Internet Explorer Security Zones
Internet Explorer (IE) comes with a group of security settings that can be individually configured by the user. IE sorts all pages into separate categories or “security zones”. Each zone has values for the security settings that are specific to that particular zone. When IE opens a page, it uses the page’s security zone to decide what restrictions to place on any actions that the page can carry out. Normally, the security zone assigned to a page is determined by where the page is located but individual URLs can be assigned to particular zones by the user. The various zones are given in the table below
|Zone type||Location||Default Security level|
|Internet||Default for Internet pages||Medium (IE 6), Medium-High (IE 7)|
|Local Intranet||Corporate or home network||Medium-low (IE 6 , IE 7)|
|Trusted sites||Determined by user||Low (IE 6), Medium (IE 7)|
|Restricted||Determined by user||High (IE 6, IE 7)|
|My Computer||Local machine (not normally visible)||Low in versions before XP SP2|
The zone settings can be displayed and configured through the IE menu Tools-Internet Options-Security. (See this tutorial for details.) The zone for “My Computer” (the local machine) is usually not visible in the settings but it can be made accessible in some older systems. Tables and figures showing the settings and their default values for different versions of IE 6 and for IE 7 are given in the pages 1-7 listed below. These references will help you understand what the zone settings do and help you decide which values are best suited to your own purposes.
- Table of the default settings for security zones
- Comparison of the settings for different IE 6 security zones(prior to Windows XP SP2)
- Description of the “My Computer” or local Internet security zone
- Comparison of the Internet Security Zone settings for different versions of IE 6
- Comparison of the settings for different IE 6 security zones in Windows XP SP2
- Comparison of the settings for different IE 7 security zones
- Comparison of the settings for the Internet security zone in IE 6 and IE 7
Strengthening Security zones in Internet Explorer 6
Configuring the settings in IE is a good security measure but the average PC user will be unfamiliar with many of the settings. As a guide, the next page gives a table of recommendations for the settings for the Internet zone in IE 6. The Internet zone is where most sites, unless specifically placed elsewhere, will be placed. Generally, the average PC user can leave the settings alone for the other zones- Local Intranet, Trusted sites, and Restricted. The local or My Computer zone is accessible only in systems prior to Windows XP SP2 and is treated separately.
Additions in Windows XP Service Pack 2
Several new features have been added to Internet Explorer 6 in XP SP2. They include a pop-up blocker and an add-on manager. These are discussed here.
Strengthening Security zones in Internet Explorer 7
Although a number of security improvements have been made in Internet Explorer 7, there remain the possibilities of security exploits. Here are some recommendations for hardening the defenses of IE 7. There is also a page showing how to easily configure the settings for ActiveX.
What ActiveX means
Since settings for ActiveX controls are part of the security configuration, it pays to have some notion of what ActiveX components do. ActiveX may sound like something from science fiction or some kind of herbal medicine. However, ActiveX controls are Windows components that are implicated in many security problems. Here is a page that gives a simple explanation to help make the reader aware of some of the properties and functions of this type of component.
Alternative to Internet Explorer
Instead of trying to shore up the defenses of Internet Explorer, another path is to switch to a browser without all the ActiveX and other security holes. Firefox is an excellent free alternative and is easy to use. It looks similar to Internet Explorer and has a number of nice features. This page discusses the pros and cons of switching.