Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

It is ok for a home user on WinXP to set IE6's Security Settings to
'Medium'.

Are there any malware exploits, malicious websites, etc which might
cause my PC damage on that setting?

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com says...
> It is ok for a home user on WinXP to set IE6's Security Settings to
> 'Medium'.
>
> Are there any malware exploits, malicious websites, etc which might
> cause my PC damage on that setting?

There is a very good explanation of how you should have your internet
security settings configured available from Microsoft - I'll post the
link at the bottom.

Here is what I tell clients when asked about IE Security:

In the last month we've seen a large number of customers and friends
that have home computers that are constantly getting pop-ups and other
nasties. The easiest way to clean a machine is to download SpyBot Search
and Destroy from http://www.safer-networking.org/in [...] e=download
and the update and run it several times (about half-way down the page).

Once you get your machine cleaned, you can make the following changes to
your Internet Explorer settings to help keep web sites from installing
bad things on your computers.

There are a couple simple things that you can do if you are using IE,
they make browsing a little more of a challenge, but they make it more
secure and still provide full ability on sites you trust:

1) Open IE, select TOOLS, Internet Options
2) Select Security TAB
3) Select "Internet" globe
4) Click DEFAULT LEVEL, then SELECT HIGH
5) Select "Custom Level"
6) Select "Scripting - Active Scripting - Prompt"
7) Click OK
8) Select "Trusted Sites Check Mark Circle"
9) Select "SITES", uncheck "Require Server Verification" - you will be
adding the normal and secure sites in here that you trust, if you don't
uncheck this you can't enter non-secure sites in this list.
10) Type "http://v4.windowsupdate.microsoft.com" in the ADD box and
click ADD
11) Type "http://Windowsupdate.microsoft.com" in the ADD box and click
ADD, click OK to close window
12) Click "Default Level" then change to "Medium".
13) Select "Privacy" tab, set to MEDIUM HIGH
14) Select "General" tab, select "Temporary Internet Files - Settings"
15) Select "Every visit to the page"
16) Select 20MB for the temp internet files size, click OK
17) Select "Advanced" Tab
18) Uncheck both "Enable Install On Demand" items
19) Uncheck "Enable third-party browser extensions"
20) Uncheck "Play Animations, sounds, videos in web pages"
21) Select/Check "Empty Temporary Internet file folder..."
22) Click OK to close the settings window

Now, when you browse to a site you want to trust, it may not work, you
are going to have to ADD the site to the TRUSTED SITES in the OPTIONS /
SECURITY tab. This can be a real pain, but it can save your butt when it
comes to sites that can compromise your system.

You will find that after the first week that you are not adding sites to
the list any more and that you're experience is a lot nicer, less pop-
ups, and less chance for something to hack your browser.

Don't forget, you should only ADD TRUSTED SITES to the list. Even if you
make a mistake, we set the TRUSTED SITES to MEDIUM in stead of it's
default LOW, but you really want to limit the ones you add to verifiable
commercial quality sites.

The Microsoft version of this suggestion is at:
http://www.microsoft.com/security/ [...] tings.mspx

If I were you, I would download and install Mozilla Firefox 0.9.2 from:
http://www.mozilla.org/download.html

I use Mozilla on almost every web site, except MS Outlook Web Access
sites, and it's a very capable browser, even works at my online bank.

Good Luck,
Mark

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...
> In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com says...
> > It is ok for a home user on WinXP to set IE6's Security Settings to
> > 'Medium'.
> >
> > Are there any malware exploits, malicious websites, etc which might
> > cause my PC damage on that setting?
>
> There is a very good explanation of how you should have your internet
> security settings configured available from Microsoft - I'll post the
> link at the bottom.

>-- snip--<
> If I were you, I would download and install Mozilla Firefox 0.9.2 from:
> http://www.mozilla.org/download.html
>
> I use Mozilla on almost every web site, except MS Outlook Web Access
> sites, and it's a very capable browser, even works at my online bank.

Firefox is a joke in comparison to features. Teach SECURITY, not options
that are woeful in comparison.

