dotRoot Posted July 25, 2005 Share Posted July 25, 2005 Why not just be logged in as a NON admin user account? And only auth as an admin when needed.. 586266544[/snapback] I understand that. Its what I preach is the leading problem of modern Windows security. But there are some users that really do need to run as Admin for certain things. Just because they have to run as Admin, doesn't mean they have to run everything as Admin either. And people that want to just do it because they are lazy and argue "But I have to log out and login as the Admin or Switch User" or whatever, when they don't. Link to comment Share on other sites More sharing options...
STV Posted July 25, 2005 Share Posted July 25, 2005 you didn't really read #2 did you? :sleep: i pity you because I'm in Canada. ;) 586263872[/snapback] Wait a minute. If you're from canada, then shouldnt I pity you. you know...because you're canadian. STV Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 25, 2005 MVC Share Posted July 25, 2005 I understand that. Its what I preach is the leading problem of modern Windows security.But there are some users that really do need to run as Admin for certain things. Just because they have to run as Admin, doesn't mean they have to run everything as Admin either. And people that want to just do it because they are lazy and argue "But I have to log out and login as the Admin or Switch User" or whatever, when they don't. 586268634[/snapback] Name one reason a "USER" would have to have admin rights? If they are running some software that requires permissions that go beyond the normal power user settings. Then these "specific" rights can be given - ie if they need permissions to some reg key, or directory or files.. then they can be given these rights..From a security standpoint you should always use the min required permissions to accomplish the task.. If a user needs permission to \\someshare you don't give them admin rights to server sharing it, etc.. If you have some software the user is running that does not work unless they are admin, I would suggest you grab regmon and filemon from sysinternals and figure out what the software is trying to access.. then give the user the right to do what the software needs.. not admin rights to the whole box.. ;) Link to comment Share on other sites More sharing options...
Simon Veteran Posted July 25, 2005 Author Veteran Share Posted July 25, 2005 (edited) Wait a minute. If you're from canada, then shouldnt I pity you.you know...because you're canadian. STV 586269080[/snapback] Do you have a problem with Canafians? Because if you do, you should realise that that's not what this is about, you aren't funny, and it doesn't matter what country you're from, we're on the saame side here, even though I prefer Canada, that's just because I live here. Steer away from that topic. And if you were trying to be funny, no offense, but you sorta killed the joke. Edited July 25, 2005 by simeandrews Link to comment Share on other sites More sharing options...
dotRoot Posted July 26, 2005 Share Posted July 26, 2005 Name one reason a "USER" would have to have admin rights? I'm not sure why you are argueing with me. I'm not the one that says "You need to run as Admin." All I said is that people do anyway. Link to comment Share on other sites More sharing options...
vhane Posted July 27, 2005 Share Posted July 27, 2005 So anyway, I was wondering, since internet explorer is more compatable than firefox most of the time, I want to feel safe using it. Everytime someone says that I have to cringe. IE more compatible than Firefox? Using what yardstick? Certainly not when the reference point are the w3c standards. As a web developer, I pray for the day that IE either goes away or MS finally fixes it and follow the standards. Would make my job much easier. Imagine not having to write ugly CSS hacks just to support IE. Or is that too much to wish for? Link to comment Share on other sites More sharing options...
Slimy Posted July 27, 2005 Share Posted July 27, 2005 ^ ie is the standard :p Link to comment Share on other sites More sharing options...
vhane Posted July 28, 2005 Share Posted July 28, 2005 ^ ie is the standard :p 586280630[/snapback] No. It does not work that way. You can't code for IE exclusively and ignore standards. IE in its current incarnation won't be here forever and you'd be shooting yourself in the foot if you use it as _the_ standard. IE 7 will hopefully follow standards and that means that something you wrote for IE 6 exclusively may even break in IE 7. Standards outlive products. Link to comment Share on other sites More sharing options...
