Internet Explorer 7 Desktop Security Guide Enhancing Internet Explorer Security for Desktop Users

Total Page:16

File Type:pdf, Size:1020Kb

Internet Explorer 7 Desktop Security Guide Enhancing Internet Explorer Security for Desktop Users Internet Explorer 7 Desktop Security Guide Enhancing Internet Explorer Security for Desktop Users Published July 2007 For the latest information, see http://www.microsoft.com/ie Version 2.0 Copyright © 2007 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below. If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user’s particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious. Microsoft, Windows, ActiveX, Authenticode, Excel, Internet Explorer, MSDN, Outlook, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them. Contents Executive Summary ........................................................................................................................................ 1 Introduction: Increasing Browser Security ....................................................................................................... 2 Managing Internet Explorer 7 .......................................................................................................................... 2 Security Zones ................................................................................................................................................ 3 Modifying Zone Settings in Internet Explorer 7 ........................................................................................... 4 Zone Determination .................................................................................................................................... 4 Changes to the Security Zone Model in Internet Explorer 7 ....................................................................... 5 Other Security Settings .............................................................................................................................. 5 New Security Features in Internet Explorer 7.................................................................................................. 5 Internet Explorer Protected Mode .............................................................................................................. 6 ActiveX Opt-in ............................................................................................................................................ 6 Cross-Domain Scripting Attack Protection ................................................................................................. 6 Security Status Bar .................................................................................................................................... 6 Phishing Filter ............................................................................................................................................ 7 Recommendations for Increased Security ...................................................................................................... 8 Zone Security Recommendations .............................................................................................................. 8 Enable Zone Elevation Protection ......................................................................................................... 8 Do not allow users to add/delete sites from Security Zones .................................................................. 9 Do not allow users to change policies for Security Zones ..................................................................... 9 Do Not Configure Security Zones: Use Only Machine Settings ............................................................. 9 Certificate Security Recommendations .....................................................................................................10 Prevent users from navigating to sites that have certificate errors .......................................................10 Active Content Security Recommendations ..............................................................................................10 Restrict ActiveX Install ..........................................................................................................................11 Add ActiveX controls and plug-ins to pre-approved list ........................................................................11 Disable active scripting in response to specific threats.........................................................................11 Enable Scripted Window Security Restrictions .....................................................................................12 Reducing Application Privilege Recommendations ...................................................................................12 Turn on Protected Mode in Windows Vista ...........................................................................................12 Use DropMyRights with Windows XP ...................................................................................................13 Privacy Settings Recommendations ..........................................................................................................13 Set the Privacy Slider to at least Medium .............................................................................................14 Empty Temporary Internet Files folder when browser is closed ...........................................................14 Set Form AutoComplete options to Disabled ........................................................................................15 Configure Logon options for each Security Zone .................................................................................15 Enable the Phishing Filter .....................................................................................................................16 Other Security Settings Recommendations ...............................................................................................18 Do not save encrypted pages to disk....................................................................................................18 Disable Automatic Install of Internet Explorer components ..................................................................18 Disable Periodic Check for Internet Explorer software updates ............................................................19 Disable software update shell notifications on program launch ............................................................19 Make proxy settings per machine (rather than per user) ......................................................................19 Turn off Crash Detection ......................................................................................................................20 Restrict File Download ..........................................................................................................................20 Disable Allow File Downloads for Restricted Sites Zone ......................................................................20 Enable Data Execution Prevention .......................................................................................................20 Do not allow users to enable or disable add-ons ..................................................................................21
Recommended publications
  • Scala Infochannel Player Setup Guide
    SETUP GUIDE P/N: D40E04-01 Copyright © 1993-2002 Scala, Inc. All rights reserved. No part of this publication, nor any parts of this package, may be copied or distributed, transmitted, transcribed, recorded, photocopied, stored in a retrieval system, or translated into any human or computer language, in any form or by any means, electronic, mechanical, magnetic, manual, or otherwise, or disclosed to third parties without the prior written permission of Scala Incorporated. TRADEMARKS Scala, the exclamation point logo, and InfoChannel are registered trademarks of Scala, Inc. All other trademarks or registered trademarks are the sole property of their respective companies. The following are trademarks or registered trademarks of the companies listed, in the United States and other countries: Microsoft, MS-DOS, Windows, Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, DirectX, DirectDraw, DirectSound, ActiveX, ActiveMovie, Internet Explorer, Outlook Express: Microsoft Corporation IBM, IBM-PC: International Business Machines Corporation Intel, Pentium, Indeo: Intel Corporation Adobe, the Adobe logo, Adobe Type Manager, Acrobat, ATM, PostScript: Adobe Systems Incorporated TrueType, QuickTime, Macintosh: Apple Computer, Incorporated Agfa: Agfa-Gevaert AG, Agfa Division, Bayer Corporation “Segoe” is a trademark of Agfa Monotype Corporation. “Flash” and “Folio” are trademarks of Bauer Types S.A. Some parts are derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. JPEG file handling is based in part on the work of the Independent JPEG Group. Lexsaurus Speller Technology Copyright © 1992, 1997 by Lexsaurus Software Inc. All rights reserved. TIFF-LZW and/or GIF-LZW: Licensed under Unisys Corporation US Patent No. 4,558,302; End-User use restricted to use on only a single personal computer or workstation which is not used as a server.
