Safe use IE browser
Innocent Windows users endure huge pain due to the vulnerability of IE, attacking from the server ------------- Joel Scambray
Compared with the vast number of IE users, the Web server and database server's invasion is clearly attractive to the media's eye. In fact, it is not just IE browser, and many things happened in the client are often forgotten. The point of explanation is that there are many network invasions for some important companies to start from the client.
At the moment, many companies have set up a firewall in order to maintain their own network of networks. Maybe your company is no exception, it is true that the firewall can make an important role in the safe internal environment, but Most firewalls do not limit the external network web access to internal users. Therefore, the data containing malicious code is completely legal in the firewall, and the threat of IE vulnerabilities directly penetrates that there is no safety technology, even even There is almost no safety awareness of the final ordinary user. The vicious incident is often a serialized, and the enemy's fall of the internal users is likely to make your fire-fighting fire wall, so the security door is opened. If your company has done a few advertisements in the central set of advertisements It is likely that there are several media active to make a free advertisement for you.
For the words, users are mainly from four aspects when using IE browser.
1, overflow
Overflow involves some of the basic features of the IE architecture itself, for example, the long URL is used to make supercomputings in an internal buffer containing true data, causing normal code execution interrupts, operating system security warning. Overflow occurs, it can cause the IE browser to generate a denial service, so that the computer crashes, more serious, and performs any code provided by the attacker without interacting with the user.
It usually prevents this threat is to install the latest version of IE and install the latest patches in time.
2, trap link
There are unknown links in many places on the Internet. Before you open them, you don't know what happens, and sometimes you still don't know what happened after you open them. The link is later, which may be an attacker to create a false Bank of Communications for defrauding your account password, although it is displayed in the address bar, it is also possible to be a fake SMB server that wants to get the current user SMB credentials. (Windows often automatically tries to log in as the current user)
Do not click untrusted links, whether it is on the web site, or in an email, this is the principle.
3, read and write local files
Reading local files often occurs when sensitive data such as passwords such as users from the local IE browser, while writing local files often occur because the temporary directory or cache directory occurs in the default location and inappropriate leakage, if Write the file in the temporary directory, which means that this file can be executed and can run in the environment where IE is located.
Change the default location of the temporary directory or cache directory, and make the latest patch to prevent reading and writing local files in time.
4, IE Some functional components are enabled or misuse
ActiveX controls and Java scripts make Web web pages sooth colorful, but viruses, Trojans and other malicious code are often embedded therefrom, and attackers will re-prepare the IE user to perform an attacker. Code
At this time, installing a web firewall anti-virus software is a good idea, in fact, many anti-virus manufacturers also offer such software. However, its limitation is just that there is already a virus, Trojan and malicious code. Many IE own security settings such as "safe zone" can be reduced in macro.
All of the security threats to IE browsers have no exaggeration, then how do you avoid these possible security threats while enjoying Web surfing? Below we talk about the Lord by some of the measures of IE themselves. 1, use safety area
All versions after IE 4.0 provide a good tool for you to safely use the IE browser ------- "Security area," Safe "in the Internet property we can see it, default It contains four different regions, and you can see each detailed explanation on the mouse point. I don't have to tell, this tool is not complicated, and we mainly say something is not common.
In fact, there is also a fifth area in the security zone, this is "My Computer", usually this is unconfilled because it does not have access to this location, but ActiveX controls are actually downloaded by "My Computer". , Not downloaded on the website. It is also possible to set the area of your own personality as needed. IE does not provide a user interface for creating other security zones. At this time, we need to modify the registry.
The relevant content of the secure area is in the following location of the registry. [HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / InternetSettings / Zones The key values here and the representatives are: 0 My Computer 1 Local Intranet2 trusted site 3 Internet4 restricted site
We can create custom security zones by adding more similar sub-keys. The easiest way is that there is any, and then import it after modification. We open] [HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / InternetSoft / ZONES / 4, named 4.Reg, then right click to select Edit, you can open this file.
Windows Registry Editor Version 5.00
] [HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / InternetSettings / ZONES / 4] @ = "" "DISPLAYNAME" = "Limited Site" "Description" = "This area contains websites that may damage your computer or data "" Icon "=" inetcpl.cpl # 00004481 "" currentlevel "= dword: 00000000" minlevel "= dword: 00012000" RecommendedEvel "= dword: 00012000" Flags "= dword: 00000003" 1004 = dword: 00000003 "1004 "= DWORD: 00000003" 1200 "= dword: 00000003" 1201 "= dword: 00000003" 1400 "= dword: 00000003" 1402 "= dword: 00000000" 1406 "= dword: 00000003" 1407 " = DWORD: 00000003 "1601" = DWORD: 00000001 "1604" = dword: 00000001 "1605" = dword: 00000000 "1606" = dword: 00000003 "1607" = dword: 00000003 "1802" = DWord: 00000001 "1803" = dword: 00000003 "1804" = dword: 00000003 "1805" = dword: 00000001 "1A00" = dword: 00010000 "1A02" = dword: 00000003 "1A03" = dword: 00000003 "1C00" = DWORD聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽聽 聽5F, 20, / 17, 2F, 1e, 1a, 19, 0e, 2b, 01, 73, 13, 37, 13, 12, 14, 1a, 15, 39 "1A10" = dword: 00000003 "{A8A88C49-5EB2 -4990-a1a2-0876022c8 54F} "= HEX: 1A, 37, 61, 59, 23, 52, 35, 0C, 7A, 5F, 20, / 17, 2F, 1e, 1a, 19, 0e, 2b, 01, 73, 13, 37 13, 12, 14, 1a, 15, 39 "1608" = dword: 00000003 "1609" = dword: 00000001 "1A04" = dword: 00000003 "1A05" = dword: 00000003 "1A06" = dword: 00000003 actually need us Pay attention to and modify the following lines:
[HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / InternetSettings / Zones / 4] @ = "" DISPLAYNAME "=" Restricted Site "" = "This area contains websites that may damage your computer or data. "" Icon "=" inetcpl.cpl # 00004481 "" CurrentLevel "= dword: 00000000" MinLevel "= dword: 00012000" RecommendedLevel "= dword: 00012000" Flags "= dword: 00000003 the [HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / InternetSettings / Zones / 4] The last 4 is changed to 5, which will make more new security zones.
