In light of the Eudora vulnerability, it probably occured to
people to take control of the 'My Computer' zone in IE4. The
following is based on a bit of toying with regmon and IE4 on NT.
NTregmon, for those of you who don't know it, is a utility from the
sysinternals.com folks to watch registry activity. Most useful.
I've confirmed that enough of these work on my system to have
confidence in it. YMMV.
For IE4, the zones and security settings for
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\ are as follows:
Zone 0 My computer
1 Intranet
2 Trusted Sites
3 Internet
4 restricted Sites
Values
For Enabled/Disabled/Prompt
0x0 Enabled
0x1 Prompt
0x3 Disabled
# 0x2 is unknown
Keys under \...\Internet Settings\Zones\(Zone)
ActiveX controls and Plugins Section
1004 "Download unsigned ActiveX controls"
1405 "Script ActiveX controls marked safe for scripting"
1201 "Initialize and script activeX controls not
marketed as safe"
1001 "Download signed ActiveX controls"
1200 "Run ActiveX controls and plugins"
User Authentication Section
1A00 Logon
0x10000 Prompt
0x0 Automatic
0x20000 Automatic in intranet
0x30000 Anonymous login
Downloads
1604 Font Download
1803 File Download
Java
1C00 Java Permissions
0x30000 Low
0x20000 medium
0x10000 high
0x80000 Custom
0x0 disable
# Custom is not sub-enumerated here.
Miscellaneous
1E05 Software Channel Permissions
Low, medium, high per Java Permissions
1804 Launching applications and files in an IFRAME
1800 Installation of Desktop Items
1601 Submit non-encrypted form data
1802 drag and drop or copy and paste files
All use Prompt, enable, disable standard
Scripting
1402 Scripting of Java applets
1400 Active Scripting
Both use Prompt, enable, disable standard
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:52 PDT