Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). If you would like to see a more comprehensive list of the policy settings that are available, check out the Microsoft TechNet article Group Policy and Internet Explorer 8.īrien M. Windows Components \ Internet Explorer (This setting only applies to the user configuration.) The following Group Policy setting controls the Suggested Sites feature: There have also been allegations that this feature might someday be used to serve targeted advertising, although Microsoft denies these claims. Several websites have raised privacy concerns over this feature because of the way it transmits your browsing history and your IP address to Microsoft for analysis. When you enable the Suggested Sites feature, Internet Explorer suggests other websites that the user might enjoy based on the sites that they have visited. The Suggested Sites feature isn't a security feature, but I felt I should address it anyway. Windows Components \ Internet Explorer \ InPrivateĭisable Toolbars and Extensions When InPrivate Filtering Starts Windows Components \ Internet Explorer \ Delete Browsing History The Group Policy settings that are related to InPrivate Browsing and InPrivate Filtering are as follows: Like InPrivate Browsing, InPrivate Filtering must be enabled and only applies to the current session. It gives users a choice as to the types of information that websites can use to track the user's browsing habits. InPrivate Filtering is a similar feature. When the user enables InPrivate Browsing, Internet Explorer opens a new browser window and does not record the Web pages that are viewed or any searches that are performed during that session. InPrivate Browsing is a new feature that protects the user's privacy. InPrivate Browsing and InPrivate Filtering Windows Components \ Internet Explorer \ Security Features The following Group Policy setting controls it: Internet Explorer 8 resolves these problems and adds Data Execution Prevention capabilities to the browser.ĭata Execution Prevention is enabled by default and enabling it at the higher levels of the Group Policy hierarchy may prevent future malware from disabling it at the local computer level. Using this feature, Windows knows which memory areas code should and should not be executed in and takes steps to prevent code from running in memory locations that should be off limits.ĭata Execution Prevention has been used by 64-bit versions of Windows Vista from the beginning, but Internet Explorer 7 was somehow exempt because of compatibility issues. Windows Vista protects against this type of attack by using Data Execution Prevention. Generally speaking, this type of attack works by inserting malicious code into an unchecked buffer, causing that buffer to overflow into other memory space, where the malicious code can then be executed. One of the most common types of attacks against Windows, over the last several years, has been a buffer overflow attack. Windows Components\Internet Explorer\Internet Control Panel\Security Page\ (There is a separate SmartScreen Filter setting for each Internet Explorer zone). Prevent Bypassing SmartScreen Filter Warnings The Group Policy settings that control the SmartScreen Filter are as follows: The SmartScreen Filter can be used to monitor file downloads as well. As such, Microsoft designed the SmartScreen Filter to identify and completely block websites that are known to be malicious or to block only the malicious portion of an otherwise safe site. As you may be aware, more and more cases are emerging in which malicious files are being posted on otherwise safe sites, such as social networking sites. The SmartScreen Filter is a reputation-based anti-malware component that is designed to complement traditional anti-malware software. The SmartScreen Filter is essentially an enhanced version of the phishing filter that debuted in Internet Explorer 7. The biggest new Internet Explorer 8 (IE8) security feature is the SmartScreen Filter. To find the policy settings that I will be discussing, look under either Computer Configuration \ Administrative Templates or User Configuration \ Administrative Templates within the Group Policy Object Editor.) The SmartScreen Filter Note: I only list partial paths for the Group Policy settings because most of these policies can be applied at both the user and machine levels of the Group Policy hierarchy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |