and anything not
    already authorized will be blocked by default. It is such an application
    that if they did not give it to me I would certainly buy it. They do have a
    free version available which will do most anything you ask of it but it's
    quite old now and, in my opinion, nothing compared to the newer versions.

    I use MSAS as a beta product mostly to make sure that I'm fluent in it's use
    and menus and for the added protection. KAV usually jumps up and whacks
    stuff in the head before MSAS notices but it has some nice features that are
    beneficial such as keeping your startup items secure, warning you about
    sites added to security zones, and the likes. Most of the warnings that it
    gives me, actually all of them I think, have been for things I had opted to
    do personally but it's still been good to know that it was there running in
    the background. One thing I do not like is it's enjoyment of updating
    whenever it feels inclined to do so. Other than that I can't say that I have
    any real issues with it at this point and haven't any qualms about
    recommending other people use it provided they know that it is beta software
    and that it's not really supported nor fully developed and might just hose
    their system. It has not done that here however and I tend to think that
    when people report it having done so it was either due to an already
    infested PC or a problem between keyboard and chair.

    Galen
    --

    "But there are always some lunatics about. It would be a dull world
    without them."

    Sherlock Holmes
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    If I set Software Channel Permissions to high security, will I still be able
    to automatically update patches and my anti-malware?

    What is Scripting of Java applets suppose to be used for?

    Is this good for the Internet zone:

    Run components not signed with Authenticode - Disable
    Run components signed with Authenticode - Prompt

    Automatic Prompting For ActiveX Controls - Disable
    Binary And Script Behaviors - Enable
    Download signed ActiveX controls- Prompt
    Download unsigned ActiveX controls - Disable
    Initialize and script ActiveX controls not marked as safe - Disable
    Run ActiveX controls and plug-ins - Enabled
    Script ActiveX controls marked safe for scripting - Enable

    Access data sources across domains - Disable
    Drag and drop or copy and paste files - Disable
    Installation of desktop items - Disable
    Launching programs and files in an IFRAME - Disable
    Navigate sub-frames across different domains - Disable
    Software channel permissions (High safety)
    Userdata persistance - Disable

    Allow paste operations via script - Disable
    Scripting of Java applets - Prompt
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:7C8E4F24-3A87-478C-96DC-880E668F0469@microsoft.com,
    Dan <Dan@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > If I set Software Channel Permissions to high security, will I still
    > be able to automatically update patches and my anti-malware?
    >
    > What is Scripting of Java applets suppose to be used for?
    >
    > Is this good for the Internet zone:
    >
    > Run components not signed with Authenticode - Disable
    > Run components signed with Authenticode - Prompt
    >
    > Automatic Prompting For ActiveX Controls - Disable
    > Binary And Script Behaviors - Enable
    > Download signed ActiveX controls- Prompt
    > Download unsigned ActiveX controls - Disable
    > Initialize and script ActiveX controls not marked as safe - Disable
    > Run ActiveX controls and plug-ins - Enabled
    > Script ActiveX controls marked safe for scripting - Enable
    >
    > Access data sources across domains - Disable
    > Drag and drop or copy and paste files - Disable
    > Installation of desktop items - Disable
    > Launching programs and files in an IFRAME - Disable
    > Navigate sub-frames across different domains - Disable
    > Software channel permissions (High safety)
    > Userdata persistance - Disable
    >
    > Allow paste operations via script - Disable
    > Scripting of Java applets - Prompt

    You'll get a lot of prompts with that. Disable the launching of apps in
    IFRAME is always a good measure. Navigation sub-frames isn't always a bad
    thing. Sometimes, say in the Microsoft Expert Zone chat, you will want to be
    able to paste data in to post. Setting it to disable will prevent that from
    happening.

    http://www.nwnetworks.com/iezones.htm

    Galen
    --

    "But there are always some lunatics about. It would be a dull world
    without them."

    Sherlock Holmes
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:7C8E4F24-3A87-478C-96DC-880E668F0469@microsoft.com,
    Dan <Dan@discussions.microsoft.com> had this to say:

    My reply is at the bottom of your sent message:

    > If I set Software Channel Permissions to high security, will I still
    > be able to automatically update patches and my anti-malware?
    >
    > What is Scripting of Java applets suppose to be used for?
    >
    > Is this good for the Internet zone:
    >
    > Run components not signed with Authenticode - Disable
    > Run components signed with Authenticode - Prompt
    >
    > Automatic Prompting For ActiveX Controls - Disable
    > Binary And Script Behaviors - Enable
    > Download signed ActiveX controls- Prompt
    > Download unsigned ActiveX controls - Disable
    > Initialize and script ActiveX controls not marked as safe - Disable
    > Run ActiveX controls and plug-ins - Enabled
    > Script ActiveX controls marked safe for scripting - Enable
    >
    > Access data sources across domains - Disable
    > Drag and drop or copy and paste files - Disable
    > Installation of desktop items - Disable
    > Launching programs and files in an IFRAME - Disable
    > Navigate sub-frames across different domains - Disable
    > Software channel permissions (High safety)
    > Userdata persistance - Disable
    >
    > Allow paste operations via script - Disable
    > Scripting of Java applets - Prompt

    Additionally? I dug this up:

    http://search.msn.com/results.aspx?q=recommended+settings+security+zone+internet+explorer&FORM=QBHP

    I know it's just a search but the first links are actually really pretty
    good and well worth checking into.

    Galen
    --

    "But there are always some lunatics about. It would be a dull world
    without them."

    Sherlock Holmes
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I have McAfee Security Center installed. Should I keep "Script ActiveX
    controls marked safe for scripting" enabled, since it needs to use ActiveX
    controls?

    What is administrator approved anyway?
    And when would I need to use "Run components signed with Authenticode"?


    "Galen" wrote:

    > In news:7C8E4F24-3A87-478C-96DC-880E668F0469@microsoft.com,
    > Dan <Dan@discussions.microsoft.com> had this to say:
    >
    > My reply is at the bottom of your sent message:
    >
    > > If I set Software Channel Permissions to high security, will I still
    > > be able to automatically update patches and my anti-malware?
    > >
    > > What is Scripting of Java applets suppose to be used for?
    > >
    > > Is this good for the Internet zone:
    > >
    > > Run components not signed with Authenticode - Disable
    > > Run components signed with Authenticode - Prompt
    > >
    > > Automatic Prompting For ActiveX Controls - Disable
    > > Binary And Script Behaviors - Enable
    > > Download signed ActiveX controls- Prompt
    > > Download unsigned ActiveX controls - Disable
    > > Initialize and script ActiveX controls not marked as safe - Disable
    > > Run ActiveX controls and plug-ins - Enabled
    > > Script ActiveX controls marked safe for scripting - Enable
    > >
    > > Access data sources across domains - Disable
    > > Drag and drop or copy and paste files - Disable
    > > Installation of desktop items - Disable
    > > Launching programs and files in an IFRAME - Disable
    > > Navigate sub-frames across different domains - Disable
    > > Software channel permissions (High safety)
    > > Userdata persistance - Disable
    > >
    > > Allow paste operations via script - Disable
    > > Scripting of Java applets - Prompt
    >
    > Additionally? I dug this up:
    >
    > http://search.msn.com/results.aspx?q=recommended+settings+security+zone+internet+explorer&FORM=QBHP
    >
    > I know it's just a search but the first links are actually really pretty
    > good and well worth checking into.
    >
    > Galen
    > --
    >
    > "But there are always some lunatics about. It would be a dull world
    > without them."
    >
    > Sherlock Holmes
    >
    >
    >
Ask a new question

Read More

Internet Explorer Security Microsoft Performance Windows XP