In light of the Eudora vulnerability, it probably occured to people to take control of the 'My Computer' zone in IE4. The following is based on a bit of toying with regmon and IE4 on NT. NTregmon, for those of you who don't know it, is a utility from the sysinternals.com folks to watch registry activity. Most useful. I've confirmed that enough of these work on my system to have confidence in it. YMMV. For IE4, the zones and security settings for HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ are as follows: Zone 0 My computer 1 Intranet 2 Trusted Sites 3 Internet 4 restricted Sites Values For Enabled/Disabled/Prompt 0x0 Enabled 0x1 Prompt 0x3 Disabled # 0x2 is unknown Keys under \...\Internet Settings\Zones\(Zone) ActiveX controls and Plugins Section 1004 "Download unsigned ActiveX controls" 1405 "Script ActiveX controls marked safe for scripting" 1201 "Initialize and script activeX controls not marketed as safe" 1001 "Download signed ActiveX controls" 1200 "Run ActiveX controls and plugins" User Authentication Section 1A00 Logon 0x10000 Prompt 0x0 Automatic 0x20000 Automatic in intranet 0x30000 Anonymous login Downloads 1604 Font Download 1803 File Download Java 1C00 Java Permissions 0x30000 Low 0x20000 medium 0x10000 high 0x80000 Custom 0x0 disable # Custom is not sub-enumerated here. Miscellaneous 1E05 Software Channel Permissions Low, medium, high per Java Permissions 1804 Launching applications and files in an IFRAME 1800 Installation of Desktop Items 1601 Submit non-encrypted form data 1802 drag and drop or copy and paste files All use Prompt, enable, disable standard Scripting 1402 Scripting of Java applets 1400 Active Scripting Both use Prompt, enable, disable standard
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:52 PDT