IE 6 Config. Guide

0 Members and 1 Guest are viewing this topic.

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
 IE 6 Configuration made by synja (thanks synja)

Simple ways to prevent malware and lock down IE.
(This assumes you run XP Pro and have NTFS as your filesystem, some or all of these things will work with other configurations, but I can only guarantee XP Pro with NTFS)


1. Remove execute permissions from the local settings folder for the non-admin account you surf the internet on.

Essentially, this tells Windows that it can't run any program located in any of the sub folders. There shouldn't be any programs in there, but malware has a tendency to end up downloaded and executed there. (This will not stop malware from being downloaded and stored, only the execution.

This can be accomplished by navigating to C:..Documents and Setting..Your User Account..

The local settings folder is hidden, so you may have to go to Tools>>Folder Options>>View>> Show hidden files and Folders (This is a good idea to just have on)

Now, right click on the Local Settings folder, select properties, Security tab, and you can now change the permissions for that folder, and the sub folders within. (Keep in mind that sub folders will inherit permisison fromt he parent folder, so be careful about changing random folder attributes)

File and folder permisisons for Windows XP:

http://support.microsoft.com/?kbid=308418


2. Disable ActiveX scripting in IE

This can be done through Tools>>Internet Options in IE.

This is an important menu when configuring IE, not only can you set up your basic security here, but you can also define zones, I will be getting to this shortly.

For now, go to the Security tab. Click on the Internet icon...And click on Custom Settings. This is where we can define our own security settings for IE, for sites we haven't specifically configured things for.

I myself disable everything having to do with ActiveX, although you may want to choose prompt for signed controls. This means that a digital signature form a "trusted" source says that it is safe. When it prompts you, it will tell you who signed it, and you can make you decision based on that.

RIght underneath the ActiveX security options, I also disable both file and font downloads... But you can have it prompt you if you feel comfortable making the decision on your own, if not, just set both to disabled.

3. Miscellaneous security options in IE

While we are in the same dialog we set our ActiveX options in, scroll down and you will find another set of options.

Basically, I set everything to disable except for Software Channel Permissions, which is High Safety. And Submit Nonencrypted Form Data, which is Prompt.

4. Scripting Options

Still in the same dialog, the next group of setting we come to is Scripting Options.

Disable all 3 options.

5. User Authentication

Last option in the current dialog box is User Authentication... I just set this to ask me for username and password.

6. Zones

Now that we have configured the internet zone, it is time to look at trusted and restricted sites. The way I see it, every site needs to be restricted (as our settings for the internet zone show), until there is a serious need to trust it, such as http://housecall.trendmicro.com which is an online antivirus scanner that until recently, only used ActiveX (Now has a Java based scanner as well), and the Microsoft update site at http://update.microsoft.com

In which case, we simply click on Trusted, and follow the same routing we did the first time, giving the trusted sites the permissions they need.

7. Cookies

Now, it's time to move oon to the Privacy tab of the Internet Options dialog box.

Here, we can tell IE how to handle cookies. I use the High setting by default... and simply add custom rules for sites that I trust, by usin the edit button on this dialog box. The edit button brings up a list of sites that you have set rules for, essentially saying either block all cookies or allow all cookies. Add sites and rules as necessary... For example, forums and the like, tend to need cookies.

8. Proxies

If you would like to use a proxy, this can also be configured in the Internet Options dialog box. Tor is a common proxy, and is the basis for the settings I am going to give in this section. You will have to change the values based on your proxy.

Simply go to the Connections tab.

At the bottom, there is a box called LAN Settings, click the button.

Once in the LAN Settings dialog, click on the Use A Proxy Server For Your LAN option. This will allow you access to the proxy settings. On corporate networks, you may find a single proxy that handles all traffic, but we are not corporate, so we are going to configure individual proxies.

I always check the box for Bypass Proxy for Local Connections, as the proxy would interfere with connecting to the machines on my private network.

Now, we can configure the proxy.

Remember, this is based on Tor and may not apply to your proxy, so use some common sense, and if you don't know, please ask before you do something stupid.

Click on Advanced. THis brings up a list of protocols, and allows you to either configure a specific proxy for all of them, or to just use a single proxy for everything.

Tor is a SOCKS proxy, and we will enter the information in the SOCKS area. 127.0.0.1 is the proxy address, and 9050 is the port.

Click ok.. to exit the menu, and ok to exit the previous menu.

9. The Advanced Tab
Here you will find a list of otions that can either be enabled or disabled.

Most of them you can ignore, they will have no bearing on "security" per se... merely the appearance and behavior of IE.

