ICON Logo ICON
"The ICON" Online Newsletter
THE ICON DECEMBER 2004 EDITION
  
<< PREVIOUS   NEXT>>

UNDERSTANDING SECURITY ZONES IN IE

by Mick Topping
 

With Microsoft stuff, you never know for sure, of course, with anything about security, you never know you are right, until you find out it was wrong. But I think I finally figured out how to make some use of the darn Security Zone feature in Internet Explorer. Anyway, here is my current understanding.

In Internet Explorer, (here after known as IE) there is a tools menu (at the top). If you click "Tools", then "Internet Options" there is a tabbed page with lots of choices. If you click the security tab, you get 4 icons, plus a site button, a custom level and default button. The four icons represent the security zones. These "Zones" for security settings: Internet, local area, trusted sites, and restricted sites, each represents the level of trust you have for the web sites in the zone. Each one of these zones has a substantial list of setting choices with it, e.g. "download scripts", "run scripts" .... Each of these items has a selection under it, for things like "enable", "disable", or "prompt"(ask). And the selection of choices are set differently in each zone. So, in the Trusted zone, you can have "Download Scripts" set "enabled", In the Internet Zone, "Download Scripts" set to Prompt, and in the restricted zone, "Download Scripts" disabled. And so on for scripts, downloads, cut-paste etc.. The defaults are probably a pretty good start for setting all these zone settings, but it is nice to know you have a choice. Personally, in my "Internet Zone" I have a few extra things set as "disabled", just to be a little extra safe.

But just setting the control features for each Zone is only a small part of what you should do to protect against malicious web sites. By default, all billion or so web sites are in the Internet Zone. So all sites get treated the same way by your browser. What is supposed to happen, is that professional websites (such as set up by your bank, or stock broker) should (probably) be set to trusted, because they lose money if you are not happy with them, therefore they are less likely to hurt you. Free, marketing-supported, or strange web sites run by folks with unknown motives probably should be left in the Internet zone (or moved on a case-by-case basis). Web sites in foreign countries, like maybe China, or Afghanistan, perhaps should be put in the Restricted zone. (By the way, to find the country codes in the URL, look here http://www.iana.org/cctld/cctld-whois.htm , and look here http://support.microsoft.com/support/kb/articles/Q184/4/56.ASP for instructions on how to use the "*" in the zone lists)

If you select "High" security settings for the Restricted sites zone, You have to realize that many sites will not work well in the restricted zone. When you find such a site, and you want to keep visiting this site, then you must decide, whether to put up with limited function, or move the site to a less restricted zone, or tweak the settings in the zone. When you restrict some of the powerful capabilities of IE, you are missing some features of a web page, but you are also making it harder for hackers to exploit those powerful capabilities.

So how do you select the zone a web site goes in? The reference link above on "*" is good to explain how you actually enter the country code restrictions, but for most web sites, you will visit a site, then if you must decide to change its zone, copy its URL, and then call up the Internet security properties, double clicking the "internet icon" in the lower right corner of IE (or using the tools-options-security menu, or start-settings-controlpanel-internet), then select the zone you want to add it to, click "sites" and paste the URL into the "add" window.

If you are feeling experimental... and lazy... and brave...
On the page http://www.microsoft.com/windows/ie/previous/webaccess/default.asp
just download "Microsoft Internet Explorer 5 Power Tweaks Web Accessories" (even though it says only for IE 5, most of these features work on IE 6 also.) This nifty little addition allows you to quickly add web sites to the "trusted" and "forbidden" zones. (I am NOT responsible if it breaks IE) This tweak modifies your IE menu, adds new choices under tools, to add the current page to either Restricted, or Trusted zones. On the same page, "Internet Explorer 5 Web Accessories" also has some nice features, like the "image-zoom-in" and "image-zoom-out".

These tips and tools are pretty thoroughly tested on Windows XP, but I have not used 95/98/ME for a long time, and I can't really tell how IE changes might work there. For more info, check here: http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx

Mick


<< PREVIOUS NEXT>>
 

Click the month below to view the Table of Contents for that month's issue.
Current Issues
 
Archives
2008
May
April
March
February
January
2007
December
November
October
September
August
July
June
May
April
March
February
January
2006
December
November
October
September
August
July
June
May
April
March
February
January
2005
December
November
October
September
August
July
June
May
April
March
February
January
2004
December
November
October
September
August
July
June
May
April
March
February
January
2003
December
November
October
September
August
July
June
May
April
March
February
January
2002
December
November
October
September
    Copyright © 2002-2003 Interactive Computer Owners Network All Rights Reserved