Internet security settings for vista

NET Framework client software. Signed code can contain bugs and viruses we hope that these would be unknown to the signer at the time the code was signed , but it is not common.

If you trust the signed code to be non-malicious, you can accept it to run automatically. There have been instances where spyware and adware companies used signed code to distribute their largely unwanted software. Microsoft enables this in all zones, but the Restricted zone. Because of the spyware and adware issues, we suggest this setting be set to Prompt in the Internet zone.

Hackers often take advantage of rarely used, but installed controls. Microsoft has rightly disabled this setting in the Internet and Restricted sites zones. For that reason, Microsoft has correctly disabled them in all security zones except the Local intranet zone. Java applets are even delivered as ActiveX controls, in most cases. Windows uses dozens to hundreds of ActiveX controls.

Most aren't needed in IE and one of the big changes in IE 7 is to not allow any ActiveX control to run in IE by default, except those expressly authorized by the user or admin. This is the opposite behavior for IE 6. This particular setting determines whether or not the user will be prompted by a pop-up dialog box to install an ActiveX control or plug-in. If disabled, the Web site will attempt to download and execute the content, but IE will not prompt the user with a dialog box.

Instead if IE 6. The information bar warning is less obvious than a pop-up dialog box in the middle of the browser window. Microsoft enables this option in the Local intranet zone and disables it in the rest.

How this setting is configured to is up to the user, although I always like to be prompted in an obvious manner for any ActiveX controls that are trying to be installed. Otherwise, a Web site feature may fail and the cause of the failure might not be readily apparent. A binary behavior is a compiled object that can interact directly with the underlying OS.

Its code cannot be read or examined using normal view source commands. They can be used to do many malicious things from a web page. Now, by default, binary behaviors are disabled in the Restricted sites zone, but allowed in the rest.

We believe that binary behaviors are too powerful to be allowed from any Internet site. Accordingly, this option should be set to Disabled or Administrator approved for all zones, unless needed. Microsoft has correctly disabled this setting for all security zones. IE prompts the user to approve on zones except for the Restricted sites. These defaults are acceptable. ActiveX Controls and Plug-Ins-Download Unsigned ActiveX Controls Unsigned ActiveX controls are highly risky and, generally, should be disabled, or set up to prompt if you plan to come in contact with needed unsigned controls.

Microsoft correctly disables them in all zones. The first option determines whether the control can be initialized i. The second option is whether it can be directed by scripting, which means it could have different outcomes based upon the script. If both options are selected, then any web page can invoke them. The idea is that if the vendor determines the control is safe that is, can't be used in a harmful way , then why not let other web pages and programmers re-use the control?

Unfortunately, there is no official guidance or testing tool that a vendor can run to find out if their "safe" control is really safe.

In more than a dozen different exploits over the years, a control marked safe for scripting, was used to do something malicious. In this particular option, IE is asking whether or not to allow web pages to initialize and script controls that are not marked safe?

Considering that controls marked safe for scripting are potentially dangerous, ones that were tested and not found to be safe by their vendors definitely should not be allowed to run. Microsoft disables them in all zones. The default settings are good. It determines whether IE can run ActiveX controls and plug-ins at all, regardless of their safety, and regardless of whether they are signed or unsigned. Disabling this feature defeats many, if not most, exploits that have attacked IE over the years.

Unfortunately, it is such an all-or-nothing proposition that disabling it causes problems with many popular Web sites. Microsoft enables this option by default in all zones, but the Restricted sites zone, where it is disabled. This is an acceptable default.

However, if you are worried about a widespread, malicious IE vulnerability that cannot be stopped by disabling this option, consider disabling this option until a patch or other alternative defense can be applied.

Alternately, IE can be instructed only to allow administrator-approved controls to run. This is one of the toughest calls because ActiveX controls that were thought to be safe for scripting have been involved in many vulnerabilities over the years, but disabling it causes problems with many legitimate Web sites. Microsoft enables it by default in all zones except the Restricted sites zone, where it is disabled. However, if you are worried about a widespread, malicious IE vulnerability that can be stopped by disabling this option, consider disabling this option until a patch or other alternative defense can be applied.

Downloads-Automatic Prompting for File Downloads This setting determines whether the user will be prompted by a pop-up dialog box for normal file downloads. In most cases, the answer should be yes. It is always nice to know when a Web site is trying to download content. If this option is disabled, and the next option is enabled, then the user will download and potentially execute files without a primary acknowledgement although the user may be prompted to confirm a download location.

That particular situation would be harder to defend. Microsoft disables this for all zones, except for the Local intranet. This option should be enabled on all zones. Interestingly, when this setting is disabled, most file downloads still prompt the user before proceeding. Internet Explorer contains a hard coded list of file types by file extension that the warning dialog box cannot be disabled for. They are:. Downloads-File Download Disabling this option prevents all file downloads. If the previous option is enabled, it is usually safe to enable this option.

Microsoft enables this option in all zones, but in the Restricted sites zone where it is disabled. The defaults are acceptable. It is enabled in all zones by default, except the Restricted sites zone where it is set to Prompt. Net Framework Setup If enabled, this will prevent.