Slimy Posted July 28, 2005 Share Posted July 28, 2005 lol chill. i mean it in the way that ie is dominating the browser category, making it the standard. i know what you are referring to, just joking. Link to comment Share on other sites More sharing options...
SergeantNoob Posted July 28, 2005 Share Posted July 28, 2005 IE sux, just get firefox, because firefox has in built javascript and activx enabled , making browsing more secure 586274896[/snapback] Gosh, Firefox tards are getting dumber everyday :rolleyes: And IE is THE standard, so why the hell does W3C crap matter anyways? ------------------------------------------ BudMan is right on the ball - RUN AS RESTRICTED USER You will prevent like 50% of all spyware Get SpywareBlaster and a couple of scanners and you are good to go If the program doesn't run under restricted accounts, maybe you need to ditch it and get an alternative app because only crappy programs require admin privileges. Link to comment Share on other sites More sharing options...
Bearded Kirklander Posted July 28, 2005 Share Posted July 28, 2005 In terms of Internet Explorer and security, I try to tighten it up while still allowing for core functionality. But I do turn off interactive scripting and a few things in the default Internet Zone to protect from spyware, and malware and stuff like that. Here's some of the config options I use in the INTERNET ZONE: ActiveX Controls and Plug-InsDownload Signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisableInitialize and script ActiveX controls not marked as safe: DisableRun ActiveX controls and plug-ins: EnableScript ActiveX controls marked safe for scripting: EnableDownloadsFile download: EnableFont download: DisableMicrosoft VMJava permissions: Disable JavaMiscellaneousAccess data sources across domains: DisableAllow META REFRESH: EnableDisplay mixed content: PromptDon't prompt for client cert selection when no certs or only one cert exists: DisableDrag and drop or copy and paste files: EnableInstallation of desktop items: DisableLaunching programs and files in an IFRAME: PromptNavigate sub-frames across different domains: EnableSoftware channel permissions: High safetySubmit nonencrypted form data: EnableUserdata persistence: DisableScriptingActive scripting: DisableAllow paste operations via script: DisableScripting of Java applets: DisableUser AuthenticationLogon: Anonymous logon Under PRIVACY SETTINGS, I select ADVANCED and have the following options checked - no others: Override automatic cookie handling: CHECKEDFirst-party Cookies: BLOCKThird-party Cookies: BLOCK Then under the Web Sites section on that same tab, I add the sites I want to allow, like: sharkyforums.com = Always Allowgoogle.com = Always Allow Under the ADVANCED tab, I will list only those items I have checked or specifically set. If it is not listed below, it is not checked in my config: BrowsingAlways send URL's as UTF-8: CHECKEDClose unused folders in History and Favorites: CHECKEDDisable script debugging: CHECKEDEnable folder view for FTP sites: CHECKEDEnable third-party browser extensions: CHECKEDReuse windows for launching shorcuts: CHECKEDShow friendly HTTP error messages: CHECKEDUnderline links: ALWAYSUse inline AutoComplete: CHECKEDHTTP 1.1 settingsUse HTTP 1.1: CHECKEDMicrosoft VMJIT compiler for virtual machine enabled: CHECKEDMultimediaDon't display online media content in the media bar: CHECKEDShow image download placeholders: CHECKEDShow pictures: CHECKEDSmart image dithering: CHECKEDSearch from the Address barDo not search from the address bar: CHECKEDSecurityCheck for publisher's certificate revocation: CHECKEDEmpty Temporary Internet Files folder when browser is closed: CHECKEDEnable Integrated Windows Authentification: CHECKEDUse SSL 2.0: CHECKEDUse SSL 3.0: CHECKEDWarn about invalid site certificates: CHECKEDWarn if forms submittal is being redirected: CHECKED That should about do it for those settings. At least the ones I have on my system that seem to work for me. That other zone, the Restricted Zone, I pretty much leave alone and just tie Outlook Express 6 to it so that no funny HTML stuff goes on in my email. I also view PLAIN TEXT ONLY in Outlook Express 6 too. That seems to help against those nasty image tricks as well. Link to comment Share on other sites More sharing options...
