[olug] Luser trickery – Fear not where you click

OLUG Use just4olug at yahoo.com
Mon May 20 18:25:25 UTC 2002


I thought I might take a moment to share with all of you my wife’s secret to
Internet Exploiter (Explorer) security, otherwise known as, “Why I fear not
where I click”.

Put very simply, tell your web browser to trust no one by default.

Using Internet Explorer 5.5 you can do the following:
TOOLS, INTERNET OPTIONS, SECURITY
For the Internet zone, set a custom level.
In the custom level disable things like ActiveX and Active Script. A few
important ones to disable are “Installation of Desktop Items” (for anyone that
has had comet cursor invade their pc this will put an end to that), also
disable “Launching programs and files in an IFRAME).  Disable Active Scripting
and Java Applets.  Set Java Permissions to high safety.  Set user
Authentication to Anonymous login.

Now, you are thinking you can’t do a lot now since all JavaScript is going to
be disabled on every web page you visit.  Especially today when every other web
site requires it, even when it shouldn’t logically be necessary.

Define your “Trusted Sites” (these are the sites you will allow scripts to run)

Every site my wife visits that she knows can be trusted, she adds to the
“Trusted Sites” Internet zone.  To do this, click on the “Trusted Sites” zone
icon, it will open up a dialog box.  Deselect the “Require server verification
(https)” checkbox below the sites list.  Now, if you wish to trust yahoo.com
simply add it to the list like this: *.yahoo.com

By default, JavaScript, Active X, IFRAME, etc are all disabled until you tell
MSIE which sites to trust.  After that, the site will allow those things and
function normally.

This helps to prevent:
1) Mouse trapped by accidentally going to a pr0n site with pop-up banners that
won’t quit.
2) IFRAME exploits from visiting web site or opening an email with offending
code
3) Installation of programs that you probably do not really want, such as Comet
Cursor
4) Those pop-up banner advertisements 
and so on…

The above is only a suggestion.  It costs nothing to implement and requires the
purchase of no additional software tools.  It could potentially prevent your
windowze system from being compromised.  It is why I went to Brian’s virus page
with confidence that it would be absolutely harmless to this windowze computer
(even before knowing that it was actually benign).

Micro$oft Security is without a doubt an oxymoron.  With Linux it is much
easier to recommend this valuable security tip: Don’t surf as root.  I’ve yet
to be exploited on a Linux box simply by surfing the web.

Thank you,

-DW


__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list