    [Show full text]
  • Common Tasks
    Common Tasks • Browser Settings for Internet Explorer, on page 1 • Browser Settings for Firefox, on page 2 • Sign In to Finesse Desktop, on page 3 • Accept Security Certificates, on page 4 • Accept Certificates for Live Data Gadget, on page 6 • Accept Certificates for Multi-session Chat and Email, on page 7 • Sign Out of the Finesse Desktop, on page 7 • Live Data Reports, on page 8 • View My History, on page 9 • View Context Service Data, on page 10 Browser Settings for Internet Explorer If Internet Explorer is used to access the Finesse desktop, certain settings must be configured in the browser to ensure all features of Finesse work properly. 1. Disable pop-up blockers. Finesse does not support Compatibility View. Make sure the desktop is not running in Compatibility View. 2. Configure the following privacy and advanced settings: a. From the browser menu, select Tools > Internet Options. b. Click the Privacy tab. c. Click Sites. d. In the Address of website box, enter the domain name for the Side A Finesse server. e. Click Allow. f. In the Address of website box, enter the domain name for the Side B Finesse server. g. Click Allow. h. Click OK. Common Tasks 1 Common Tasks Browser Settings for Firefox 3. You must enable the following security settings to allow users to sign in: • Run ActiveX controls and plug-ins • Script ActiveX controls marked as safe for scripting • Active scripting To enable these settings: a. From the Internet Explorer browser menu, select Tools > Internet Options. b. Click the Security tab. c. Click Custom level.
    [Show full text]
  • Dell Server Administrator Installation Version 7.4 Release Notes
    Server Administrator Installation and Management 7.4.0 Release Notes Version 7.4.0 Release Date: March 2014 Previous Version 7.3.0 Importance RECOMMENDED: Dell recommends applying this update during your next scheduled update cycle. The update contains feature enhancements or changes that will help keep your system software current and compatible with other system modules (firmware, BIOS, drivers and software). What’s New • Intel and Broadcom SNMP Agents 64-bit versions are available as part of the 64-bit server administrator installer. • srvadmin-cm RPM 64-bit version is available as part of the 64-bit Linux installer stack for all supported Linux flavors. Installation • To install Server Administrator on Windows Server 2008 R2 SP1 Core and Windows Server 2012 Core, Windows-on-Windows (WOW) mode must be enabled. • On Microsoft Windows operating systems, run setup.exe from the SYSMGMT\srvadmin\windows directory of the DVD or the software package. Note: This step is not necessary if the DVD runs automatically. • On the Red Hat Enterprise Linux and SUSE Linux Enterprise Server operating systems, to perform an Express Install, execute srvadmin-install.sh -x from the SYSMGMT/srvadmin/linux/supportscripts directory For more information on installation instructions, including silent installation options, see the Server Administrator Installation Guide. User Notes for Supported Windows Operating Systems In the Prerequisite Checker screen, you may get the following message: An error occurred while attempting to execute a Visual Basic Script. Please confirm that Visual Basic files are installed correctly. This error occurs when the Prerequisite Checker calls the vbstest.vbs (a Visual Basic [VB]) script to verify the installation environment and fails for some reason.
