Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 3) - Cookie-Handling & ActiveX Opt-In

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/11/2011 9:03:12 AM

Cookie-Handling

Cookies are small files that get written to your computer, as part of your user’s profile, while you are browsing websites on the Internet. They are used to store information about your visit to the website and usually contain information to make your browsing experience more feature rich. While their intent is for good purpose, there are several security issues related to cookies. Cookies can be used to track your actions with the browser, even after you’ve left the website that wrote the cookie. Cookies often contain private information, such as credit card and other financial information, as well as personal preferences and usernames and passwords configured for various sites. Worthy websites that store private information usually encrypt the private data, but often they use weak encryption to keep the processing times to a minimum. This encryption can often be cracked relatively easily.

A cookie gets used, for example, when you personalize a home page—with a greeting that calls you by name, your chosen background color, and additional content that you choose to have on your personalized home page. These choices are stored in a cookie on your computer, and when you return to the personalized web page, the web server reads the cookie from your computer and dynamically constructs your custom web page. These cookies are referred to as persistent cookies because they remain on your computer after you close your browser.

Another example of how a cookie is used is the e-commerce shopping cart. As you peruse a website and select things to purchase, your selected items are written into a cookie on your computer. That way, when you go to the checkout, the website knows what you’ve selected. These cookies are usually deleted when you leave the website and are referred to as session cookies.

Tip

Session cookies are temporary and are deleted from your computer after you leave the website.

Persistent cookies remain on your computer, even after you close your browser. These are generally considered to be the more dangerous of the two to have lying around on your computer.


Two other types of cookies are as follows:

  • First-party cookies— Cookies written by the website you specifically went to.

  • Third-party cookies— Cookies written by some entity other than the website you chose to visit. This is often the result of the desired website selling advertising and tracking access to some marketing company.

You can access the configuration for the cookie handling by accessing the top half of the Privacy tab in Internet Options (from the File menu or the command bar: Tools > Internet Options). Here, by clicking the Settings button, you can identify websites that are always allowed to or restricted from ever using cookies. You can import settings from an Internet Explorer Privacy Preference file. By clicking the Advanced button, you can configure the cookie handling policy for first-party and third-party cookies, as well as enable or disable session cookies. Typical configuration is to allow first-party cookies and session cookies and block third-party cookies. The forth button on this tab resets the configuration parameters back to their default settings.

So, session cookies clean themselves up, and we block all third-party cookies. To minimize the risk of some tracking cookies or exposure of private information stored in encrypted cookies, you would be prudent to periodically delete all cookies.

Caution

Cookies Anyone? When you delete cookies, useful information that gets fed to websites is lost. This information could include username, password, credit card information, and more. Losing this information could be problematic for some users. You may need to re-enter that information the next time you visit the website. Understand the type of data you use in cookies from your browsing habits and requirements and then decide whether you really want to delete this data.


We see how to delete cookies in a few more pages when we look at clearing the browsing history, cached content, cookies, forms data, and saved passwords.

ActiveX Opt-In

ActiveX is what is called “mobile code.” Mobile code is a small program that gets downloaded to each and every client that connects to a website and is then executed on the client computer. ActiveX controls provide feature-rich browsing that enhances the browsing experience. These controls can be infected with malware before being downloaded, and bad guys can attack and take control of these processes.

By default, IE7 disables almost all ActiveX controls and requires explicit user consent before they can be accessed. This way, you allow, or “opt in,” to only the approved and desired ActiveX controls. This protective behavior of IE7 reduces what is called the “attack surface” of your computer.

ActiveX controls are add-ons to the browser. You can access the configuration for ActiveX controls by accessing the Programs tab in Internet Options (from the File menu or the command bar: Tools > Internet Options). By clicking the Manage add-ons button, you can sort and learn more about the add-ons that are available on your computer. You can also download new add-ons or enable, disable, or delete any of the installed add-ons.

Alert

Another area to configure how Internet Explorer handles mobile code is on the Advanced tab of the Internet Options dialog box. Figure 7 shows where you configure numerous security controls, like digital certificate verification processing and displaying notification for script errors.

Figure 7. The Advanced tab in Internet Options allows you to configure security controls for mobile code like scripts and digitally signed applets.



The Security Status Bar

The Security Status Bar (SSB) is built into the address bar at the top of the browser. It provides visual indications to the user to identify various security considerations. During normal browsing, the SSB changes color and displays a lock and messages regarding security reports that are available for the websites. These messages indicate a level of trust for the website.

Note

Check Your Websites Users should always review the entire uniform resource locator (URL) in the address bar to verify that they are actually connected to the website they believe they are.

These features rely on the Phishing filter being enabled. (It is enabled by default on Internet, Local Intranet, and Restricted Sites zones.)


When the address bar is white, there is no information about the website, but the connection is not encrypted. The user should not enter any private data, like a username, password, credit card number, or any other financial data.

When the address bar is green, the website is using an encrypted channel, and the identity of the website has been verified through the use of digital certificates. After you have confirmed that the URL is accurate, it is relatively safe to submit private data.

When the address bar is yellow, the website is considered suspicious. The name on the digital certificate does not match the name of the website, or there may be some other digital certificate validation error. The website may contain content that resembles that of a phishing website. Either disconnect from the website or proceed with caution if you know and trust the website.

When the address bar is red, the website is believed to be a known phishing site. The website has been reported to Microsoft as fraudulent, and there may be verification errors with the digital certificate. It is recommended that you should not proceed or submit any information to this website. If you choose to proceed, the SSB turns red and you can click to view the security warning, as shown in Figure 8.

Figure 8. The Security Status Bar is a visual clue to risky browsing.

Tip

The presence of a gold lock on the SSB indicates that the connection to the website is encrypted. By double-clicking the lock, you can access a security report for the secured website.

Other -----------------
- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 1) - Pop-Up Blocker & Phishing Filter
- Troubleshooting Deployment Issues
- Perform Post-Installation Tasks (part 3) - Managing Computers with Multiple Operating Systems
- Perform Post-Installation Tasks (part 2) - Managing User Data
- Perform Post-Installation Tasks (part 1) - Restoring User State Data & Ensuring Driver Availability
- Deploy Windows Vista from a Custom Image
- Configuring Windows Vista Productivity Applications - Windows Mail
- Configuring Mobile Computers - Configuring Tablet PCs
- Configuring Mobile Computers - Giving Presentations
- Configuring Mobile Computers : File and Data Synchronization
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server