Bearded Kirklander Posted July 28, 2005 Share Posted July 28, 2005 Another helpful way to secure IE 6 is to use the Maxthon add-in. Maxthon is the updated and modernized version of the MyIE 2 application. Basically, it is an add-on that runs on top of the Internet Explorer engine and provides the user with a wide variety of improvements, including tabbed browsing, page grouping, flash display toggle, ad and pop-up blocking, mouse gestures, support for the Google Toobar plug-in, skins, privacy protection, an RSS feed and a whole lot more. It is to me what Internet Explorer should have and could have been all along. It is really just that good and I could not imagine running IE without it. The home page for the Maxthon program is listed below: http://www.maxthon.com/ If you want to skip right to the Download page, here it is: http://www.maxthon.com/download.htm There are two main packages - the Standard version and the Combo version. I like to use the Standard version because it is a nice minimalistic setup, but if you want the extra plug-ins and skins, you could grab the Combo. MAXTHON OPTIONS SETTINGS One benefit of Maxthon over MyIE 2 is that all of the configuration screens have been merged into a single dialog. MyIE 2 had separate configuration panels that could be somewhat confusiong. Once you open the Maxthon Options screen, you will see a series of categories on the left and the tabbed dialog interface for settings on the right. What I will try to do in the remainder of this section is outline the settings that I find to be most helpful. I'll go through each category and corresponding tabbed dialog, specifying the settings in each. They may not be the exact same settings everyone else finds the most useful, but once they are configured, you can backup the settings and then tinker with them to find just the right balance of form and function for your needs. CATEGORY: GENERAL General Allow only one instance - checked Display animation icon - unchecked Enable boss key - unchecked Show tra icon - unchecked Show all web pages in predefine zoom facter - 100% Disable script error - checked Use flat browser scroll bar - checked Ignore window ID assignment in frames - unchecked Lock home page - checked Add Maxthon User-agent identification - checked When Starting Do not load start page when opened by other program - checked Check for new version - unchecked Chec for new server messages - unchecked Automatically download new security enhancement update - unchecked Check whether Maxthon is the default browser - unchecked When Closing Clean undo list - unchecked Clean address - unchecked Clean search bar history - unchecked Clean history - unchecked Clean cache - checked Clean cokies - unchecked Clean form data - checked CATEGORY: START PAGE Open home page - checked & set to http://www.google.com/ Resume last visited pages - unchecked Open favorites folder - unchecked Open group - unchecked Don't open any page - unchecked CATEGORY: FAVORITES All items listed - unchecked Max menu width - 50 CATEGORY: ADDRESS BAR General - all entries at default Services - empty - all entries removed URL Alias - empty - all entries removed CATEGORY: SEARCH - empty - all entries removed CATEGORY: TAB General After a tab is closed activate: Left Tab Tab bar position: Tab at Top Max number of tabs - 20 Max characters allowed on tabs - 50 Interval between tabs open - 0 seconds Use CTRL-ARROW to browse tabs - checked Use middle mouse scroll button to browse tabs - unchecked Tab Actions - Close Window - Double Left Click Tab Actions - None - Middle Click Tab Actions - None - Right Click and Hold CTRL Show quick close button on tabs - unchecked New Tab Open new tab from - New Address - unchecked Open new tab from - Local Files - unchecked Open new tab from - History - unchecked Open new tab from - Favorites & Links - unchecked Open new tab from - Links in page - unchecked Open new tab from - Home - unchecked Open new tab from - Middle mouse button click on links - checked Open new tab from - Search bar result - unchecked New tab options - CTRL-N - Current tab - checked New tab options - Activate New Tab - checked New tab options - Display New Tab Next to Current Appearance Bold active Tab title - unchecked Use flat button Tab - unchecked Allow Tabs on multiple lines - unchecked Auto adjusting Tab - checked Max Tab width: 107 Min tab width: 106 CATEGORY: POPUPS Show popups in sized tab - unchecked Show popups at fixed position and size - unchecked Activate popups - unchecked Show popups in front of its parent tab - checked Show block bar in popups tab - checked Show notification bar when popups are blocked - unchecked CATEGORY: DOWNLOAD Load Images - checked Load Sounds - unchecked Load Video - unchecked Play Animation - unchecked Allow Scripts - checked Allow Java Applet - checked Allow ActiveX - checked Download Manager - Do Not Use Download Manager Monitor Below Types For Downlaod managers - default (zip, exe, etc.) CATEGORY: SAVE Save Path - Default Save Path - default Save Path - Image Save Path - default Auto Save - Auto Save As - Whole Web Page (.htm, .html) Auto Save - Categorize Pages by Site - unchecked CATEGORY: AD HUNTER General Add Ad Hunter to browser right click menu Enable Web AD Blocker - checked Replace blocked Ad with - unchecked Filter duplicated URL - checked Enable auto popup blocker - checked Enable popup blocker - checked Enable floating Ad blocker - checked Enable unwanted web dialog blocker - checked Play sound when a popup window is blocked - unchecked Popup Filter - Black List and Exceptions List - defaults Content Filter - Black List and Exceptions List - defaults ActiveX Filter - all items left blank CATEGORY: RSS FEED Always open news in new tab - unchecked Automatically update the feed when category changes - unchecked Auto-discover feeds on web pages - unchecked Use tooltip to display feed descriptions - unchecked Notify me when RSS feed is found on web pages - unchecked CATEGORY: MOUSE ACTION General Use mouse gestures - unchecked Show recognized gesture on status bar - unchecked Use Super Drag Drop (only effective on new opened tab) - unchecked Mouse Action Double Click on Tab Bar - File -> New Tab -> Home Double Left Click on Page - blank Gesture - ALL SETTINGS DEFAULT Hold Left Button, Click Right Button - blank Hold Right Button, Click Left Button - blank CATEGORY: KEYBOARD URL Key - ALL SETTINGS DEFAULT CATEGORY: PROXY All Items Removed From List CATEGORY: SKIN Active Skin: No Skin (provides best true tab appearance) CATEGORY: PLUGIN Maxthon Plugin - All Items Removed From List IE Plugin - Enable IE Plugin Support Checked IE Plugin - All Items Removed From List CATEGORY: EXTERNAL TOOL All Items Removed From List CATEGORY: ADVANCED Language - English Browsing - Show Site Favorites Icon on Tab - unchecked Browsing - Close Other Tabs When Launching Groups - checked Browsing - Reload Missing Pictures - unchecked Browsing - Open all links when drop a selection - unchecked Browsing - Custom highlight style in search result - blank Java Virtual Machine - Microsoft Java Virtual Machine - selected Java Virtual Machine - Other Virtual Machine Installed - unselected Show confirmation dialog when - Program Exit - unchecked Show confirmation dialog when - Close All Tabs - unchecked Misc - Add system menu in favorite context menu - unchecked Misc - Show toolbar label - checked Misc - Show side bar button in autho hide mode - unchecked Misc - Show Custom menu items on browser context menu - unchecked Misc - Do not auto-refresh current tab - unchecked Handle other progra's DDE call when Maxthon is running - checked Link to comment Share on other sites More sharing options...
