Re: Security Zone Alternatives

From: Cycloid Torus (fictitious_at_hotmail.com)
Date: 12/11/04 

Date: Fri, 10 Dec 2004 20:58:48 -0500

Thanks for the suggestion - I bought and installed Norton AV 2004 when I
started using McAfee VirusScan v8 CD for a drink's coaster. I also run
ZoneAlarm, SpyBot Search & Destroy, Spyware Blaster and MailWasher Pro to
check emails before opening anything- all this thru a NAT router. The Norton
Security Scan (available gratis at the link you provided) says I'm fully
stealthed and up to date. Neither this nor Norton IS 2005, however, protects
against the IE6 vulnerabilities.

I am apparently wide open to the exploits identified by Secunia - and I was
hoping I could accomplish something with the security architecture. I just
do not feel that I understand the "Zone" approach well enough and
specifically, the selections via advanced button for the Intranet Zone.

Having a multiple level zone approach makes very good sense to me - as long
as I can keep from doing it wrong.
CT

"Carey Frisch [MVP]" <cnfrisch@nospamgmail.com> wrote in message
news:uauCijs3EHA.3380@TK2MSFTNGP09.phx.gbl...
> Consider installing a first-rate internet security program.
>
> Norton Internet Security 2005
> http://www.symantec.com/sabu/nis/nis_pe/
>
> -- Includes Norton AntiVirus 2005
> -- Includes Norton Personal Firewall
> -- Includes prevention of annoying web pop-ups
> -- Includes Parental Controls
> -- All in one, easy-to-install package
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
>
> Be Smart! Protect Your PC!
> http://www.microsoft.com/athome/security/protect/default.aspx
>
> ----------------------------------------------------------------------------------
>
> "Cycloid Torus" wrote:
>
> | Secunia.com has posted some exploits on their website - and my current
> | configuation "failed" their test (Microsoft Internet Explorer Window
> | Injection Vulnerability and Microsoft Internet Explorer Two
> | Vulnerabilities). For the first, the advice given is good which I
> paraphrase
> | as - "Do not have any other browser windows open when you connect to and
> use
> | a secure site". The "solution" to the second is to keep Internet Zone
> set to
> | "High".
> |
> | Several other security advisories (including the US governement) also
> | recommend setting Internet Zone to "High" - though this makes using most
> | commercial sites in which you can have a relatively good degree of
> | confidence impossible
> |
> | I am wondering if the structure of the IE Security Zones could be better
> | employed. Please comment on the idea (friendly criticism invited - I
> already
> | know I'm ignorant).
> |
> | Set Internet Zone to "High" - go to "Custom" - disable everything except
> | "Pop-up Blocker" (sadly, this means some programs which use ActiveX will
> | stop working - McAfee VirusScan v8 is one such - I failed to find a
> "fix"
> | for this and just "gave up" after weeks of trying)
> |
> | Set Trusted Zone to "Medium" - enter secure (https:) sites into Site
> list
> | (so "who" are you going to trust??)
> |
> | Set Intranet Zone to "Medium" - go to "Custom" and tweak anything that
> looks
> | too permissive (suggestions?) - select Sites and Advanced and enter only
> | those websites in which you have high confidence.
> |
> | Thanks.
> | CT
>

Quantcast