The RPG Maker Resource Kit

RMRK Announcements, Support, Feedback and Archives => RMRK Discussion Archives => Topic started by: :) on November 03, 2006, 02:38:23 AM

Title: IE 6 Config. Guide
Post by: :) on November 03, 2006, 02:38:23 AM: IE 6 Configuration made by synja (thanks synja)

Simple ways to prevent malware and lock down IE.
(This assumes you run XP Pro and have NTFS as your filesystem, some or all of these things will work with other configurations, but I can only guarantee XP Pro with NTFS)

1. Remove execute permissions from the local settings folder for the non-admin account you surf the internet on.

Essentially, this tells Windows that it can't run any program located in any of the sub folders. There shouldn't be any programs in there, but malware has a tendency to end up downloaded and executed there. (This will not stop malware from being downloaded and stored, only the execution.

This can be accomplished by navigating to C:..Documents and Setting..Your User Account..

The local settings folder is hidden, so you may have to go to Tools>>Folder Options>>View>> Show hidden files and Folders (This is a good idea to just have on)

Now, right click on the Local Settings folder, select properties, Security tab, and you can now change the permissions for that folder, and the sub folders within. (Keep in mind that sub folders will inherit permisison fromt he parent folder, so be careful about changing random folder attributes)

File and folder permisisons for Windows XP:

http://support.microsoft.com/?kbid=308418

2. Disable ActiveX scripting in IE

This can be done through Tools>>Internet Options in IE.

This is an important menu when configuring IE, not only can you set up your basic security here, but you can also define zones, I will be getting to this shortly.

For now, go to the Security tab. Click on the Internet icon...And click on Custom Settings. This is where we can define our own security settings for IE, for sites we haven't specifically configured things for.

I myself disable everything having to do with ActiveX, although you may want to choose prompt for signed controls. This means that a digital signature form a "trusted" source says that it is safe. When it prompts you, it will tell you who signed it, and you can make you decision based on that.

RIght underneath the ActiveX security options, I also disable both file and font downloads... But you can have it prompt you if you feel comfortable making the decision on your own, if not, just set both to disabled.

3. Miscellaneous security options in IE

While we are in the same dialog we set our ActiveX options in, scroll down and you will find another set of options.

Basically, I set everything to disable except for Software Channel Permissions, which is High Safety. And Submit Nonencrypted Form Data, which is Prompt.

4. Scripting Options

Still in the same dialog, the next group of setting we come to is Scripting Options.

Disable all 3 options.

5. User Authentication

Last option in the current dialog box is User Authentication... I just set this to ask me for username and password.

6. Zones

Now that we have configured the internet zone, it is time to look at trusted and restricted sites. The way I see it, every site needs to be restricted (as our settings for the internet zone show), until there is a serious need to trust it, such as http://housecall.trendmicro.com which is an online antivirus scanner that until recently, only used ActiveX (Now has a Java based scanner as well), and the Microsoft update site at http://update.microsoft.com

In which case, we simply click on Trusted, and follow the same routing we did the first time, giving the trusted sites the permissions they need.

7. Cookies

Now, it's time to move oon to the Privacy tab of the Internet Options dialog box.

Here, we can tell IE how to handle cookies. I use the High setting by default... and simply add custom rules for sites that I trust, by usin the edit button on this dialog box. The edit button brings up a list of sites that you have set rules for, essentially saying either block all cookies or allow all cookies. Add sites and rules as necessary... For example, forums and the like, tend to need cookies.

8. Proxies

If you would like to use a proxy, this can also be configured in the Internet Options dialog box. Tor is a common proxy, and is the basis for the settings I am going to give in this section. You will have to change the values based on your proxy.

Simply go to the Connections tab.

At the bottom, there is a box called LAN Settings, click the button.

Once in the LAN Settings dialog, click on the Use A Proxy Server For Your LAN option. This will allow you access to the proxy settings. On corporate networks, you may find a single proxy that handles all traffic, but we are not corporate, so we are going to configure individual proxies.

I always check the box for Bypass Proxy for Local Connections, as the proxy would interfere with connecting to the machines on my private network.

Now, we can configure the proxy.

Remember, this is based on Tor and may not apply to your proxy, so use some common sense, and if you don't know, please ask before you do something stupid.

Click on Advanced. THis brings up a list of protocols, and allows you to either configure a specific proxy for all of them, or to just use a single proxy for everything.