The ones we need to disable (uncheck) are:
Install on Demand Internet Explorer
Install on Demand (other)

Now... we need to make sure that certain ones are checked... scroll down to the Security section at the bottom...

Make sure the following are checked:
Check for publisher's certificate revocation
Check for server certificate revocation
Use integrated Windows Authentication
Use SSL 2.0
Use SSL 3.0
Use TLS 1.0
Warn about invalid site certificates
Warn if changing between secure and not secure mode (not necessary, but most users won't notice the icon that shows a secure connection is in place)
Warn if forms submittal is being redirected.
(credit synja)

Please dont reply with "use firefox!" imo Firefox is for n**bs.
« Last Edit: November 15, 2006, 03:01:22 AM by Nouman6 »
Watch out for: HaloOfTheSun

*
( ´ิ(ꈊ) ´ิ) ((≡^⚲͜^≡)) (ી(΄◞ิ౪◟ิ‵)ʃ)
Rep:
Level 102
(っ˘ڡ˘ς) ʕ•̼͛͡•ʕ-̺͛͡•ʔ•̮͛͡•ʔ (*ꆤ.̫ꆤ*)
2014 Avast Ye Merry Pirate!2013 Avast Ye Merry Pirate Award2012 Avast Ye Merry Pirate AwardFor frequently finding and reporting spam and spam bots2011 Avast Ye Merry Pirate2011 Most Unsung Member2010 Avast Ye Merry Pirate Award
Heh, I was about to reply asking why you just wasted all that time instead of pasting the URL to download firefox.

Why do you think it's for noobs :/



Eh, I think even if you "secure" it, it's still shit, misses out on loads of standards and renders lots of stuff wrong. As a person who's dabbled in web design before, I can tell you that writing extra (WRONG) html just so it'll render corrrectly in IE is annoying.
« Last Edit: November 03, 2006, 07:43:12 PM by Silverline »

bringing sexy back

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
really no one tried it or likes it?
Watch out for: HaloOfTheSun

*
( ´ิ(ꈊ) ´ิ) ((≡^⚲͜^≡)) (ી(΄◞ิ౪◟ิ‵)ʃ)
Rep:
Level 102
(っ˘ڡ˘ς) ʕ•̼͛͡•ʕ-̺͛͡•ʔ•̮͛͡•ʔ (*ꆤ.̫ꆤ*)
2014 Avast Ye Merry Pirate!2013 Avast Ye Merry Pirate Award2012 Avast Ye Merry Pirate AwardFor frequently finding and reporting spam and spam bots2011 Avast Ye Merry Pirate2011 Most Unsung Member2010 Avast Ye Merry Pirate Award
Quote from: Nouman6
Please dont reply with "use firefox!" imo Firefox is for n**bs.
When computer n00bs around the entire planet all use IE?

All of the things you describe in your post to "secure" IE, firefox and opera do by default.

So basically, it's a guide to make IE act more like firefox except with none of the extra features and all of the bugs :/. I doubt it'd still be safe either, you can do everything in your guide but it's still a deeply embedded part of the OS and still will be running in nothing like a sandbox.

bringing sexy back

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?

When computer n00bs around the entire planet all use IE?

All of the things you describe in your post to "secure" IE, firefox and opera do by default.

So basically, it's a guide to make IE act more like firefox except with none of the extra features and all of the bugs :/. I doubt it'd still be safe either, you can do everything in your guide but it's still a deeply embedded part of the OS and still will be running in nothing like a sandbox.

man I have nothing against you, but Im not going to waste my time arguing with all the Firefox fan boys:

http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html
Watch out for: HaloOfTheSun

*
( ´ิ(ꈊ) ´ิ) ((≡^⚲͜^≡)) (ી(΄◞ิ౪◟ิ‵)ʃ)
Rep:
Level 102
(っ˘ڡ˘ς) ʕ•̼͛͡•ʕ-̺͛͡•ʔ•̮͛͡•ʔ (*ꆤ.̫ꆤ*)
2014 Avast Ye Merry Pirate!2013 Avast Ye Merry Pirate Award2012 Avast Ye Merry Pirate AwardFor frequently finding and reporting spam and spam bots2011 Avast Ye Merry Pirate2011 Most Unsung Member2010 Avast Ye Merry Pirate Award
Your link doesn't work. Server not found.