vhane Posted July 29, 2005 Share Posted July 29, 2005 (edited) And IE is THE standard, so why the hell does W3C crap matter anyways? Because the w3c standards show how browsers should behave and how developers should code to achieve desired results. Imagine writing something when no one has defined what different combinations of letters should mean. Reading the words would make no sense to the next person, would it? Without such a standard, one will have no way of telling browsers to behave consistently. Most web developers I know use Firefox/Safari as their prefered browser. They make the site layout with a standards compliant browser first, because that way they see how the site should be looking. Then they test on IE and add CSS hacks to get IE to show the site properly. The end result is that the site should look resonably the same in all browsers. You as a user don't know about the IE's CSS quirks because a developer has sweated over his/her code to cater for IE. IE is _not_ a standard. It is a www browser. It does not attempt to define how things should look. It tries to render content based on the guidelines of the w3c. And it could do a much better job of it. Edited July 29, 2005 by vhane Link to comment Share on other sites More sharing options...
vhane Posted July 29, 2005 Share Posted July 29, 2005 Unlike the IE fanboys, Microsoft admits that IE should support the w3c standards more. From http://www.microsoft.com/windows/IE/ie7/default.mspx: "Internet Explorer 7 will offer customers including: [...] Platform enhancements for developers to improve compatibility and manageability, including improved support for Cascading Style Sheets (CSS) as well as transparent PNG support." The IE 7 Beta 1 technical overview says: "Web developers have expressed some frustration with certain peculiarities in the behavior of Internet Explorer 6, especially in the areas of standards support. [...] In Internet Explorer 7 beta 1, the browser architecture has been reengineered to address compatibility and will offer additional support for popular standards. [...] Internet Explorer 7 is prioritizing compliance to CSS standards by first implementing the features that developers have said are most important to them. [...] The work Microsoft has done includes fixing some positioning and layout issues related to the way Internet Explorer 6 handles <div> tags. The final release of Internet Explorer 7 will focus on improving the developer experience by reducing the time needed for developing and testing on different browsers." Luckily Microsoft is not adopting the head-in-the-sand attitude displayed by some fanboys. They know that developers are frustrated with IE's quirks with regards to CSS handling, and will hopefully fix that once and for all. Link to comment Share on other sites More sharing options...
Simon Veteran Posted July 29, 2005 Author Veteran Share Posted July 29, 2005 Even after securing IE, I got a virus from it today. It might have happened in Firefox too, but I still don't feel safe anymore, boot.ini was an important file... Don't worry, I'm already getting support. Link to comment Share on other sites More sharing options...
Bearded Kirklander Posted July 29, 2005 Share Posted July 29, 2005 I don't know if it really has anything to do with being a fanboy. For a lot of us, we simply have to have IE working for sites that don't work as well or properly without it. Windows Update does not work right for me with Mozilla or Firefox, for example. My online banking sites go wiggy if I don't use IE too. I use it because it's easier than not using it, not because I think it is better. That said, Maxthon does make IE 6 into a much better product, imo, and also imo, holds up well against Firefox and Mozilla. Seems like Maxthon is what IE should have / could have been all along. :) Link to comment Share on other sites More sharing options...
turkishdelight Posted July 29, 2005 Share Posted July 29, 2005 only crappy programs require admin privileges Totally not. In fact, several Windows updates seem to require admin privilages. Many installers for popular apps do as well. On the IE side, Maxthon > bare IE. Tabs, saved sessions, RSS, etc. make it a good choice for those who insist on using IE :) Firefox is still less targeted, though :D As to IE being "the standard," that's completely wrong from my (a webmaster's) point of view. Sure, IE has a ~80% market share, but the W3C is the defining group for just about every web standard. If IE was the standard, we'd all be happily using invalid (X)HTML, <bgsound> tags, ActiveX controls...let's just say it wouldn't be good if Microsoft set the Web standards, hmm? Link to comment Share on other sites More sharing options...
Bearded Kirklander Posted July 30, 2005 Share Posted July 30, 2005 Totally not. In fact, several Windows updates seem to require admin privilages. Many installers for popular apps do as well.On the IE side, Maxthon > bare IE. Tabs, saved sessions, RSS, etc. make it a good choice for those who insist on using IE :) Plus, the integrated ad-blocker stuff is pretty nice, and I like that I can toggle off Flash, Scripting, etc. via the download control button. Very easy to access. Link to comment Share on other sites More sharing options...