Tor is a SOCKS proxy, and we will enter the information in the SOCKS area. 127.0.0.1 is the proxy address, and 9050 is the port.

Click ok.. to exit the menu, and ok to exit the previous menu.

9. The Advanced Tab
Here you will find a list of otions that can either be enabled or disabled.

Most of them you can ignore, they will have no bearing on "security" per se... merely the appearance and behavior of IE.

The ones we need to disable (uncheck) are:
Install on Demand Internet Explorer
Install on Demand (other)

Now... we need to make sure that certain ones are checked... scroll down to the Security section at the bottom...

Make sure the following are checked:
Check for publisher's certificate revocation
Check for server certificate revocation
Use integrated Windows Authentication
Use SSL 2.0
Use SSL 3.0
Use TLS 1.0
Warn about invalid site certificates
Warn if changing between secure and not secure mode (not necessary, but most users won't notice the icon that shows a secure connection is in place)
Warn if forms submittal is being redirected.
(credit synja)

Please dont reply with "use firefox!" imo Firefox is for n**bs.
Title: Re: IE 6 Config. Guide
Post by: Roph on November 03, 2006, 07:37:48 PM: Heh, I was about to reply asking why you just wasted all that time instead of pasting the URL to download firefox.

Why do you think it's for noobs :/

(https://rmrk.net/proxy.php?request=http%3A%2F%2Fimg175.imageshack.us%2Fimg175%2F5994%2Fffup7.th.png&hash=72106b77a6d2a284796feed359bd91133700078f) (http://img175.imageshack.us/img175/5994/ffup7.png)

Eh, I think even if you "secure" it, it's still shit, misses out on loads of standards and renders lots of stuff wrong. As a person who's dabbled in web design before, I can tell you that writing extra (WRONG) html just so it'll render corrrectly in IE is annoying (http://getfirefox.eliasalucard.com/).
Title: Re: IE 6 Config. Guide
Post by: :) on November 14, 2006, 03:19:55 PM: really no one tried it or likes it?
Title: Re: IE 6 Config. Guide
Post by: Roph on November 14, 2006, 04:28:49 PM: Quote from: Nouman6
Please dont reply with "use firefox!" imo Firefox is for n**bs.
When computer n00bs around the entire planet all use IE?

All of the things you describe in your post to "secure" IE, firefox and opera do by default.

So basically, it's a guide to make IE act more like firefox except with none of the extra features and all of the bugs :/. I doubt it'd still be safe either, you can do everything in your guide but it's still a deeply embedded part of the OS and still will be running in nothing like a sandbox.
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 12:00:54 AM: Quote from: Silverline on November 14, 2006, 04:28:49 PM

When computer n00bs around the entire planet all use IE?

All of the things you describe in your post to "secure" IE, firefox and opera do by default.

So basically, it's a guide to make IE act more like firefox except with none of the extra features and all of the bugs :/. I doubt it'd still be safe either, you can do everything in your guide but it's still a deeply embedded part of the OS and still will be running in nothing like a sandbox.

man I have nothing against you, but Im not going to waste my time arguing with all the Firefox fan boys:

http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html
Title: Re: IE 6 Config. Guide
Post by: Roph on November 15, 2006, 01:07:20 AM: Your link doesn't work. Server not found.

So you're not going to give any proof how my post was wrong?
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 01:13:10 AM: umm...yes it works are you sure you clicked :

http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html
Title: Re: IE 6 Config. Guide
Post by: haloOfTheSun on November 15, 2006, 01:17:50 AM: Link doesn't work for me either. =\
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 01:25:27 AM: OK idk why but it works for me anyways try:
www.firefoxmyths.com/

if not google "firefox myths" its the first one
Title: Re: IE 6 Config. Guide
Post by: Arrow on November 15, 2006, 01:38:03 AM: It worked for me too...weird.
Title: Re: IE 6 Config. Guide
Post by: &&&&&&&&&&&&& on November 15, 2006, 01:46:07 AM: I'm changing to Firefox
Title: Re: IE 6 Config. Guide
Post by: Arrow on November 15, 2006, 01:55:56 AM: I think I will tomorrow.
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 02:18:32 AM: Quote from: arrowone on November 15, 2006, 01:55:56 AM
I think I will tomorrow.
Quote from: BanisherOfEden on November 15, 2006, 01:46:07 AM
I'm changing to Firefox

wait your changing TO firefox, after all that has been said/shown?
Title: Re: IE 6 Config. Guide
Post by: Roph on November 15, 2006, 02:35:23 AM: Ahaha, so this is where you got all your computer "knowledge"

