Tag Archives: internet explorer

Script-blocking in Internet Explorer

25 Sep

So, what does Microsoft’s browser offer to those who want to put active web pages on hold?

In a nutshell: quite a bit, but it’s designed for someone managing a standard configuration for hundreds of computers, so it can be cumbersome if what you want is to heavily customise one or two.

The security settings in Internet Explorer revolve around the idea of security zones. This is a fairly good approach, because if you think about it, there are really only a few categories of sites: trusted sites, sites that you definitely don’t trust, and sites that you don’t know or haven’t decided about yet. NoScript has a similar idea.

So, by default, pretty much everything is in the Internet zone, which defaults to a moderate level of security. To improve on this, you can go to Tools-Internet Options-Security, then choose the Internet zone and either just crank it up to High security, or else go into the extensive list of customisation options (more details in future post(s)). You can disable JavaScript, ActiveX objects, and plugins from here, among other things.

When you want to whitelist a site, things are slower than NoScript. You’ll need to copy the site’s address, go back to your Security options, choose the Trusted Sites zone, and add a new entry for the site. You can also decide which permissions the Trusted Sites zone will have, just as you did for the Internet zone.

The Restricted Sites zone is similar in concept to NoScript’s Untrusted list. It defaults to High Security, with active content blocked. If you use restrictive settings for the Internet zone, you probably won’t need it, but it’s there if you really want to lock down a particular site.

There are also two special zones that Internet Explorer can control: Local Intranet and My Computer.

The Local Intranet zone is for sites on your local network. How much you trust them depends on the type of network that you’re in; if you have two computers at home, they probably trust each other, whereas if you’re on a public Wi-Fi network, then raise the security for this zone to maximum!

The last zone, My Computer, is hidden from you by default. It controls the permissions given to active content saved on your hard drive. Depending on how paranoid you are, you might not need to activate and change this zone, but if you want to know what it’s doing, or if you really want to lock things down, then instructions are in the Microsoft Knowledge Base:
http://support.microsoft.com/kb/315933

For an individual user, using a high security level in Internet Explorer will be more cumbersome than Firefox + NoScript or Chrome/Chromium. Where Internet Explorer shines is the ability to define standard security policies and apply them to all machines on a network. The administrator can even tell Windows to prevent users from changing those policies. So it’s probably better suited to your workplace than your home network.

How do you find the security zone settings in Internet Explorer? Do you love the number of options, or loathe the number of steps needed to change anything? Either way, it’s worth getting to know more about the built-in browser for the world’s most popular operating system.

Knowledge is Power

19 Jun

The first step in any effort to secure your browser is to know your browser. Different browsers have different strengths when it comes to security, and whichever one you choose, you need to know how to use it effectively.

If you’re using Internet Explorer, then you’ll need to work with its Security Zones. Each site is assigned to one of four zones – Internet (default), Trusted, Restricted, or Local Intranet – which will determine its privileges.  You should become familiar with the long list of security options that can be switched on and off in each zone (more on these in future posts), and ensure that you’ve set things the way you want them. In particular, pay close attention to the privileges that you give to the default Internet zone. Ordinarily this zone is quite permissive, but if you’re concerned about security, you’ll want to crank it up. Bear in mind that the higher the default security, the more often you’ll need to add sites to the Trusted zone before they will work. If you’re not sure about visiting a site, or you suspect that it’s dangerous, then you can add it to the Restricted zone before you go there. Make sure that each zone has the right level of security for the sites that belong there.

If you’re using Mozilla Firefox, or a related browser like SeaMonkey or Pale Moon, then you should focus on your extensions. Firefox addons can drastically change your browser’s behavior, adding layers of defence that no browser has out-of-the-box. For this reason, Firefox is my personal choice, with a long list of addons installed (RequestPolicy, Adblock Plus, Certificate Patrol, Perspectives, HTTPS Finder, VTZilla, Host Permissions, RefControl, Safe, and various others). In particular, I cannot recommend the NoScript extension highly enough. This little gem, by Giorgio Maone, will give you back control of your browsing – just make sure that you read the documentation first, so that you know what you’re getting in for! It’s a whole different world wide web with NoScript. More to come in my next post.

If you use Google Chrome, or the related Chromium browsers, then you have a more limited selection of addons available, and those that exist don’t always work as well as Firefox addons. Chrome does, however, have strong protections against websites trying to install viruses on your computer, and if one tab crashes, the rest of the browser should theoretically keep going. It also has some useful features that you can turn on, like controlling which sites can run JavaScript; somewhat like NoScript, but much more limited.

Which browser do you use? Which security features or addons are you using? If you don’t know what’s available, it’s worth taking a few minutes to take a look.