This is a spacer. No Picture here. JMU Home  | Accounts Info  | Computing  | Downloads  | Forms  | Passwords  | Self-Help    
Search Computing

» Self-Help
AVP Information Technology
» Computing Support
»» HelpDesk

Computing HelpDesk
- Computing News
- Computer Purchases
- Recommended Software
- Self-Help
- Submit Troublecall
- HW / SW Support Plan

Staff Only
- Frontline Quick Links
- For HelpDesk Staff
- Operational Level Agreemts.

Join our team!
- Student Employment

Contact Us
- helpdesk@jmu.edu
540.568.3555
- Staff

News & Updates
» Computing Quick Start
» System Alerts
» Security and Virus News
» JMU Technical Advisory


Related Links
» Accounts
» HelpDesk
» Passwords
» Self-Help
» Training
» Tutorials


James Madison University

PUBLISHER:
JMU Office of Information Technology
MSC 0602,
Harrisonburg, VA 22807
PHONE: (540) 568-3555


FOR INFORMATION CONTACT:
Computing

Privacy Statement
Last Modified: November 20, 2006

Description of Internet Explorer Security Settings

.NET Framework

Loose XAML

Controls whether Internet Explorer can navigate to and run loose Extensible Application Markup Language (XAML) files.

XAML browser applications

Controls whether Internet Explorer can navigate to and run XAML browser applications (XBAPs).

XPS documents

Controls whether Internet Explorer can navigate to and load XML Paper Specification (XPS) documents.

.NET Framework-reliant components

Run components not signed with Authenticode

Allows you to manage whether unsigned .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. This option will show up only if you installed .NET Framework.

Run components signed with Authenticode

Allows you to manage whether signed .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. This option will show up only if you installed .NET Framework.

XPS documents

Controls whether Internet Explorer can navigate to and load XML Paper Specification (XPS) documents.

ActiveX Controls and Plug-ins

Allow previously unused ActiveX controls to run without prompt

Allow Scriptlets

Download signed ActiveX controls

The first Security Zone setting allows the downloading of signed ActiveX controls to be handled in one of three ways. They can either be disabled all together, happen automatically, or prompt you for action. As with all settings, this affects all web pages on sites within the zone. Signed controls are programs that contain a valid digital signatures, this means that Internet Explorer can identify who wrote the program and if it's been tampered with. If ActiveX controls are downloaded there is always the potential that a malicious program may be downloaded and installed on your computer.

Download unsigned ActiveX controls

This setting is the same as the previous setting except that it allows the downloading of unsigned ActiveX controls. These are programs that don't have a valid digital signature, and that Internet Explorer can't identify who wrote the program or check to see if it's been tampered with, making them even more dangerous than signed ActiveX controls.

Initialize and script ActiveX controls not marked as safe

This setting allows scripts embedded in web pages on sites within zone to interact with ActiveX controls not marked as safe. Unsafe controls are controls that have not been specifically designed to interact with scripts. If allowed there is the potential that a malicious script that interacts with an ActiveX control could be run on your computer.

Run ActiveX controls and plug-ins

This setting allows Internet Explorer to automatically run ActiveX programs on web pages on sites within the zone. If ActiveX controls are allowed to run on your computer, it is possible that a malicious program could be instructed to be run.

Script ActiveX controls marked safe for scripting

This setting allows scripts embedded in web pages on sites within the zone to interact with ActiveX controls marked as safe. Safe controls are ActiveX programs that are specifically designed to interact with scripts. This does not mean that the program is safe; only that the program can safely interact with script. If allowed, a malicious script that interacts with an ActiveX control could be run on your computer.

Downloads

File download

This is a self-explanatory setting that allows you to download files. It is possible that these files could contain malicious code. Make sure that you have Anti-Virus software installed and that your virus definitions are up to date.

Font download

Another self-explanatory setting, it allows fonts to download. It is sometimes needed for a web page to display correctly, if you don't have the font installed on you computer that a particular page uses.

Microsoft VM

Java permissions

This setting allows Java Applets to run outside of the protected area called a sandbox. This allows them to perform high level functions such as accessing the file system and other system resources. They are HTML-based programs built with Java and usually integrated into web pages and run by a browser whenever that page is opened. As with ActiveX controls, if Java Applets are allowed to run on your computer there is possibility that a malicious program could instructed to be run.

Miscellaneous

Access data sources across domains

This setting allows Internet Explorer to access pages that receive data from multiple sources in different domains. If allowed you may get data from sites that you do not necessarily trust.

Allow META REFRESH

The Meta Refresh setting allows you to be redirected from one web page to another after a certain amount of time. If allowed you may get redirected to a web page that you don't want to go to, possibly one that has a malicious program.

Display mixed content

This setting allows you to view a web page that contains both secure (HTTPS) and non-secure (HTTP) content. If allowed it is possible that you could send confidential data over a connection that you believe to be secure, but in reality is not.

Don't prompt for client certificate selection when no certificates or only one certificate exits

This setting determines whether or not you are prompted to select a certificate when you don't have a trusted certificate or only one trusted certificate has been installed on the computer.

Drag and drop or copy and paste files

This setting controls whether you can drag and drop or copy and paste files from a web site to your computer. If you are dragging and dropping or copying and pasting files to your computer, there is the possibility that the file could contain malicious code. Again, make sure that you have Anti-Virus software installed and that your virus definitions are up to date.

Installation of desktop items

This setting controls whether or not users are allowed to install desktop objects from a Web page. These desktop items could be an ActiveX control, which means that they could contain malicious code.

Launching programs and files in an IFRAME

This setting controls whether or not you can download files or run applications from an IFRAME element on a web page if that IFRAME element contains directory or folder references. This setting was in response to a security vulnerability that allowed a malicious web page to read files on your computer, which has since been corrected.

Navigate sub-frames across different domains

Navigating sub-frames across different domains allows Internet Explorer to display sub-frames that originated from different domains. There is a vulnerability that allows a malicious web page to open another browser, another site's main frame, and then set any sub- frames to any web site they want.

Software channel permissions

This setting allows the automatic installation of software updates from web channels within the zone. A software channel is a subscription based service that allows web sites to automatically notify users of software updates and also deliver and install the updates on their computers. If allowed there is the potential that a malicious program may be downloaded and installed on your computer.

Submit nonencrypted form data

This setting allows Internet Explorer to submit non-encrypted form data on sites within the zone. Confidential information may be intercepted by packet sniffing.

Userdata persistence

This setting allows web sites to save a small file to your computer that helps the site remember personal information about you. If you value your privacy, you'll probably want to 'Disable' this setting.

Scripting

Active scripting

This setting allows the execution of Active scripts, programs written in ActiveX, JavaScript, or VBScript. Allowing these scripts, by default, to automatically execute is one of biggest vulnerabilities in Internet Explorer. There is the potential that a malicious program may be executed on your computer. Nimda used Active scripts, to infect people while they were surfing the web.

Allow paste operations via script

This setting controls whether or not scripts are allowed to copy (or cut) and paste information using the clipboard. A malicious script on a web site could access your clipboard's contents and then forward it to another site.

Scripting of Java applets

This setting allows scripts to be embedded in web pages on sites in the zone to access Java Applets. Java Applets are HTML based programs built with the Java programming language that can be integrated into a web page and run by the browser when the page is opened. If scripting of Java applets is allowed, it is possible that a malicious program could be instructed to be run.

User Authentication

Logon

This setting controls how you authenticate to Web sites. The following are the four possible choices for this setting:

Anonymous Logon - Internet Explorer will disable authentication and use the Guest account of the Web server you are visiting for access to the site's resources.
Automatic Logon Only In Intranet Zone - This option allows you to automatically logon to Web sites that are in the Intranet zone that you have setup. You will be prompted for a username and password for all other sites.
Automatic Logon With Current Username And Password - This option automatically logs you on with your current username and password, however, it only works if the Web server you are connecting to supports NT Challenge/Response. If not, you'll be prompted for your username and password.
Prompt For Username and Password - This option, of course, prompts you for your username and password.

Resources used:

http://www.geocities.com/yosponge/ieexpl.html
http://www.usc.edu/hsc/gcrc/IE_Security.pdf