    [Show full text]
  • Answering the Diagnostic Questions
    Answering This Incident Report Guide is to help users answer the questions found on the Incident Report Form. the Diagnostic Questions The user may wish to provide the Incident Report form to the IT or CIO at their location to gather this information. In the case where they are not available, or the user is using a private laptop, we have provided this guide as means to help the user find the answers needed to best diagnose the issue at hand. If the user doesn’t already know how to take a screen shot of the issue, they can learn how here. CTRL+Click the Questions you wish to learn about: 1. How often does the issue occur? 2. What is your current operating system? 3. What internet browser were you using? 4. Is “compatibility mode” enabled in your internet browser? 5. What was your location when the issue occurred? 6. What type of internet connection were you using? 7. Are you not able to submit the review because of this issue? 8. What is the name of your antivirus software? 1. HowOnce often: The doesissue only the occurred issue occur? once. If this is the case, please try closing the portal and internet explorer completely and try again. Sporadic: The issue happens at random times. If this is the case, we will ask you to notice when it happens vs. when it doesn’t. Common patterns to look for are: “The issue only happens when I am on-site” or “I only get an error when I click “Store closed” Many: Issue reoccurs continually under certain circumstances.
    [Show full text]
  • Case Study: Internet Explorer 1994..1997
    Case Study: Internet Explorer 1994..1997 Ben Slivka General Manager Windows UI [email protected] Internet Explorer Chronology 8/94 IE effort begins 12/94 License Spyglass Mosaic source code 7/95 IE 1.0 ships as Windows 95 feature 11/95 IE 2.0 ships 3/96 MS Professional Developer’s Conference AOL deal, Java license announced 8/96 IE 3.0 ships, wins all but PC Mag review 9/97 IE 4.0 ships, wins all the reviews IE Feature Chronology IE 1.0 (7/14/95) IE 2.0 (11/17/95) HTML 2.0 HTML Tables, other NS enhancements HTML <font face=> Cell background colors & images Progressive Rendering HTTP cookies (arthurbi) Windows Integration SSL Start.Run HTML (MS enhancements) Internet Shortcuts <marquee> Password Caching background sounds Auto Connect, in-line AVIs Disconnect Active VRML 1.0 Navigator parity MS innovation Feature Chronology - continued IE 3.0 (8/12/96) IE 3.0 - continued... IE 4.0 (9/12/97) Java Accessibility Dynamic HTML (W3C) HTML Frames PICS (W3C) Data Binding Floating frames HTML CSS (W3C) 2D positioning Componentized HTML <object> (W3C) Java JDK 1.1 ActiveX Scripting ActiveX Controls Explorer Bars JavaScript Code Download Active Setup VBScript Code Signing Active Channels MSHTML, SHDOCVW IEAK (corporations) CDF (XML) WININET, URLMON Internet Setup Wizard Security Zones DocObj hosting Referral Server Windows Integration Single Explorer ActiveDesktop™ Navigator parity MS innovation Quick Launch, … Wins for IE • Quality • CoolBar, Explorer Bars • Componetization • Great Mail/News Client • ActiveX Controls – Outlook Express – vs. Nav plug-ins
    [Show full text]
  • How to Use Rules in Outlook and Outlook Express to Forward Email
    How to use rules in Outlook and Outlook Express to forward email. In Outlook Express (6) 1. Click on the Tools menu and select Options. 2. In options select the Send tab. 3. Make sure the settings for Mail Sending Format has the Plain Text radio button selected. 4. Then click the Plain Text Settings button. 5. Leave the Message format on “MIME”. 6. Uncheck the box at the bottom that says “Indent the original text with…”. 7. Click OK. 8. Now click on the Signatures tab. 9. Make sure if you have a signature(s) listed that the box labeled “Don’t add signatures to Replies and Forwards” is checked. Then click OK. 10. Click on the Tools menu and select Message Rules, and then select Mail. 11. Click on the Mail Rules tab. 12. Click the New Button. 13. In the area labeled 1. Select the Conditions for your rule: Select the box next to Where the Subject line contains specific words (in this example we will use the subject but you could use account or email address if desired). 14. Then in the area labeled 2. Select the Actions for your rule: Select the box next to Forward it to people. 15. In the area labeled 3. Rule Description… click on the blue link that says “contains specific words” then type your member code in the box and click on the Add Button and then click OK. 16. Then in the same area click on the blue link that says “people”, then type in the email address of where you want the email to automatically forward to and then click OK.