Nouman6: http://roph.crankeye.org/ie/hax/

I like how on the sources I'm reading that he's linked, the comments are full of reasons why they're flawed.

http://www.positioniseverything.net/explorer.html

http://getfirefox.eliasalucard.com/

Quote
Merv, have you ever developed websites? IE is a fucking NIGHTMARE. Neither 6 nor the 7 Preview make even a half-assed attempt at standards compliance. We get that issue at work all the time - it works flawlessly in Firefox, Opera, Safari, links, whatever.....and IE blows up. If we can get it to work in IE6, it probably won't in 5 or 7. It's like God's punishment for using the Internet or something.

As somebody who's designed sites myself, I can express hate at IE simply failing to work properly. Heck, view this forum's Page source and you'll see It's resorted to a seperate non-standard method of certain stuff, just so it loads ok in IE.
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 02:53:18 AM: You are a very "mature" Administrator. I hope I can leave it at that, but I can't. "Ahaha, so this is where you got all your computer "knowledge"" And the links you showed me were any better as an arguement? your links were the pussiest FF fan club shit I have ever read:

I dare you to go to this website using FIREFOX ( i clicked your link now click mine )
http://xcessinternet.bravepages.com/funnypicture.htm
http://xcessinternet.bravepages.com/funnypicture.htm

I don't get that link you gave me It seems to work in both firefox as well as opera, care to explain why its called IE HAX when it effects your FIrefox also?

http://www.oreillynet.com/windows/blog/2005/02/bad_news_about_firefox_securit.html
http://www.andrewtaylor.me.uk/blog/2005/04/firefox-is-bad/
Title: Re: IE 6 Config. Guide
Post by: &&&&&&&&&&&&& on November 15, 2006, 03:05:45 AM: I like Firefox because it has spell checker and you all know how much that will help me! ;D
If they made IE with spell checker then I would use it...
Title: Re: IE 6 Config. Guide
Post by: Roph on November 15, 2006, 03:11:37 AM: From your own links~

Quote
It's because the Firefox company is evil. They have a monopoly. They don't follow standards. If only they opened up the source-code so that everyone could see the bad code and fix it within mere hours

oh wait

Quote
The IDN "fix" is already in Firefox nightly

Quote
As for IE not being vulnerable, well it is because IE does not implement IDN support. "Secure by absence of implementation" is not the way to go.

The whole lot of comments basically.

I'm uploading a video of me clicking on your deadly link. Nothing wrong happened?

I didn't bother to setup my link (which is why you see the mysql failure messages) all that works is the flash exploit, which works on any flash player out there. It doesn't actually work on me, thanks to flashblock.

[edit] video done ~ http:///roph.crankeye.org/temp/wut.avi
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 03:16:01 AM: cool, video.....your not even on windows..ha no shit serlock it didn't work. As if you need any protection on Linux.
Title: Re: IE 6 Config. Guide
Post by: &&&&&&&&&&&&& on November 15, 2006, 03:20:21 AM: I'm confused... what going on? what about not being in windows?
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 03:27:20 AM: man i wish i could view that website you posted in ie! darn it!

(https://rmrk.net/proxy.php?request=http%3A%2F%2Fi5.photobucket.com%2Falbums%2Fy163%2FNouman6%2Fieworkingg.jpg&hash=ba7945cd5a02c2542de0c3819e62aa475bd2049c)
Title: Re: IE 6 Config. Guide
Post by: haloOfTheSun on November 15, 2006, 03:37:11 AM: I used to use IE 6 only, then got IE 7 and Firefox right after. From using both I can honestly say I like Firefox more, but mainly because it's faster. I know the firefox myths site you posted said it isn't, but that doesn't seem to be the case with me. It takes forever just to open a freaking new tab or window in IE 7, and Firefox does it in a matter of seconds.

As for the rest of the debate here, I don't really care much. I haven't had any major problems using either, but I've been sticking with Firefox more lately.
Title: Re: IE 6 Config. Guide
Post by: Roph on November 15, 2006, 03:47:01 AM: Quote from: Nouman6
your not even on windows..ha no shit serlock it didn't work. As if you need any protection on Linux.