NET Framework from being installed. It is enabled in all zones except Restricted sites. Microsoft's default settings are acceptable. Miscellaneous-Access Data Sources Across Domains This setting determines whether a web page can retrieve data from another server located in a different domain.

If set to disabled, it will only allow data to be retrieved from the same server the originating web page is being served from or from another server in the same domain. A few exploits have been accomplished when this setting is enabled. Most Web sites access data on servers in the same domain. If this feature is not needed, keep it disabled.

Microsoft disables it in most zones, but prompts it in the Local intranet zone. The default settings are acceptable in most cases. It can also be used to re-direct a user, without their permission, to another web page. It has been used maliciously many times, but as long as other critical vulnerabilities are patched, there is little risk. Legitimate use of Meta-refreshes is common. Microsoft enables this option in all zones, but the Restricted sites zone. The default option is normally okay.

The Web browser control is a stand-alone ActiveX control that can be used by programmers to add a mini-HTML browser to their application. After a few vulnerabilities were found by enabling this option by default, Microsoft disables it in all zones except for the Local intranet. The default option is acceptable. Unscrupulous web advertisers often make oddly sized browser screens i. It is disabled by default in all zones except Restricted sites.

This is an acceptable default choice. Miscellaneous-Allow Web Pages to Use Restricted Protocols for Active Content You can define, in the zone registry settings, which protocols and port numbers are allowed in a particular zone. Using this setting you can define whether or not Web sites in this zone can use protocols and port numbers not explicitly defined in the registry. Microsoft has this option set to Prompt in most zones, and disabled in the Restricted sites.

The default options are acceptable. This is disabled for Internet and Restricted sites zones, and enabled for Local intranet and Trusted Sites zones. In IE 6, if it was set to Prompt, they could receive the following "Security Information" message on the web pages that contain both secure https and nonsecure http content:. All but the security paranoid disable this feature, even though Microsoft's default on all zones is Prompt.

This option has been enhanced in IE 7 and users will no longer see the mixed-content dialog box prompt shown previously. IE7 will only render the secure content by default, and offers the user the opportunity to unblock the not secure content using the new Information Bar.

If that happens, reboot into Safe Mode with Networking from F8 list of Startup Options , and install, update and scan from there. Was this reply helpful? Yes No. Sorry this didn't help.

Thanks for your feedback. I am trying do disable Windows Vista Internet Security as I am seeing alerts such as "An unidentified program wants access to your computer" and every time I have to click Allow. But when I am in the System properties I see the system is activated. I have Norton and it does not show me any alerts or messages. Scan came out good. Vista security complains for everything I do and I have to give access my clicking Allow.

Browsers store some info—like your search history—to help improve your experience on the web. When you use InPrivate Browsing, info like passwords, search history, and page history is deleted once you close the tab. Select the Tools button , and then select Internet options. Location Services lets sites ask for your physical location to improve your experience.

For example, a mapping site can request your physical location to center the map for you. Internet Explorer will let you know when a site wants to use your location.

When this happens, select Allow once to let a site use your location just one time. If you want the site to use your location each time you visit, select Always allow. If you don't want sites to ask for your physical location, you can turn off location sharing.

Here's how:. Click the Tools button , and then select Internet options. On the Privacy tab, under Location , select the Never allow websites to request your physical location check box. Pop-up Blocker limits or blocks pop-ups on sites that you visit. You can choose the level of blocking you prefer, turn on or off notifications when pop-ups are blocked, or create a list of sites that you don't want to block pop-ups on.

Pop-up Blocker settings only apply to Internet Explorer. Open Internet Explorer, select the Tools button , and then select Internet options. On the Privacy tab, under Pop-up Blocker , select Settings. In the Pop-up Blocker settings dialog box, clear the Show Notification bar when a pop-up is blocked check box. Tracking Protection helps prevent information about your browsing from being sent to third-party content providers on sites you visit.

Far too many ISP help desks, and other computer support providers, were advising users to reduce their security settings as a troubleshooting step, but not telling the user to put them back up again when finished. To combat this forgetfulness and the sneaky behind-the-scenes tricks by the bad guys or antisocial software, the IE team decided it was best to continually warn users if their security settings had been lowered if the change allows arbitrary code to execute.

There is no way to disable this warning via Internet Explorer's user interface, although it is possible to disable it using Group Policy gpedit. The security settings that trigger the alert if lowered are marked with the words "not secure" and "recommended", for example:. Home Page Who owns this site? No content may be reproduced without the express written permission of the author. Last Updated: 17 December, Jump to information about problems with certificates Jump to information about high trust certificates Jump to information about IE7's Fix my Settings Alert "Your security setting level puts your computer at risk" Internet Explorer has always displayed a lock icon on the status bar when we visit a secure site , but the problem has been that, firstly, the icon was not very prominent and was easily missed and, also, it was not easy for an inexperienced user to tell if the certificate being used to trigger the lock matched the site that they were expecting to visit.

By clicking on the padlock next to the address bar when visiting a secure site, we can easily access the most important information about the certificate: Compare the certificate information to the site you are visiting. High trust certificates Internet Explorer introduces support for high-assurance certificates; certificates that are only issued under more rigorous qualifications requirements than standard certificates.