RaYzor

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

"RaYzor" <no@no.no.net.org.tv.com.edu.welf> wrote in newshZNc.85561
$bp1.37922@twister.nyroc.rr.com:

>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...
>> In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com
says...
>> > It is ok for a home user on WinXP to set IE6's Security Settings to
>> > 'Medium'.
>> >
>> > Are there any malware exploits, malicious websites, etc which might
>> > cause my PC damage on that setting?
>>
>> There is a very good explanation of how you should have your internet
>> security settings configured available from Microsoft - I'll post the
>> link at the bottom.
>
>>-- snip--<
>> If I were you, I would download and install Mozilla Firefox 0.9.2
from:
>> http://www.mozilla.org/download.html
>>
>> I use Mozilla on almost every web site, except MS Outlook Web Access
>> sites, and it's a very capable browser, even works at my online bank.
>
> Firefox is a joke in comparison to features. Teach SECURITY, not
options
> that are woeful in comparison.
>
> RaYzor
>
>

A jewel from RaYzor the ZA security expert's expert. I am sure it meet
his tests. ;-)

Duane

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

RaYzor wrote:
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...

> > If I were you, I would download and install Mozilla Firefox 0.9.2 from:
> > http://www.mozilla.org/download.html
> >
> > I use Mozilla on almost every web site, except MS Outlook Web Access
> > sites, and it's a very capable browser, even works at my online bank.
>
> Firefox is a joke in comparison to features. Teach SECURITY, not options
> that are woeful in comparison.

Security is about making choices. Less options is usually better than more
vulnerabilities, especially if the options in question are superfluous to
the task.

Follow-ups set.

Thor

--
http://www.anta.net/

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

> It is ok for a home user on WinXP to set IE6's Security Settings to
> 'Medium'.

I have mine set to low, and then I go looking for trouble
to see if I can block it ( job ). So far, I've been able to
stop malicious sites with 2 apps. PopupStopper and
f-secure ( McAffee at home ). F-secure in particular
seems socially aware, and speaks up about malware
coming down .. and stops it. Believe me when I say
I've been on some pretty crummy sites, and let them
have a go at my machine. So far, about the only
problem I've had from these sites is spam. No problem.
I have two spam filters running interference for me on
my email accounts ( Postini and a work el-cheapo ).
Spybot complains a bit about garbage in Temp Internet
Files, but gets it. I find it easier to just delete that stuff
fairly often. Occasionally, I do find a site that is really
trying to do harm, but then I do my best to put that
individual in prison. I don't hesitate to call the FTC and
their State Attorney Generals office and file a complaint
spelling out exactly what I have learned about them.
You will be fine as long as you have a good AV program,
and run PopupStopper. Your greatest threat is email.
There, you really need Postini ... not one of the local
so-called filters. You need layers of defense before
that email gets to you.

johns

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

In comp.security.misc RaYzor <no@no.no.net.org.tv.com.edu.welf> wrote:

> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b71f044c9168f4c98a7fb@news-server.columbus.rr.com...
>> In article <9534CCE6F133431E75@127.0.0.1>, franklin_lo@mail.com says...
>> > It is ok for a home user on WinXP to set IE6's Security Settings to
>> > 'Medium'.
>> >
>> > Are there any malware exploits, malicious websites, etc which might
>> > cause my PC damage on that setting?
>>
>> There is a very good explanation of how you should have your internet
>> security settings configured available from Microsoft - I'll post the
>> link at the bottom.

>>-- snip--<
>> If I were you, I would download and install Mozilla Firefox 0.9.2 from:
>> http://www.mozilla.org/download.html
>>
>> I use Mozilla on almost every web site, except MS Outlook Web Access
>> sites, and it's a very capable browser, even works at my online bank.

> Firefox is a joke in comparison to features. Teach SECURITY, not options
> that are woeful in comparison.

Security -is- about being careful with features. IE throws in and uses
everuthing like a turkish market, mozilla has a few *selected* features
well designed and working.

The popup blocking alone would be strong reasons to consider mozilla.




--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

Franky <franklin_lo@mail.com> wrote in news:9534CCE6F133431E75@127.0.0.1:

> It is ok for a home user on WinXP to set IE6's Security Settings to
> 'Medium'.
>
> Are there any malware exploits, malicious websites, etc which might
> cause my PC damage on that setting?

In view of recent events you may think it wiser to use the 'High' setting,
or even to suspend use of IE6. See:

http://news.bbc.co.uk/1/hi/technology/3840101.stm
http://www.microsoft.com/windows/i [...] tings.mspx

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

Leythos <void@nowhere.com> wrote:
>
> Once you get your machine cleaned, you can make the following
> changes to your Internet Explorer settings to help keep web
> sites from installing bad things on your computers.
>
> There are a couple simple things that you can do if you are
> using IE, they make browsing a little more of a challenge, but
> they make it more secure and still provide full ability on
> sites you trust: {pasted below]


Mark/Leythos

When I tried these settings you recommended I found there were
quite a few sites which I could not access properly.