STV Posted July 30, 2005 Share Posted July 30, 2005 Do you have a problem with Canafians? Because if you do, you should realise that that's not what this is about, you aren't funny, and it doesn't matter what country you're from, we're on the saame side here, even though I prefer Canada, that's just because I live here. Steer away from that topic.And if you were trying to be funny, no offense, but you sorta killed the joke. 586270004[/snapback] 1. I didnt say anything wrong. 2. he didnt have to come in with his elitest attitude. 3. He didnt have to bring up his nationality. 4. My comment was not ill intended, just sarcastic. As a matter of fact, I dont have a problem with any race, nationality, or ethnicity. STV Link to comment Share on other sites More sharing options...
mr_demilord Posted July 30, 2005 Share Posted July 30, 2005 disable activex and active scripting Link to comment Share on other sites More sharing options...
vhane Posted July 30, 2005 Share Posted July 30, 2005 I don't know if it really has anything to do with being a fanboy. For a lot of us, we simply have to have IE working for sites that don't work as well or properly without it. Windows Update does not work right for me with Mozilla or Firefox, for example. My online banking sites go wiggy if I don't use IE too. I totally respect that. My issue is with people saying that IE is the standard when they have no idea what they are talking about. Link to comment Share on other sites More sharing options...
Bearded Kirklander Posted July 30, 2005 Share Posted July 30, 2005 I totally respect that. My issue is with people saying that IE is the standard when they have no idea what they are talking about. I guess folks could argue that it's "the standard" because it is simply so dominant in terms of market share. There are a lot of sites still tailored specifically for IE even though they violate normal web standards from groups like W3 and what not.To me, it's not worth fighting over. There are alternatives and folks can use what they want. I know that I choose to live with IE and all its flaws because the alternative means more hassle than it is worth at the present time. So, by locking it down and using the Maxthon add-on, I can make it liveable. :) Link to comment Share on other sites More sharing options...
vhane Posted July 30, 2005 Share Posted July 30, 2005 I guess folks could argue that it's "the standard" because it is simply so dominant in terms of market share. There are a lot of sites still tailored specifically for IE even though they violate normal web standards from groups like W3 and what not. From a user's perspective, I can see how people could arrive at this conclusion, based on just marketshare. However, like I said, they have no idea. "Most popular" is not very helpful to developers. We need something that tells us that writing code xxx will affect the rendering in way yyy. The fact the IE sometimes renders zzz ****es off a lot of web developers (those that have made it their business to learn how CSS works for example). We rely on standards and protocols to achieve consistency. That's our bread and butter. In order to work with IE, one sometimes has to find out how/why the rendering differs, then write an IE-only hack to fix the display. And the IE users can go on blissfully unaware and write in forums how IE is the standard... What we do know about IE's rendering flaws has come from experimentation, not from a standards document written by Microsoft. And hence it cannot be argued that developers should follow IE's way (it's not been defined, we aren't told how to). From our perspective, we should not have to fart around and try to reverse engineer a product to figure out why it is not behaving in the expected manner. The vendor of that product should ensure that it follows the standards. Microsoft will hopefully walk the talk with IE 7 and do just that. Link to comment Share on other sites More sharing options...
Bearded Kirklander Posted July 30, 2005 Share Posted July 30, 2005 I'm not about to criticize anyone for programming their pages to fit the defacto standard. If a browser has 80% plus market share, it could be argued that someone would be a fool to not give that some consideration. I don't make the rules, I just browse and use what I have to use to get things to work. I'm not gonna hold a grudge or judge folks for trying to do what they have to do in order to get by - at least when it comes to something like web browsing. :) Link to comment Share on other sites More sharing options...
Recommended Posts