Author Topic: RE the IE Security Zones (also called Web Content Zones)  (Read 4902 times)

0 Members and 1 Guest are viewing this topic.

Offline Brynn

  • Sr. Member
  • ****
  • Posts: 424
    • View Profile
RE the IE Security Zones (also called Web Content Zones)
« on: July 17, 2006, 11:44:27 PM »
Hi Friends,
These are probably simple questions to most of you.  But I've never been clear about it.

A little background:
I have my IE security zones (also called web content zones) set to "maximum paranoia" (also called "locked down" by some).  In other words, I have everything set either to Disable or Prompt in the Internet Zone.  Then whenever I come across a website which I need to see displayed properly, and/or I expect to visit again in the future, AND I trust it, I put it in my Trusted Zone.  I had such a serious problem a couple of years ago that I had to reinstall my OS, and since have been really paranoid.  Even in my Trusted Zone, almost everything is set to Disable or Prompt!

So from the experience of finding websites which don't display properly in the Internet Zone, and entering websites into the Trusted Zone, I have learned, well, a few things, I guess.  Most importantly to this topic, is that it appears to me that every website on the internet uses JavaScript.  I realize this may not be entirely true, but I would hard-pressed to name a website which doesn't use it.

More background:
I Custom configured my Zones following Eric Howes' instructions, and I think it's mitch's Phantom Phixer website also covers this topic.  (My apologies if it's not mitch -- it is a LzD member, but I'm pretty sure it's mitch.)  But even with such great resources, there was still a lot that I did not truly understand.  So there was a good measure of trial and error, as well, involved in configuring my Zones, but guided by those professionals' resources as best I could.

Now 2+ years later, I've run out of patience trying to determine the trustworthiness of almost every single website I come across, then entering them into the Trusted Zone, if I find them trustworthy.  In almost every case, it's the JavaScripted part of a website that doesn't work, which necessitates its entry into the Trusted Zone.  So I really, really, really (really!) would like to allow the JavaScript in the Internet Zone.

Here are my questions:
 1 -- What type of security risk is represented by JavaScript?  What's the worst that could happen by enabling it in the Internet Zone?
 2 -- If I find this to be an acceptable, or otherwise avoidable risk, which Zone setting(s) should I change?  I do have it narrowed down to either "Binary and script behavior" near the top of the list of settings, and/or "Java VM/Java permissions", a little ways below, and/or "Allow scripting of IE Webbrowser control" around the middle of the list, and/or the 3 settings under the heading "Scripting" at the bottom of the list.  I'm just not sure specifically which ones affect JavaScript.

And as always, thanks for your seemingly endless supply of patience, help, and support.
"To sin by silence when they should protest makes cowards of men." - Abraham Lincoln

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: RE the IE Security Zones (also called Web Content Zones)
« Reply #1 on: July 18, 2006, 12:38:20 AM »
well the easy solution is to use firefox with a adon called "no scripts" and you wouldn't have to be changing setting all the time
you can see who the java is from

java can be like a "poor man's active X"
i do not surf in IE
and IE has made it difficult to controll anything

i have never used Opera but maybe it has a easier controll of java?

as long as bad people find ways to use java you can't call it safe !!

sorry, can't think of a good setting for you if you use IE for browsing!!!!

Offline Brynn

  • Sr. Member
  • ****
  • Posts: 424
    • View Profile
Re: RE the IE Security Zones (also called Web Content Zones)
« Reply #2 on: July 18, 2006, 07:22:46 PM »
Well, I probably should have expected that response, lol   :smash:

But even if I got the Firefox with the no script add-on, I still would be unable to view some websites which use JavaScript.  (If I understand you correctly.)  My goal is to be able to see JavaScripted websites, without having to configure IE for each one.

I guess I'm thinking that a lot of people probably never block JS.  And I'm wondering how they get by with it?

Thanks for your comments, mitch.  I do appreciate your opinion, even if it's not what I wanted to hear :D
"To sin by silence when they should protest makes cowards of men." - Abraham Lincoln

Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: RE the IE Security Zones (also called Web Content Zones)
« Reply #3 on: July 18, 2006, 09:31:04 PM »
wrong on the noscripts !!!!!!
i can work cnet and several sites
if the javascript is a link noscripts will allow you to click it
and it tells what it is blocking! and you can choose what you ill allow and if you want it to remember or just temp !!!


it works off of the server, so i can see cnet scripts but not get the doubleclick ones

here are some screenshots
https://addons.mozilla.org/firefox/722/previews/

add on's are easy to install and update with one click !

and there is probably a firefox add on for anything you could want !

go to ghost's site and read how to and about

http://www.bbusa.net/ghost1/ghostsmarkers.html

i have nothing against IE , i still use it when i have to do the "patch tuesday" for XP