"DisplayName" is the name of the new area. "Description" provides a description for the new area, "icon" is used to define the icon used by the new area, you can try any value between 4480 to 4490 (the fact that the icon code does not have this limit). You can also use the icon in the system, but use a custom icon, such as "INETCPL.CPL # 00004481" is replaced with "C: /123.ico#0". "Currentlevel", "Minlevel", "Recommendedlevel", is represented by a secure level: 0000000000000000 000000000 000000000 0001000 0001000 00012000 High "flags" After setting the value of the security zone, specifically as follows:
1 Allow Change Custom Settings 2 Allows users to increase the Web site 4 to this area 4 If the HTTP protocol 8 contains the site 16 that can bypass the proxy server, the site 32 is not listed in other regions, does not display this area 64 contains "to the area Site Requirements Server Verification "option. 128 Put the UNC path as the path to the intranet connection.
For example, 0, that is, "My Computer", this area is not displayed, you only need to subtract 0 / Flags value (decimal) 32, you can find that there is more than IE security settings "I Computer". This is the console of IE local privileges, where ActiveX download can be disabled, you can avoid a series of problems that may get local code privileges.
At the right end of the status bar of IE, the icon of the area where the current web page is located. If this icon identifies unknown area, the current web page has information from different regions.
If you are an administrator, or to establish a standardized security setting for IE within a domain, it is recommended that you try IE management kit - IEAK, which can be used to create a custom IE, at http: // Www.microsoft.com/windows/ieak/cn/, you can download this kit and get other more detailed information.
2, use the content review process
The content of the website itself often does not involve security issues, but the Internet often "gambling station and Trojans parallel, color network and virus take off", and attackers will maximize the opportunity to move the browser, for this situation. IE provides "Content Review Function". How to use it will not be described. In the default, IE provides a hierarchical system called RSACI, and the RSACi grading concept is developed by the US Stanford University. It is originally designed for media such as TV film. Language, four categories of violence, divide different categories into 5 points into 5 points, and the greater the level of higher levels of content. At present, the system is being replaced by ICRA, you can download ICRA.rat at http://www.icra.orgra.rat, and import it through the "Section System" in "Content Review", In the "grading system", this is an English, you can get more information on the official homepage of http://www.icra.org, fortunately there is a Chinese traditional version.
3, control ACTIVEX control
All ActiveX controls can use the above way, but for some other users, this may be a bit, it is recommended to use the following approach to control the operation of the ActiveX control:
First, you can try to use the group policy, enter gpedit.msc in the run, in "User Configuration" - "Management Template" - "Windows Components" - "IE" - "Administrator Approved Control" But the controls here are basically Microsoft's own, and add other controls, you need to edit the registration form.
In addition, we can also use the IEAK mentioned above, IEAK will create a list of all controls of a local computer. In this list, we can specify which controls can be run, which controls are forbidden.
For the ActiveX control you want to delete some already downloaded, you can open the Downloaded ProgramFiles directory in the Winnt directory, you can delete it here, you have to remember that the corresponding control is also deleted in the registry, so as not to cause IE collapse.
Deleted controls will be downloaded automatically when you visit the site next time, if you want to make sure that a control will never run, or modify the registry,
Open the registry location:
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / ActiveXCompatibility
Create a new item here, the name is the name of this control (because the name is longer, you can use the keyboard copy control name in the downloaded program files directory in the Winnt directory), create a new DWord called "Compatory Flags" in this key. Value, the value is 1024 (decimal). In this way, this control will never run.
This article wrote a day. I wanted to write here, but suddenly, I want to see how others are safe to use, so I have the following summary. The end may be more appropriate.
1. Use IE to use IE to browse the web without in an important machine.
2, properly set the IE security area.
3. Install Microsoft Office on an important server.
4, do not click on untrusted links.
5. Upgrade the IE patch in time to ensure the 128-bit plus key.
6. Carefully configure the access control of the outbound gateway, block communication outside the security policy.
7. Filtering the filter system in the firewall or gateway can filter the malicious code within the web page.
8, not to browse the web as a privileged account.