So you're not going to give any proof how my post was wrong?

bringing sexy back

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
Watch out for: HaloOfTheSun

*
Rep:
Level 97
Definitely better than Hitler.
2014 Best Musician2014 Best IRC Chatterbox2013 Funniest Member2013 Best Use of Avatar and Signature Space2013 Best Musician2013 King of RMRKFor the great victory in the Breakfast War.2012 Best Username2012 Best MusicianFor frequent good quality Wiki writing [citation needed]Most entertaining member on the IRC2011 Funniest Member2011 Best Musician2010 Most Missed Member
Link doesn't work for me either. =\
:tinysmile:

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
OK idk why but it works for me anyways try:
www.firefoxmyths.com/

if not google "firefox myths" its the first one
Watch out for: HaloOfTheSun

********
Rep:
Level 96
2011 Most Missed Member2010 Zero To Hero
It worked for me too...weird.

*
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Rep:
Level 96
&&&&&&&&&&&&&&&&&&&&&&&&&&&
GIAW 14: 2nd Place (Hard Mode)2013 Biggest Drama Whore2013 Zero to HeroParticipant - GIAW 11Secret Santa 2013 ParticipantFor taking arms in the name of your breakfast.
I'm changing to Firefox
« Last Edit: November 15, 2006, 01:51:59 AM by BanisherOfEden »
&&&&&&&&&&&&&&&&

********
Rep:
Level 96
2011 Most Missed Member2010 Zero To Hero
I think I will tomorrow.

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
I think I will tomorrow.
I'm changing to Firefox

wait your changing TO firefox, after all that has been said/shown?
Watch out for: HaloOfTheSun

*
( ´ิ(ꈊ) ´ิ) ((≡^⚲͜^≡)) (ી(΄◞ิ౪◟ิ‵)ʃ)
Rep:
Level 102
(っ˘ڡ˘ς) ʕ•̼͛͡•ʕ-̺͛͡•ʔ•̮͛͡•ʔ (*ꆤ.̫ꆤ*)
2014 Avast Ye Merry Pirate!2013 Avast Ye Merry Pirate Award2012 Avast Ye Merry Pirate AwardFor frequently finding and reporting spam and spam bots2011 Avast Ye Merry Pirate2011 Most Unsung Member2010 Avast Ye Merry Pirate Award
Ahaha, so this is where you got all your computer "knowledge"

Nouman6: http://roph.crankeye.org/ie/hax/

I like how on the sources I'm reading that he's linked, the comments are full of reasons why they're flawed.

http://www.positioniseverything.net/explorer.html

http://getfirefox.eliasalucard.com/

Quote
Merv, have you ever developed websites? IE is a fucking NIGHTMARE. Neither 6 nor the 7 Preview make even a half-assed attempt at standards compliance. We get that issue at work all the time - it works flawlessly in Firefox, Opera, Safari, links, whatever.....and IE blows up. If we can get it to work in IE6, it probably won't in 5 or 7. It's like God's punishment for using the Internet or something.

As somebody who's designed sites myself, I can express hate at IE simply failing to work properly. Heck, view this forum's Page source and you'll see It's resorted to a seperate non-standard method of certain stuff, just so it loads ok in IE.
« Last Edit: November 15, 2006, 02:50:39 AM by Silverline »

bringing sexy back

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
You are a very "mature" Administrator. I hope I can leave it at that, but I can't. "Ahaha, so this is where you got all your computer "knowledge"" And the links you showed me were any better as an arguement? your links were the pussiest FF fan club shit I have ever read:

I dare you to go to this website using FIREFOX ( i clicked your link now click mine )
http://xcessinternet.bravepages.com/funnypicture.htm
http://xcessinternet.bravepages.com/funnypicture.htm


I don't get that link you gave me It seems to work in both firefox as well as opera, care to explain why its called IE HAX when it effects your FIrefox also?

http://www.oreillynet.com/windows/blog/2005/02/bad_news_about_firefox_securit.html
http://www.andrewtaylor.me.uk/blog/2005/04/firefox-is-bad/

Watch out for: HaloOfTheSun

*
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Rep:
Level 96
&&&&&&&&&&&&&&&&&&&&&&&&&&&
GIAW 14: 2nd Place (Hard Mode)2013 Biggest Drama Whore2013 Zero to HeroParticipant - GIAW 11Secret Santa 2013 ParticipantFor taking arms in the name of your breakfast.
I like Firefox because it has spell checker and you all know how much that will help me!   ;D
If they made IE with spell checker then I would use it...
&&&&&&&&&&&&&&&&

*
( ´ิ(ꈊ) ´ิ) ((≡^⚲͜^≡)) (ી(΄◞ิ౪◟ิ‵)ʃ)
Rep:
Level 102
(っ˘ڡ˘ς) ʕ•̼͛͡•ʕ-̺͛͡•ʔ•̮͛͡•ʔ (*ꆤ.̫ꆤ*)
2014 Avast Ye Merry Pirate!2013 Avast Ye Merry Pirate Award2012 Avast Ye Merry Pirate AwardFor frequently finding and reporting spam and spam bots2011 Avast Ye Merry Pirate2011 Most Unsung Member2010 Avast Ye Merry Pirate Award
From your own links~