    [Show full text]
  • Planning for Internet Explorer and the IEAK
    02_Inst.fm Page 15 Monday, October 16, 2000 9:40 AM TWO 2Chapter 2 Planning for Internet Explorer and the IEAK LChapter Syllabus In this chapter, we will look at material covered in the Planning section of Microsoft’s Implementing MCSE 2.1 Addressing Technical Needs, Rules, and Policies and Supporting Microsoft Internet Explorer 5 by using the Internet Explorer Administration Kit exam MCSE 2.2 Planning for Custom (70-080). After reading this chapter, you should be Installations and Settings able to: MCSE 2.3 Providing Multiple • Identify and evaluate the technical needs of business Language Support units, such as Internet Service Providers (ISPs), con- tent providers, and corporate administrators. MCSE 2.4 Providing Multiple Platform Support • Design solutions based on organizational rules and policies for ISPs, content providers, and corporate MCSE 2.5 Developing Security Strategies administrators. • Evaluate which components to include in a custom- MCSE 2.6 Configuring for Offline ized Internet Explorer installation package for a given Viewing deployment scenario. MCSE 2.7 Replacing Other Browsers • Develop appropriate security strategies for using Internet Explorer at various sites, including public MCSE 2.8 Developing CMAK kiosks, general business sites, single-task-based sites, Strategies and intranet-only sites. 15 02_Inst.fm Page 16 Monday, October 16, 2000 9:40 AM 16 Chapter 2 • Planning for Internet Explorer and the IEAK • Configure offline viewing for various types of users, including gen- eral business users, single-task users, and mobile users. • Develop strategies for replacing other Internet browsers, such as Netscape Navigator and previous versions of Internet Explorer. • Decide which custom settings to configure for Microsoft Outlook Express for a given scenario.
    [Show full text]
  • Questfields EXTRACT
    QuestFields EXTRACT: Full-Page Web Applications and the MO Framework (Section 3 of the QuestFields Client Administration Guide) Legal Notices Copyright © 2009 by MasterObjects, Inc. All rights reserved. U.S. and international patents pending. MasterObjects, QuestObjects, QuestField, Questlet, QOP, and the Q Arrow logo are trademarks or registered trademarks of MasterObjects, Inc. (http://www.masterobjects.com) in the United States and other countries. Other trademarks used in this document are the property of their respective owners. Screen shots were used to the benefit of their respective copyright owners, for informational purposes only. Use of trademarks or screen shots is not intended to convey endorsement or other affiliation with MasterObjects. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher or copyright owner. MasterObjects has tried to make the information contained in this publication as accurate and reliable as possible, but assumes no responsibility for errors or omissions. MasterObjects disclaims any warranty of any kind, whether express or implied, as to any matter whatsoever relating to this publication, including without limitation the merchantability or fitness for any particular purpose. In no event shall MasterObjects be liable for any indirect, special, incidental, or consequential damages arising out of purchase or use of this
    [Show full text]
  • Internet Explorer 11 Settings for Web Client
    Internet Explorer 11 Settings for Web Client. Summary of Changes being performed: Change Compatibility View 1. Click on Tools, then Compatibility View Settings a. 2. Click Add and the web address will move down to the Websites box 3. Click Close 4. If the page does not refresh, close the tab and then reopen. Internet Explorer 11 Settings 1. Adding the site to the Trusted sites zone 2. Change the Security settings for the Trusted Sites. 1. To add the site to the Trusted Sites list. a. Click on Tools then Internet Options. Explorer 11 Settings Page 1 of 12 Joe Arcara b. c. Click on the Security tab. Explorer 11 Settings Page 2 of 12 Joe Arcara d. e. Select (click on) the Trusted Sites Zone f. Click on the Sites box. Explorer 11 Settings Page 3 of 12 Joe Arcara g. h. If the website https://direct.imagedepositgateway.com is not already in the Websites box, click on Add button to put the site on the list. If it is already in the Websites box, you do not need to do anything, just click Close. i. Explorer 11 Settings Page 4 of 12 Joe Arcara j. Click Close to return to the Security Tab. Explorer 11 Settings Page 5 of 12 Joe Arcara 2. Set Security for the Trusted Sites Zone. a. b. Click on Custom Level c. Set the Reset To: drop down list to Medium-low Explorer 11 Settings Page 6 of 12 Joe Arcara d. e. Click on Reset to set the level. f. g.
