by February 10, 2005 0 comments



You have a PC and you surf the Internet often. One fine day you discover that your system has been compromised. Spy ware, ad ware, Trojans and what not have made your PC their inalienable home. Shocked, you turn to your trusted anti virus to find that even that does not detect the intruders! Prevention would have been better than cure. It’s not too late and you can still take precautions against future penetrations of your domain. 

A way out if you use IE as your browser, is to install the ‘Internet Explorer Enhanced Security Configuration’ (Control Panel>Add/ Remove Programs>Windows Components). But this is available only on Win XP, 2000 and 2003. Here’s how to secure this browser on other Windows OSs too.

Who’s the enemy?
Let’s start with what you can do, no matter which browser you use. For this you first need to understand what technologies could be used in an attack. Common attack routes are through scripting (JavaScript or VBScript), Java applets and unpatched exploits and vulnerabilities. Human negligence is also made use of in spoofing and phishing attacks. JavaScript and VBScript can be used to access files on your hard disk and even execute them. They can be used to manipulate your Windows Registry. Applets are miniaturized programs, so anything that a Java program can do, an applet may do. Unpatched exploits and vulnerabilities in your browser can help hacker download applications to your system without your knowledge and run them. 

Direct Hit!
Applies to: IE users
USP:
Anti viruses are notoriously unreliable in detecting spy ware. You need to take matters into your own hands
Links:
http://forums.pcquest.com 

In spoofing, the attacker uses a known website’s URL to entice you into a malicious website. Phishing is a variation, where they recreate the website’s look and feel and you tend to reveal sensitive information such usernames, passwords and credit-card numbers. Although these two types, spoofing and phishing are not exactly a problem with your browser, you can modify some settings to protect yourself against them to a large extent.

Zone them out
IE allows you to create ‘zones’. Find this in Control Panel>Internet Properties>Security. You can use the four built-in zones-Internet, Local Intranet, Trusted and Restricted-to their maximum advantage. Each of these are in decreasing order of trust and hence increasing magnitudes of defensive security.

The Restricted zone contains sites that you want to visit but do not trust. Especially if you know there are tons of applets and scripts inhabiting their pages. Trusted sites are the exact opposite of Restricted, containing sites that you trust absolutely. Local Intranet is a further enhancement, and usually contains websites and paths on your local intranet and LAN. Any other websites that you don’t want to classify are placed into the Internet zone-sort of a miscellaneous zone.

Local Intranet
Remember that the attacker would know about this and can get their malicious URL added into the list here. To minimize damage, select the Local Intranet icon and click on Sites. Check OFF all the boxes. Click on Advanced and manually add your PC’s or LAN domain name into the boxes there. Click on OK on two consecutive screens to return.

Trusted sites 
Prepare a list of websites you visit regularly and are trustworthy. Be sure to include your corporate website, e-mail provider’s website and your personal homepages. Take care that you do not list news websites that are usually ridden with unknown-quality advertising. Also take care not to list any underground websites you may visit-these are potential breeding grounds for even computer mal ware. Click on the Trusted Sites icon and then on Sites. First check off the ‘Require server verification (https:) for all sites in this zone’ and manually add each URL (with the relevant HTTP, HTTPS or FTP prefix). If you want to trust an entire set of domains, add a single URL with the ‘*’ wildcard in the appropriate position. For example, to trust both the ‘www.pcquest.com’
and ‘forums.pcquest. com’ sites which would normally be recognized as two different domains, simply enter ‘http://*.pcquest.com’. Click on OK to return.

Secure your browser by turning off things you don’t want the distrusted websites to do

Now, click on the Local Intranet and Trusted Sites icons one by one and then the ‘Default Level’ button. This resets their security settings to IE’s defaults. We now move on to specifying how to handle the unknown (bad) sites.

Internet
Click on the Internet icon and then the Custom Level button. Set everything that indicates ‘script’, ‘download’, ‘install’, ‘ActiveX’ or ‘Java’ to Disable. If you feel that one or more of these would severely affect the performance of more than one of the websites you visit, set the above settings to ‘Prompt’ instead. It is also wise to turn off ‘Meta Refresh’ since this allows a website to arbitrarily redirect you to some other URL-a clear invitation to trouble. 

More configurations
Also visit the ‘Advanced’ tab and check off similar items there (‘Install on demand’ and ‘Third-party browser extensions’ are 
the prime candidates). The complete list of settings you can disable is given on our forum at:
http://forums.pcquest. com/forum/viewtopic.php?p=3817&highlight=#3817.  

Similar things can be done in all browsers today, including Mozilla, FireFox and Opera. But this is not the one and only line of defense. Remember to protect your system with a good and trusted firewall. Windows firewall is already available to you if you use Win XP. Also do a full sweep of your system at least once a month using at least one trusted anti virus and one anti spy ware. 

Sujay V. Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<