Internet Explorer 7 to have tighter security zone settings



One of the changes Internet explorer 7.0 will see is a tightening of restrictions on the zone settings. Currently, there are four security zones for web sites: Internet, Intranet, Trusted Sites and Restricted Sites. Explorer tries to autodetect if a site is within the intranet (which becomes more trusted), or the internet (which becomes less trusted. The problem is this detection can be tricked and so, malicious websites can run in a less restrictive zone.


The fix for the problem is to NOT use the intranet zone unless the machine is part of a Windows Domain. One question I have is… does this mean that in a Windows domain environment, there’s still the possibility that a malicious site could masquerade as an intranet site? It sounds like that may be a chink in the armor. (How about not enabling intranet for ANY installs by default?) Though there is further detail that other zones will get locked down a bit tighter too…

Microsoft is also taking steps to lock down the Internet and Trusted Sites zones.

If a URL is in the Trusted Sites, it is given complete access, such as automatically installing ActiveX controls without permission. However, such capability has opened the zone up to abuse. For example, malware could automatically add a malicious site to the Trusted list. That will change in IE7.

In the future, Trusted Sites will be given a default security setting of Medium, the same level as the Internet zone in IE6. Users can manually change the security level back if they so please. “We find that many users don’t understand how powerful a site becomes when they make it a Trusted Site,” says Gupta.

The Internet zone in IE7 has been moved to a new Medium-High security setting. The change means ActiveX controls will be disabled by default, and users must enable them as needed through the yellow Information Bar. Windows Vista will go even further by running in a “Protected Mode” that runs IE in isolation.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Win Security 360 | Win Security 360 Removal Guide Win Security 360 is a rogue antivirus application that is promoted through the use of trojans and other malware as well as sites that claim to do malware scans of your computer. Among the things that it will do is schedule itself to run when the system boots and it......
  • More information on Titan Rain ("Hack attacks") Earlier this year there was an article or two about a rumored "hack attack" that was ongoing against US Government (and contractor) computer systems. The stories claimed that the attacks seemed to be coming from China. Today I'm seeing a couple of articles on the topic. First up is an......
  • Internet Explorer 7 as High Priority update and the ability to prevent it's auto-download The news has come that Internet Explorer 7 will come out as a high priority security update when it's released later this year. This should mean good things for the folks that are still using IE6 as it will bring quite a few security enhancements. (On a side note, my......
Blog Traffic Exchange Related Websites
  • Exchange Links Properly For Maximum Results Should you know a little bit about search engine optimization, then hopefully you know how valuable backlinks are to this process. The are a lot of kinds of backlinks with some being more beneficial than others, but suffice to say these originating from niche relevant web sites will do you......
  • Reasons to Start Blogging In the 1990's people started to set up websites know as web logs, a term which has been colloquially evolved into the term blog. A blog is a internet website where users post regular article, providing commentary, information, news, and various other forms of posts. Why do individuals start blogging?......
  • Free Private Label Rights The crazy world of the web is a booming business and many find out how the Plr (PLR) is the latest method to earn money simple and easy , inexpensively. All that is needed for this is to buy the products, E-Books, videos, software, etc that you are interested in.......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site