Are some of your settings below more "aggressive" than is really
necessary wand which I could weaken off?

Franky


>
> 1) Open IE, select TOOLS, Internet Options
> 2) Select Security TAB
> 3) Select "Internet" globe
> 4) Click DEFAULT LEVEL, then SELECT HIGH
> 5) Select "Custom Level"
> 6) Select "Scripting - Active Scripting - Prompt"
> 7) Click OK
> 8) Select "Trusted Sites Check Mark Circle"
> 9) Select "SITES", uncheck "Require Server Verification" - you
> will be adding the normal and secure sites in here that you
> trust, if you don't uncheck this you can't enter non-secure
> sites in this list. 10) Type
> "http://v4.windowsupdate.microsoft.com" in the ADD box and
> click ADD 11) Type "http://Windowsupdate.microsoft.com" in the
> ADD box and click ADD, click OK to close window
> 12) Click "Default Level" then change to "Medium".
> 13) Select "Privacy" tab, set to MEDIUM HIGH
> 14) Select "General" tab, select "Temporary Internet Files -
> Settings" 15) Select "Every visit to the page"
> 16) Select 20MB for the temp internet files size, click OK
> 17) Select "Advanced" Tab
> 18) Uncheck both "Enable Install On Demand" items
> 19) Uncheck "Enable third-party browser extensions"
> 20) Uncheck "Play Animations, sounds, videos in web pages"
> 21) Select/Check "Empty Temporary Internet file folder..."
> 22) Click OK to close the settings window
>
> Now, when you browse to a site you want to trust, it may not
> work, you are going to have to ADD the site to the TRUSTED
> SITES in the OPTIONS / SECURITY tab. This can be a real pain,
> but it can save your butt when it comes to sites that can
> compromise your system.
>

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

In article <953B8C24F7F231E75@127.0.0.1>, franklin_lo@mail.com says...
> When I tried these settings you recommended I found there were
> quite a few sites which I could not access properly.
>
> Are some of your settings below more "aggressive" than is really
> necessary wand which I could weaken off?

No, they are not more "aggressive" if you want to be secure. The sites
that don't work, if you trust them, need to be added to your trusted
zone - make sure that you set the trusted Zone to Medium.

I use IE in this mode until I find a site I trust and then add it to my
trusted zone (set to Medium). I also use Firefox 0.9.1 on my system and
have not had to worry about most sites using it's default settings.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

On Wed, 04 Aug 2004 13:46:36 +0100, Franky wrote:
>
> When I tried these settings you recommended I found there were
> quite a few sites which I could not access properly.
>
> Are some of your settings below more "aggressive" than is really
> necessary wand which I could weaken off?


It is kinda funny, Microsoft recommands you realy tighten down and
only place sites you know are safe in the safe list.

You have to ask yourself; the company which knows what is wrong with
their product but does not want people to think the product is
insecure, but tells you to realy tighten down something, do you want
to run in a "more weaken" mode.

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

In article <slrnch1ofi.c2l.BitTwister@wb.home.invalid>,
BitTwister@localhost.localdomain says...
> On Wed, 04 Aug 2004 13:46:36 +0100, Franky wrote:
> >
> > When I tried these settings you recommended I found there were
> > quite a few sites which I could not access properly.
> >
> > Are some of your settings below more "aggressive" than is really
> > necessary wand which I could weaken off?
>
>
> It is kinda funny, Microsoft recommands you realy tighten down and
> only place sites you know are safe in the safe list.
>
> You have to ask yourself; the company which knows what is wrong with
> their product but does not want people to think the product is
> insecure, but tells you to realy tighten down something, do you want
> to run in a "more weaken" mode.

Yea, that's one reason I use FireFox 0.9.x on my Windows system, except
for sites that must have IE.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,microsoft.public.windowsxp.security_admin (More info?)

Franky wrote:
> Leythos <void@nowhere.com> wrote:
>
>>Once you get your machine cleaned, you can make the following
>>changes to your Internet Explorer settings to help keep web
>>sites from installing bad things on your computers.
>>
>>There are a couple simple things that you can do if you are
>>using IE, they make browsing a little more of a challenge, but
>>they make it more secure and still provide full ability on
>>sites you trust: {pasted below]
>
>
>
> Mark/Leythos
>
> When I tried these settings you recommended I found there were
> quite a few sites which I could not access properly.
>
> Are some of your settings below more "aggressive" than is really
> necessary wand which I could weaken off?
>

Depends how often you want to have to reinstall Windows.

Steve