For IE malicious modification, the attack method is very many, this article introduces 10 kinds of anti-black skill, certainly will be helpful to you.
1. Manage Cookies Well
In IE6.0, open the tools → Internet Options → secrets dialog box
, this sets the "Block All Cookies", "High", "Medium High", "Medium, Low, accept all cookies six levels (default is" medium "), you can easily set by dragging the slider, and click the" Edit "button below, in the" website address "to enter a specific URL, You can set it to allow or deny them the use of cookies.
2. Disable or restrict the use of Java programs and ActiveX controls
Java, Java applets, and ActiveX scripts are often used in Web pages to get your user ID, IP address, or password, or even install programs or other actions on your machine, so you should respond to Java, Java applet scripts, Restrictions on the use of ActiveX controls and Plug-ins. You can set ActiveX controls and Plug-ins, Java, scripts, downloads, user authentication, and other security options by opening Internet Options → security → custom level. \ \ For some less secure controls or Plug-ins and download operations, should be prohibited, restricted, at least to be prompted.
3. Prevent leaking of your information
By default, users use Web addresses for the first time, form, form of user name and password, agreed to save the password, the next time to enter the same Web page and enter the password, just enter the beginning, the back will be automatically completed, to the user brought convenience, but also left a security risk, But we can fix it by adjusting the setup of the AutoComplete feature. Set the method as follows: Click "Internet Options" → "content" → "autocomplete", and then open the AutoComplete dialog box to select the AutoComplete options you want to use.
Reminder: For security reasons, prevent revealing some of your own information, you should periodically clear the history, by clicking the "clear form" and "Clear password" button in the AutoComplete dialog box.
4. Clear the Visited URLs
In the Internet Options dialog box, under the General tab, click the Purge History button in the history area. To clear only part of the record, click the History button on the IE toolbar, and in the address history in the left column, locate the address or page that you want to clear, right-click, and choose Delete from the pop-up shortcut menu.
5. Clear the Web pages that have been visited
To speed up browsing, IE will automatically save your browsing pages under the cached folder "C:/windows/temporary Internet Files." When you are sure you no longer need to browse the page, select all the pages here and delete them. Or, under the General tab of Internet Options, click the Delete File button in the Temporary Internet Files project, select Delete all offline content in the Open Delete File dialog box, click OK, and this method will leave a little cookie in the folder, This IE6.0 adds a "Delete cookie" button next to the "Delete file" button, which makes it easy to delete the legacy
6. Never afraid of IE home address was modified
As we all know, modifying IE default home address is a common trick for malicious Web pages. When IE is modified, it will automatically connect to the address of the malicious Web page. Common method is to modify the registry, in fact, as long as the simple to IE
Add a parameter, it's no harm 翴 E home page address has been modified. Here are the specific methods and steps.
First, open "My Computer" and find IE's installation directory, where you assume that IE is installed under C:Program filesinternet Explorer. Go to the folder, find the Iexplore.exe file, right click on it, select "Send to → desktop shortcut" in the pop-up shortcut menu, then set up a Iexplore.exe file shortcut on the desktop. If you are careful, you will find that the shortcut you created is named "Iexplore.exe", and the original IE shortcut on the desktop name is "Internet Explorer", both names are not the same, and "connotation" is also different.
To continue our work, right-click the shortcut, select Properties, Pop the Iexplore.exe Properties dialog box, select the Shortcut tab, and then fill in the Target box: "C:Program filesinternet ExplorerIEXPLORE.EXE "-nohome, to Iexplore.exe plus parameter"-nohome ", please note that in the parameter"-nohome "before a space, do not forget, input finished. Click "OK" to exit.
So even if the homepage is modified, open IE is a blank, even About:blank does not show. And this can speed up the start speed, a little ie window immediately jumped out.
We cannot add the above parameters to the shortcut that IE set up for itself during the installation. If you do not believe you can try, with the right mouse click on the desktop of the original IE-built shortcuts, select "Properties", you will find the "target" bar, "Start position" bar, "Shortcut" column and "Run as" column are gray is not selectable state. This is the biggest difference between them! is also the key to this article.
7. Digging IE Local Security configuration options
In IE, you can set the computer security level by clicking "tool →internet option → security", and then it will appear. As you can see from the diagram, we can only set the Internet, the local intranet, the trusted sites, the restricted sites in the security settings. However, Microsoft, which is accustomed to hiding some of its features, is not sure what Microsoft thinks, we play "Hide and seek" games, and here we have another: there is a hidden option here-the security setting for my computer, and if you want to see it, you can do it by modifying the registry.