(https://rmrk.net/proxy.php?request=http%3A%2F%2Fimg299.imageshack.us%2Fimg299%2F4057%2Fwinzrt8.th.jpg&hash=049fe26d13a03717255f13699f748a4364e30d36) (http://img299.imageshack.us/img299/4057/winzrt8.jpg)
Title: Re: IE 6 Config. Guide
Post by: haloOfTheSun on November 15, 2006, 03:55:36 AM: I like that winamp skin. <3
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 04:02:21 AM: Quote from: Silverline on November 15, 2006, 03:47:01 AM
Quote from: Nouman6
your not even on windows..ha no shit serlock it didn't work. As if you need any protection on Linux.

(https://rmrk.net/proxy.php?request=http%3A%2F%2Fimg299.imageshack.us%2Fimg299%2F4057%2Fwinzrt8.th.jpg&hash=049fe26d13a03717255f13699f748a4364e30d36) (http://img299.imageshack.us/img299/4057/winzrt8.jpg)

i take back my statement
Title: Re: IE 6 Config. Guide
Post by: Arrow on November 15, 2006, 04:06:27 AM: KEEEEEEERIPES! Why does it matter nouman? You posted your topic, k. Silver said he doesn't like it, k. ARGUMENT WHAAAA?!

CALL THE FIRE DEPARTMENT!

Seriously, net arguments are even lamer than REAL arguments. NOT THAT EITHER OF YOU IS LAME! Just this argument.
Title: Re: IE 6 Config. Guide
Post by: :) on November 15, 2006, 04:09:22 AM: correct arrowone,

sorry Silverline for questioning your admin skills as well as your knowledge of computers. I am just comming to notice this is a common topic in all computer fourms which is always un decided. (firefox vs. IE) they can chage the way people think about others, and I don't know you too much, so I don't want to get off on the wrong foot.
Title: Re: IE 6 Config. Guide
Post by: kronso.23 on November 15, 2006, 07:14:56 AM: Quote from: Nouman6 on November 15, 2006, 02:53:18 AM

I dare you to go to this website using FIREFOX ( i clicked your link now click mine )
http://xcessinternet.bravepages.com/funnypicture.htm
http://xcessinternet.bravepages.com/funnypicture.htm

I went to this site with firefox and IE. IE managed to actually get the virus on my computer, my virus scanner caught it, and removed it. In firefox my virus scanner aborted the connection but NO VIRUS EVEN TOUCHED MY SYSTEM.

Your firefox myths are full of empty claims.

Firefox is the superior browser, when I design websites I have to scream and rip my hair out trying to get things to look good in IE, I have to hack my own websites and write WRONG CODE TO GET IT TO EVEN FUNCTION IN IE. They do not follow standards, and they make it difficult for web designers.

Any browser is better than IE, I don't care what it is. IE blows, period.
Title: Re: IE 6 Config. Guide
Post by: Arrow on November 15, 2006, 07:17:22 AM: Two things: This argument JUST ENDED, dont add fuel to a dying flame. Second, NOT a good way to introduce oneself.
Title: Re: IE 6 Config. Guide
Post by: Blizzard on November 15, 2006, 10:37:55 AM: The very first link works fine for me and here is a screenshot with two vital informations and the marked one is my favorite. ;D

http://img81.imageshack.us/img81/7906/snap65vt9.png

And now...

I USE OPERA, IN YOUR FACE!

BTW, Silvy, you really have so many DVD drives or are these virtual drives? If yes, why do you need so many, BTW? I'm just curious.
Title: Re: IE 6 Config. Guide
Post by: Roph on November 15, 2006, 10:49:33 AM: Uh, a DVD-RW, DVD-ROM, CD-RW and the rest are virtual~
Title: Re: IE 6 Config. Guide
Post by: Malson on December 08, 2006, 12:48:34 AM: I like Firefox because of the endless number of extensions. Opera is good too, but I just prefer Firefox. I don't use IE because lately it's simply been trying to tread in FF and Opera's footsteps, and getting not so much right in the process. That's my two cents, anyway.
Title: Re: IE 6 Config. Guide
Post by: :) on December 08, 2006, 12:51:32 AM: (https://rmrk.net/proxy.php?request=http%3A%2F%2Fi5.photobucket.com%2Falbums%2Fy163%2FNouman6%2FJpmc.png&hash=231ac0721711ce19d51fd4980166e3ddc299d655)

I don't want to start any...you know