G
Guest
What are recommended IE settings that would promote security and not decrease
performance?
performance?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Galen
In Dan <[email protected]> had this to say:
My reply is at the bottom of your sent message:
Each person will likely have different ideas so I suppose it's best to give
you a link to help you decide on your own:
Setting Up Security Zones:
http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
My reply is at the bottom of your sent message:
What are recommended IE settings that would promote security and not
decrease performance?
Each person will likely have different ideas so I suppose it's best to give
you a link to help you decide on your own:
Setting Up Security Zones:
http://www.microsoft.com/windows/ie/using/howto/security/setup.mspx
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
G
Guest
OK, and what settings do you recommend in the "Security > Custom level >"
and Advanced settings in the Internet options?
and Advanced settings in the Internet options?
R
Ramesh, MS-MVP
Dan,
See "Recommended Minimal Security Settings" in Mike's site:
http://www.mvps.org/winhelp2002/unwanted.htm
See "Recommended Minimal Security Settings" in Mike's site:
http://www.mvps.org/winhelp2002/unwanted.htm
G
Galen
In Dan <[email protected]> had this to say:
My reply is at the bottom of your sent message:
I'm too lazy and too dependant on other software to cover those needs. I
leave it set to medium though sometimes I turn off copy/paste and drag/drop.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
My reply is at the bottom of your sent message:
OK, and what settings do you recommend in the "Security > Custom
level >" and Advanced settings in the Internet options?
I'm too lazy and too dependant on other software to cover those needs. I
leave it set to medium though sometimes I turn off copy/paste and drag/drop.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
G
Guest
What software do you use?
Galen said:In Dan <[email protected]> had this to say:
My reply is at the bottom of your sent message:
I'm too lazy and too dependant on other software to cover those needs. I
leave it set to medium though sometimes I turn off copy/paste and drag/drop.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
G
Galen
In Dan <[email protected]> had this to say:
My reply is at the bottom of your sent message:
I use a plethora of software but for my real-time protection I use Kaspersky
Anti-Virus (Professional) www.kaspersky.ru and for my firewall I use Outpost
Personal Firewall (various dev/beta builds) www.agnitum.com and on top of
that I keep Microsoft Anti-Spyware Beta installed and running in real-time
protection mode.
However... This is not entirely the suite. It is my believe that there's no
such thing as a completely secure system provided it's connected to a known
protocol. So just about every day I manually do a complete drive backup to
my network(ed) drives for my main system(s) and have them scheduled to do so
every week so that if I forget then I'm still covered. I keep all of my
files tucked away on other drives or computers. I burn my weekly Operating
System backups to DVD and keep those DVDs for a 6 month period before I toss
them into the shredder. The only backups kept longer than 6 months are the
ones that I made on immediate installation of the OS so that no matter what
I'm able to do a bare metal restore from outside (or inside) of the OS
itself.
I find the latest releases of KAV to be light and good. I've been using
their AV software since it was actually AVP and that was quite some time
ago. On older systems I still use their old 3.5.x version with the
additional definitions set to be used. My goal is, this week actually, to
get their business edition (for servers) so that I can see what messes I can
cause in an effort to learn more about AD and an Exchange server.
The Outpost Personal Firewall has long since been a passion of mine (and
many others) and it is, in my opinion, as good as any other software
firewall on the market. It's grown much easier to use over the years and a
number of us have contributed rule-sets for various applications. One of the
most interesting things about it is that it has, at first, a rules mode.
During the use of this mode you're prompted for many things and it's a bit
of a pain to some people but the beauty is that it actually recognises a
great number of applications by their .exe name and sizes and will configure
the rules accordingly for you while still allowing you to fine tune it. The
benefit is that after you've had it installed for a while and you've
developed your own personal settings to where you feel a combination of use
and safety you can put the application into block most mode and anything not
already authorized will be blocked by default. It is such an application
that if they did not give it to me I would certainly buy it. They do have a
free version available which will do most anything you ask of it but it's
quite old now and, in my opinion, nothing compared to the newer versions.