The following is the specific method: Open the Start Menu "Run", in the pop-up "Run" dialog box, enter Regedit.exe, open Registry Editor, click on the front "+" number in sequence to expand to: Hkey_current_ Usersoftwaremicrosoftwindowscurrentversioninternet Settingszones, in the right window, find the DWORD value "Flags", the default key value is 16 binary 21 (decimal 33), double-click " Flags, turn off Registry Editor by changing its key value to "1" in the pop-up dialog box. No need to restart the computer, open IE again, click the "Tools →internet option → safe" tab, you will see a "My Computer", where you can configure IE's local security.
What's the use of this little trick? Save the following code as an HTML file, and then run the test to know:
Running the HTML file above will open the Calc.exe file under the C:/winnt/system32 folder in your computer! and IE has no hint! Even disabling ActiveX controls in IE's security settings can work! What if it's not a calc.exe file but other malicious files? What if you have a code like this on the page you're browsing? It's dangerous!
This is because IE has two terrible vulnerabilities: can execute arbitrary commands locally, ie ActiveX security settings can be bypassed. In the above code we assign IE a control number ("clsid:88888888-8888-8888-8888-888888888888") that does not exist in the system, IE will attempt to download and install the modified control from the address specified by codebase. According to CodeBase IE found the c:/winnt/system32/calc.exe, then ie began to "download" and install the program. Because Calc.exe is an EXE file, this is tantamount to running the file, so calc.exe is running!
Then why is IE in the "Download installation control" Process does not prompt the user, also does not apply IE security settings in the limited to detect it? This is the ActiveX security settings of IE can be caused by bypassing the vulnerability! The main reason is that IE security settings are for non-local pages or interactive, For local security settings, IE is the most trusted. If you look at the security settings for IE, both on the Internet and on the Web server on the intranet, there is no security setting for local files. Generally speaking, ie to the local security using the principle of maximum trust.
The solution is that we start with the trick: digging out IE Local Security configuration options, that is, to modify the IE security settings on the "My Computer" settings, when selected, disable ActiveX download is all right.
8. Open the Internet Properties window under DOS
Sometimes after browsing some malicious Web pages, will cause IE's Internet Properties dialog box could not open, then we can enter in the DOS window: RunDll3
2.exe shell32.dll,control_rundll inetcpl.cpl Command, you can open the Internet Properties dialog box for IE. Note the case of "Control_RunDLL" and the comma (,) before it, and don't forget. RunDll32.exe is a Windows dynamic link library (DLL) management tool that you can use to execute a function (or function module) in a dynamic-link library under the command line.
The use of RUNDLL32 is as follows: RunDll32.EXE, the following points should be noted:
①dllname (is to make DLL dynamic link library location and filename) directly can not have spaces;
②dllname and entrypoint can only be separated by "," (comma), after the comma can not have spaces, if this error, you will not get any hint;
③optional arguments dynamic link library call parameters, this parameter is very sensitive to case, be careful not to write wrong.
9. To remove IE's Hierarchical audit password
In some cases, our IE will be modified to have a hierarchical audit password, once the grading password is set up, even if the reinstallation of IE is not used. What do we do? Do you want to format the hard drive? I have a good idea here to help you solve this problem.
Go to the registry, find Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpoliciesratings, and here's a primary key called "key," which is the rating-checking password you set, Delete it directly. After the reboot, click the "tools" → "internet Options" → "content" → "grading review", you will find that the hierarchical review password has been reset. You can now just enter a new rating-checking password.
If you are using Windows 9x is simpler, to find the Rating.pol file in the C:windowssystem directory, note that this is a hidden file, delete it directly can solve the problem.
10. Prevent Web page malicious code
Many malicious Web pages have taken a variety of methods to prevent us from viewing its source code in a way that prevents anyone from viewing its code. However, all their efforts may be futile. Because you can easily view its source code in the following ways. Just enter View-source:url in the IE Address bar. For example, you want to see a website http://. The source code, as long as in the IE Address bar input: view-source:http://..., wait a moment will pop up a window, which is the page you want to see the source code. Take a closer look at the inside whether there is a change in the registry or secretly download the file malicious code, if there is not to enter the Web page, very simple? This can not only learn from other people's web page production technology, but also to prevent malicious code in advance, kill both!