    [Show full text]
  • Getting Started with Outlook Express for Windows 2000/XP Author Marcie Matsuo Revised by Darren Kato
    WIN9X015 November 2005 Getting Started With Outlook Express For Windows 2000/XP Author Marcie Matsuo Revised by Darren Kato Introduction.................................................................................................................................1 What is Outlook Express ............................................................................................................1 Requirements ..............................................................................................................................2 Where do I get Outlook Express.................................................................................................2 Issues...........................................................................................................................................2 POP and IMAP ...........................................................................................................................2 Installing Outlook Express..........................................................................................................3 Configuring Outlook Express .....................................................................................................3 Using Outlook Express ...............................................................................................................9 Importing Messages From Other Mail Programs .....................................................................12 Using the Address Book ...........................................................................................................14
    [Show full text]
  • Configure IE for Projectwise Web
    June 2018 Chang e th e doc um ent titl e usin g th e p rop erties opti on o n th e Jac obs Rib bonProject NameClient Na me Configure IE for ProjectWise Web Accessing ProjectWise through the ProjectWise web application can be a quick way to access and upload project content. This does not require installing ProjectWise Explorer. However, it is important to note that there is not “Application Integration” via ProjectWise web. This means that drawing files cannot be opened in native CAD applications for example. It is always preferred to use ProjectWise Explorer to ensure proper configurations and especially when working with any type of CAD files. Follow the below instructions to ensure ProjectWise web is configured properly: Prerequisites • ProjectWise Web ONLY supports Internet Explorer o IE must be Version 7 or higher o No support for Chrome, Firefox, or other browsers Overview • User must have ability to install ActiveX controls on their computer, or Active X must be pre-installed • Ensure IE pop-blockers are disabled • Add the appropriate url to IE Trusted Sites lists Trusted Sites • Open the Tools > Internet Options > Security tab, click on Trusted Sites 1 June 2018 • Click the Sites button to open the Trusted Sites dialog • Toggle on Require server verification… • Enter https://pww-us.ch2m.com, click Add • Turn off Require server verification… • Repeat and enter about:blank in the Add this website field and click Add • Select OK or Close to close the Trusted Sites dialog and the Internet Options dialog Configure Internet Explorer
    [Show full text]
  • Why Websites Can Change Without Warning
    Why Websites Can Change Without Warning WHY WOULD MY WEBSITE LOOK DIFFERENT WITHOUT NOTICE? HISTORY: Your website is a series of files & databases. Websites used to be “static” because ​ there were only a few ways to view them. Now we have a complex system, and telling your webmaster what device, operating system and browser is crucial, here’s why: TERMINOLOGY: You have a desktop or mobile “device”. Desktop computers and mobile ​ ​ ​ devices have “operating systems” which are software. To see your website, you’ll pull up a ​ ​ ​ ​ “browser” which is also software, to surf the Internet. Your website is a series of files that ​ ​ needs to be 100% compatible with all devices, operating systems and browsers. Your website is built on WordPress and gets a weekly check up (sometimes more often) to ​ ​ ​ see if any changes have occured. Your site could also be attacked with bad files, links, spam, comments and other annoying internet pests! Or other components will suddenly need updating which is nothing out of the ordinary. WHAT DOES IT LOOK LIKE IF SOMETHING HAS CHANGED? Any update to the following can make your website look differently: There are 85 operating ​ systems (OS) that can update (without warning). And any of the most popular roughly 7 ​ ​ ​ browsers also update regularly which can affect your site visually and other ways. (Lists below) ​ Now, with an OS or browser update, your site’s 18 website components likely will need ​ ​ updating too. Once website updates are implemented, there are currently about 21 mobile ​ devices, and 141 desktop devices that need to be viewed for compatibility.
    [Show full text]