Re: IE5 allows executing programs

From: David LeBlanc (dleblancat_private)
Date: Tue Sep 07 1999 - 11:23:17 PDT

Next message: Kragen Sitaker: "Re: IE5 allows executing programs"

Previous message: Valentin Nechayev: "Re: Root shell vixie cron exploit"
Next in thread: Kragen Sitaker: "Re: IE5 allows executing programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A couple of people have sent me mail asking how to set Outlook 2000 such
that mail comes in under the 'Restricted Sites' zone.  Here's how:

select Tools menu, Options item
select security tab

The area you want is in the middle of the page in the section marked
'Secure Content'.  Default setting is 'Internet', which isn't too bad, but
'Restricted Sites' is better.  One good reason for this is that most people
don't have any sites in 'Restricted Sites' list, so anything you set in
that zone won't screw up your normal web browsing.  Another good reason is
that the default security settings are better for this zone.  Even with the
'High Security' settings, I like to go in and tweak the following:

Script ActiveX Controls Marked Safe for Scripting - ActiveX seems to be
disabled in other places, but go ahead and set this to prompt or disable
just in case there is some exception I'm not aware of.

Microsoft VM Java Permissions - the sandbox is set to high, but given that
every Java VM out there has had a breach or another, and you don't know
when the next will show up, I disable this.  Who needs dancing bunnies in
their e-mail anyway?

Scripting, Active Scripting - I set this to disable.

I haven't noticed any legitimate e-mail breaking, so I think these changes
can be made without impacting anything you or your users might want.
Please test this on your own before doing this to lots of machines.  YMMV.
The above is what I personally do, and may or may not reflect the views of
my employer or anyone else.

I'm reasonably sure that these settings disallow all of the e-mail attacks
(attachments notwithstanding) that I'm aware of, so this should help make
your system more secure against not only known attacks, but whole classes
of undiscovered issues.

I'm not sure what the variants of Outlook allow in this respect - I think
the same thing was in Outlook 97, but I don't have it installed so I can't
go check.  Not sure about Outlook Express, and I don't know how Eudora 4.x
works with this, either.


David LeBlanc
dleblancat_private

Next message: Kragen Sitaker: "Re: IE5 allows executing programs"
Previous message: Valentin Nechayev: "Re: Root shell vixie cron exploit"
Next in thread: Kragen Sitaker: "Re: IE5 allows executing programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:06 PDT