Internet Explorer 7 to have tighter security zone settings



One of the changes Internet explorer 7.0 will see is a tightening of restrictions on the zone settings. Currently, there are four security zones for web sites: Internet, Intranet, Trusted Sites and Restricted Sites. Explorer tries to autodetect if a site is within the intranet (which becomes more trusted), or the internet (which becomes less trusted. The problem is this detection can be tricked and so, malicious websites can run in a less restrictive zone.


The fix for the problem is to NOT use the intranet zone unless the machine is part of a Windows Domain. One question I have is… does this mean that in a Windows domain environment, there’s still the possibility that a malicious site could masquerade as an intranet site? It sounds like that may be a chink in the armor. (How about not enabling intranet for ANY installs by default?) Though there is further detail that other zones will get locked down a bit tighter too…

Microsoft is also taking steps to lock down the Internet and Trusted Sites zones.

If a URL is in the Trusted Sites, it is given complete access, such as automatically installing ActiveX controls without permission. However, such capability has opened the zone up to abuse. For example, malware could automatically add a malicious site to the Trusted list. That will change in IE7.

In the future, Trusted Sites will be given a default security setting of Medium, the same level as the Internet zone in IE6. Users can manually change the security level back if they so please. “We find that many users don’t understand how powerful a site becomes when they make it a Trusted Site,” says Gupta.

The Internet zone in IE7 has been moved to a new Medium-High security setting. The change means ActiveX controls will be disabled by default, and users must enable them as needed through the yellow Information Bar. Windows Vista will go even further by running in a “Protected Mode” that runs IE in isolation.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Cyber Security | Cyber Security Removal Guide Cyber Security is a rogue antivirus application. It is in the same family as totalsecurity (total security Removal Guide) and SystemSecurity. This software installs through web popups and trojan horse activity makes false claims about your system being compromised by viruses and other security problems, hijacks we browser activity claiming......
  • Internet Explorer 7 on linux Haven't had the chance to try this one firsthand yet, although I've been watching for this. You may be familiar with ies4linux which is a script that uses wine to download/install multiple versions of Internet Explorer on a linux install. (But why oh why would you do this?) For many......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
Blog Traffic Exchange Related Websites
  • Exactly How I Was Able To Develop A Steady Income On The Internet With My Own Web Site The internet is a place that many folks are turning to in order to make a little extra cash each and every month, or even as a technique to make loads of cash. You'll find that there are loads of different approaches you can take if you wish to start......
  • SEO Benefits from Links on Sites with Great Page Rank Search engine optimisation is most effective when a diverse array of tools and techniques are employed in unison, and PageRank is just one factor of many. The message from the world’s number one search engine (it starts with a G) is that PageRank is not the be all and end......
  • Be An Affiliate - Generate A Profit Over The Internet Trusted Authority Formula Affiliate internet marketing is in my view the easiest way to earn cash on or off-line considering you don't demand any working experience to have started and you can encourage virtually something you are able to consider considering you can find affiliate deals, goods, and providers to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site