Protection knowledge: 7 anti-black tips for Internet Explorer

Source: Internet
Author: User
Welcome to the Windows community forum and interact with 3 million technical staff to access the malicious modification and attack methods against IE. The seven anti-Black techniques described in this article will certainly help you. 1. Manage cookie6.0, open the "Tools"> "Internet Options"> "privacy" dialog box, and set "block all cookies ",

Welcome to the Windows community forum and interact with 3 million technical staff> go to the malicious modification and attack methods for IE. The seven anti-Black techniques described in this article are as follows, it will certainly help you. 1. Manage cookies in IE6.0. In the "Tools"> "Internet Options"> "privacy" dialog box, "block all cookies ",

Welcome to the Windows community forum and interact with 3 million technicians>

There are many malicious modifications and attack methods against IE. The seven anti-Black techniques described in this article will certainly help you.

1. Manage cookies

In IE6.0, open the "Tools"> "Internet Options"> "privacy" dialog box, the following six levels are set: "block all cookies", "high", "medium", "medium", "low", and "accept all cookies" (the default value is "medium "), you only need to drag the slider to easily set the URL. Click the "edit" button at the bottom and enter a specific URL in "website address, you can set it to allow or deny them from using cookies.

2. Disable or restrict the use of Java programs and ActiveX Controls

Pages often use scripts written in Java, Java Applet, and ActiveX. They may obtain your user ID, IP address, and password, some programs or other operations may even be installed on your machine. Therefore, restrictions should be imposed on the use of Java, Java Applet scripts, ActiveX controls, and ins. Enable "Internet Options"> "security"> "Custom Level ", you can set "ActiveX Control and plug-in", "Java", "script", "Download", "user verification", and other security options. Some unsecure controls, plug-ins, and download operations should be prohibited and restricted. At least prompt should be given.

3. Prevent Information Leakage

If you agree to save the password after using the user name and password of the Web address, form, and form for the first time, you only need to enter the start part when entering the same Web page and password next time, the subsequent steps will be completed automatically, which brings convenience to users, but also leaves security risks. However, we can adjust the settings of the "Automatic completion" function to solve this problem. The setting method is as follows: click "Internet Options"> "content"> "auto complete" in turn, open the "auto complete Settings" dialog box, and select the "auto complete" option to be used.

Reminder: to ensure security, you should regularly clear historical records to prevent information leakage, in the "Automatically complete Settings" dialog box, click "clear form" and "Clear password.

4. Clear the browsed URLs

5. Clear web pages that have been visited

To speed up browsing, IE will automatically save the web page you browsed in the cache folder "C:/Windows

6. Never fear that the IE homepage address will be modified

As we all know, modifying the default IE homepage address is a common method for malicious web pages. After IE is modified, it automatically connects to the address of the malicious webpage. The common method is to modify the Registry. In fact, if you simply add a parameter to IE, you will no longer be afraid that the IE homepage address will be modified. The following describes the specific methods and steps.

First, open "my computer" and find the installation directory of IE. Assume that your IE is installed under C: \ Program Files \ Internet Explorer. The shortcut of the hosts file. If you are careful enough, you will find that you have set up this parameter, which is called "ipolice.exe", and the original IE shortcut name on the desktop is "Internet Explorer". The two names are not only different, but also different in meaning.

In this way, even if the home page is modified, it does not matter. Opening IE is blank, and even about: blank is not displayed. In addition, this can speed up the startup, and an IE window will pop up immediately.

We cannot add the preceding parameters to the shortcut created by IE during installation. If you do not believe it, right-click the shortcut created by IE on the desktop and select "attribute ", the "target" column, "Start position" column, "shortcut key" column, and "running mode" column are unavailable in gray. This is the biggest difference between them! 7. you can click tools> Internet Options> Security in IE to set the computer security level, in security settings, we can only set the Internet, local Intranet, trusted sites, and restricted sites. However, Microsoft, who is used to hiding some of its functions (I really don't know what Microsoft thinks, I used to play "hide and seek" games with us), left another hand here: in fact, there is also a hidden option-"My Computer" Security Settings. If you want to see it, you can modify the Registry to achieve the goal.

The following is a specific method: Open the "Start" menu, click "register RunTime", enter "regedit.exe" in the displayed dialog box, open the Registry Editor, and click "+" to expand to "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows ".

What is the purpose of this tips? Save the following code as an html file. Then, run the following code and you will know: running the above html file will open the calc.exe file under the c:/winnt/system32 file in your computer! And there is no prompt for IE! Even if you disable ActiveX control in IE security settings, the above Code can work! What if it is not a calc.exe file but other malicious files? What if your webpage contains code similar to the above? Dangerous! This is because there are two terrible vulnerabilities in IE: attackers can execute arbitrary commands locally and the ActiveX security settings of IE can be bypassed. In the above Code, we specify a control number ("clsid: 88888888-8888-8888-8888-888888888888) that does not exist in the system for IE ), IE will try to download and install the modification control from the address specified by codebase. According to codebase, IE finds c:/winnt/system32/calc.exe, and then IE starts to "Download" and install the program. Since calc.exeis an EXE file, this is equivalent to running the file. Therefore, calc.exe is run! So why does the Internet Explorer not prompt users during the "download and install controls" process, nor apply restrictions in the IE security settings for detection? This is because the ActiveX security settings of IE can be bypassed! The main reason is that IE security settings are for non-local pages or interactions, and IE is the most trusted for local security settings. If you note that the security settings of IE are for WEB servers on the Internet and Intranet, there is no security settings for local files. In summary, IE adopts the principle of maximum Trust in local security.

The solution is the trick we mentioned at the beginning: dig out the local security configuration options of IE, that is, modify the "my computer" settings in the IE security settings, disabling ActiveX download is all right.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.