Quote
It's because the Firefox company is evil. They have a monopoly. They don't follow standards. If only they opened up the source-code so that everyone could see the bad code and fix it within mere hours

oh wait

Quote
The IDN "fix" is already in Firefox nightly

Quote
As for IE not being vulnerable, well it is because IE does not implement IDN support. "Secure by absence of implementation" is not the way to go.

The whole lot of comments basically.

I'm uploading a video of me clicking on your deadly link. Nothing wrong happened?

I didn't bother to setup my link (which is why you see the mysql failure messages) all that works is the flash exploit, which works on any flash player out there. It doesn't actually work on me, thanks to flashblock.

[edit] video done ~ http:///roph.crankeye.org/temp/wut.avi

bringing sexy back

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
cool, video.....your not even on windows..ha no shit serlock it didn't work. As if you need any protection on Linux.
Watch out for: HaloOfTheSun

*
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Rep:
Level 96
&&&&&&&&&&&&&&&&&&&&&&&&&&&
GIAW 14: 2nd Place (Hard Mode)2013 Biggest Drama Whore2013 Zero to HeroParticipant - GIAW 11Secret Santa 2013 ParticipantFor taking arms in the name of your breakfast.
I'm confused... what going on? what about not being in windows?
&&&&&&&&&&&&&&&&

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
man i wish i could view that website you posted in ie! darn it!

Watch out for: HaloOfTheSun

*
Rep:
Level 97
Definitely better than Hitler.
2014 Best Musician2014 Best IRC Chatterbox2013 Funniest Member2013 Best Use of Avatar and Signature Space2013 Best Musician2013 King of RMRKFor the great victory in the Breakfast War.2012 Best Username2012 Best MusicianFor frequent good quality Wiki writing [citation needed]Most entertaining member on the IRC2011 Funniest Member2011 Best Musician2010 Most Missed Member
I used to use IE 6 only, then got IE 7 and Firefox right after. From using both I can honestly say I like Firefox more, but mainly because it's faster. I know the firefox myths site you posted said it isn't, but that doesn't seem to be the case with me. It takes forever just to open a freaking new tab or window in IE 7, and Firefox does it in a matter of seconds.

As for the rest of the debate here, I don't really care much. I haven't had any major problems using either, but I've been sticking with Firefox more lately.
:tinysmile:

*
( ´ิ(ꈊ) ´ิ) ((≡^⚲͜^≡)) (ી(΄◞ิ౪◟ิ‵)ʃ)
Rep:
Level 102
(っ˘ڡ˘ς) ʕ•̼͛͡•ʕ-̺͛͡•ʔ•̮͛͡•ʔ (*ꆤ.̫ꆤ*)
2014 Avast Ye Merry Pirate!2013 Avast Ye Merry Pirate Award2012 Avast Ye Merry Pirate AwardFor frequently finding and reporting spam and spam bots2011 Avast Ye Merry Pirate2011 Most Unsung Member2010 Avast Ye Merry Pirate Award
Quote from: Nouman6
your not even on windows..ha no shit serlock it didn't work. As if you need any protection on Linux.


bringing sexy back

*
Rep:
Level 97
Definitely better than Hitler.
2014 Best Musician2014 Best IRC Chatterbox2013 Funniest Member2013 Best Use of Avatar and Signature Space2013 Best Musician2013 King of RMRKFor the great victory in the Breakfast War.2012 Best Username2012 Best MusicianFor frequent good quality Wiki writing [citation needed]Most entertaining member on the IRC2011 Funniest Member2011 Best Musician2010 Most Missed Member
I like that winamp skin. <3
:tinysmile:

pokeball :)OfflineMale
********
Cheese
Rep:
Level 95
?
Quote from: Nouman6
your not even on windows..ha no shit serlock it didn't work. As if you need any protection on Linux.



i take back my statement
Watch out for: HaloOfTheSun

********
Rep:
Level 96
2011 Most Missed Member2010 Zero To Hero
KEEEEEEERIPES! Why does it matter nouman? You posted your topic, k. Silver said he doesn't like it, k. ARGUMENT WHAAAA?!

CALL THE FIRE DEPARTMENT!

Seriously, net arguments are even lamer than REAL arguments. NOT THAT EITHER OF YOU IS LAME! Just this argument.