I use MSAS as a beta product mostly to make sure that I'm fluent in it's use
and menus and for the added protection. KAV usually jumps up and whacks
stuff in the head before MSAS notices but it has some nice features that are
beneficial such as keeping your startup items secure, warning you about
sites added to security zones, and the likes. Most of the warnings that it
gives me, actually all of them I think, have been for things I had opted to
do personally but it's still been good to know that it was there running in
the background. One thing I do not like is it's enjoyment of updating
whenever it feels inclined to do so. Other than that I can't say that I have
any real issues with it at this point and haven't any qualms about
recommending other people use it provided they know that it is beta software
and that it's not really supported nor fully developed and might just hose
their system. It has not done that here however and I tend to think that
when people report it having done so it was either due to an already
infested PC or a problem between keyboard and chair.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
My reply is at the bottom of your sent message:
What software do you use?
I use a plethora of software but for my real-time protection I use Kaspersky
Anti-Virus (Professional) www.kaspersky.ru and for my firewall I use Outpost
Personal Firewall (various dev/beta builds) www.agnitum.com and on top of
that I keep Microsoft Anti-Spyware Beta installed and running in real-time
protection mode.
However... This is not entirely the suite. It is my believe that there's no
such thing as a completely secure system provided it's connected to a known
protocol. So just about every day I manually do a complete drive backup to
my network(ed) drives for my main system(s) and have them scheduled to do so
every week so that if I forget then I'm still covered. I keep all of my
files tucked away on other drives or computers. I burn my weekly Operating
System backups to DVD and keep those DVDs for a 6 month period before I toss
them into the shredder. The only backups kept longer than 6 months are the
ones that I made on immediate installation of the OS so that no matter what
I'm able to do a bare metal restore from outside (or inside) of the OS
itself.
I find the latest releases of KAV to be light and good. I've been using
their AV software since it was actually AVP and that was quite some time
ago. On older systems I still use their old 3.5.x version with the
additional definitions set to be used. My goal is, this week actually, to
get their business edition (for servers) so that I can see what messes I can
cause in an effort to learn more about AD and an Exchange server.
The Outpost Personal Firewall has long since been a passion of mine (and
many others) and it is, in my opinion, as good as any other software
firewall on the market. It's grown much easier to use over the years and a
number of us have contributed rule-sets for various applications. One of the
most interesting things about it is that it has, at first, a rules mode.
During the use of this mode you're prompted for many things and it's a bit
of a pain to some people but the beauty is that it actually recognises a
great number of applications by their .exe name and sizes and will configure
the rules accordingly for you while still allowing you to fine tune it. The
benefit is that after you've had it installed for a while and you've
developed your own personal settings to where you feel a combination of use
and safety you can put the application into block most mode and anything not
already authorized will be blocked by default. It is such an application
that if they did not give it to me I would certainly buy it. They do have a
free version available which will do most anything you ask of it but it's
quite old now and, in my opinion, nothing compared to the newer versions.
I use MSAS as a beta product mostly to make sure that I'm fluent in it's use
and menus and for the added protection. KAV usually jumps up and whacks
stuff in the head before MSAS notices but it has some nice features that are
beneficial such as keeping your startup items secure, warning you about
sites added to security zones, and the likes. Most of the warnings that it
gives me, actually all of them I think, have been for things I had opted to
do personally but it's still been good to know that it was there running in
the background. One thing I do not like is it's enjoyment of updating
whenever it feels inclined to do so. Other than that I can't say that I have
any real issues with it at this point and haven't any qualms about
recommending other people use it provided they know that it is beta software
and that it's not really supported nor fully developed and might just hose
their system. It has not done that here however and I tend to think that
when people report it having done so it was either due to an already
infested PC or a problem between keyboard and chair.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
G
Guest
If I set Software Channel Permissions to high security, will I still be able
to automatically update patches and my anti-malware?
What is Scripting of Java applets suppose to be used for?
Is this good for the Internet zone:
Run components not signed with Authenticode - Disable
Run components signed with Authenticode - Prompt
Automatic Prompting For ActiveX Controls - Disable
Binary And Script Behaviors - Enable
Download signed ActiveX controls- Prompt
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Enabled
Script ActiveX controls marked safe for scripting - Enable
Access data sources across domains - Disable
Drag and drop or copy and paste files - Disable
Installation of desktop items - Disable
Launching programs and files in an IFRAME - Disable
Navigate sub-frames across different domains - Disable
Software channel permissions (High safety)
Userdata persistance - Disable
Allow paste operations via script - Disable
Scripting of Java applets - Prompt
to automatically update patches and my anti-malware?
What is Scripting of Java applets suppose to be used for?
Is this good for the Internet zone:
Run components not signed with Authenticode - Disable
Run components signed with Authenticode - Prompt
Automatic Prompting For ActiveX Controls - Disable
Binary And Script Behaviors - Enable
Download signed ActiveX controls- Prompt
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Enabled
Script ActiveX controls marked safe for scripting - Enable
Access data sources across domains - Disable
Drag and drop or copy and paste files - Disable
Installation of desktop items - Disable
Launching programs and files in an IFRAME - Disable
Navigate sub-frames across different domains - Disable
Software channel permissions (High safety)
Userdata persistance - Disable
Allow paste operations via script - Disable
Scripting of Java applets - Prompt
G
Galen
In Dan <[email protected]> had this to say:
My reply is at the bottom of your sent message:
You'll get a lot of prompts with that. Disable the launching of apps in
IFRAME is always a good measure. Navigation sub-frames isn't always a bad
thing. Sometimes, say in the Microsoft Expert Zone chat, you will want to be
able to paste data in to post. Setting it to disable will prevent that from
happening.
http://www.nwnetworks.com/iezones.htm
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
My reply is at the bottom of your sent message:
If I set Software Channel Permissions to high security, will I still
be able to automatically update patches and my anti-malware?
What is Scripting of Java applets suppose to be used for?
Is this good for the Internet zone:
Run components not signed with Authenticode - Disable
Run components signed with Authenticode - Prompt
Automatic Prompting For ActiveX Controls - Disable
Binary And Script Behaviors - Enable
Download signed ActiveX controls- Prompt
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Enabled
Script ActiveX controls marked safe for scripting - Enable
Access data sources across domains - Disable
Drag and drop or copy and paste files - Disable
Installation of desktop items - Disable
Launching programs and files in an IFRAME - Disable
Navigate sub-frames across different domains - Disable
Software channel permissions (High safety)
Userdata persistance - Disable
Allow paste operations via script - Disable
Scripting of Java applets - Prompt
You'll get a lot of prompts with that. Disable the launching of apps in
IFRAME is always a good measure. Navigation sub-frames isn't always a bad
thing. Sometimes, say in the Microsoft Expert Zone chat, you will want to be
able to paste data in to post. Setting it to disable will prevent that from
happening.
http://www.nwnetworks.com/iezones.htm
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
G
Galen
In Dan <[email protected]> had this to say:
My reply is at the bottom of your sent message:
Additionally? I dug this up:
http://search.msn.com/results.aspx?q=recommended+settings+security+zone+internet+explorer&FORM=QBHP
I know it's just a search but the first links are actually really pretty
good and well worth checking into.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
My reply is at the bottom of your sent message:
If I set Software Channel Permissions to high security, will I still
be able to automatically update patches and my anti-malware?
What is Scripting of Java applets suppose to be used for?
Is this good for the Internet zone:
Run components not signed with Authenticode - Disable
Run components signed with Authenticode - Prompt
Automatic Prompting For ActiveX Controls - Disable
Binary And Script Behaviors - Enable
Download signed ActiveX controls- Prompt
Download unsigned ActiveX controls - Disable
Initialize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Enabled
Script ActiveX controls marked safe for scripting - Enable
Access data sources across domains - Disable
Drag and drop or copy and paste files - Disable
Installation of desktop items - Disable
Launching programs and files in an IFRAME - Disable
Navigate sub-frames across different domains - Disable
Software channel permissions (High safety)
Userdata persistance - Disable
Allow paste operations via script - Disable
Scripting of Java applets - Prompt
Additionally? I dug this up:
http://search.msn.com/results.aspx?q=recommended+settings+security+zone+internet+explorer&FORM=QBHP
I know it's just a search but the first links are actually really pretty
good and well worth checking into.
Galen
--
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes
G
Guest
I have McAfee Security Center installed. Should I keep "Script ActiveX
controls marked safe for scripting" enabled, since it needs to use ActiveX
controls?
What is administrator approved anyway?
And when would I need to use "Run components signed with Authenticode"?
controls marked safe for scripting" enabled, since it needs to use ActiveX
controls?
What is administrator approved anyway?
And when would I need to use "Run components signed with Authenticode"?