For Geeks @nd the not so Geeky

Internet Explorer Security and Application Compatibility

Internet Explorer 8 Security Settings

Internet Explorer 8 which comes with Windows 7 offers a whole bunch of new security features some of which are discussed below.

  • Information bar – alerts you to pop-ups, downloads or Active-X installs
  • SmartScreen Filter – protects from known phishing sites masquerading as legitimate sites
  • Protected Mode – protects against websites that try to install malicious software. Prompts for consent if system changes are required.
  • Internet Explorer runs in protected mode by default.
  • Add-on Manager – enable or disable active-X controls
  • Secure Sockets Layer (SSL) – 128 encryption for creating secure connections

All websites by default get added to the Internet Zone. Internet Explorer

Add-ons and Accelerators

Add-ons are optional features that can provide additional functionality to IE8 such as Acrobat Reader for example. Accelerators on the other hand are a special type of add-on that allow users to perform an action against selected text without leaving the website such as e-mailing, mapping or sending a snippet to a blog.

InPrivate Browsing and InPrivate Filtering

Internet Explorer 8 internet and security features include InPrivate Browsing mode which enables you to open a new browser window that is completely isolated and does not contain any browser history, cookies or temporary internet files.

InPrivate Filtering blocks the transmission of website information being sent to third party  sites such as advertisements on websites. InPrivate Filtering needs to be enabled manually each time you start a new browsing session.

Users will be able to navigate back and through the sites they were visiting during a session but all data will be deleted as soon as they close the browser. Be aware that on company websites your browsing history can still be traced and recorded.

To turn off Internet Explorer enhanced security configuration in Windows server 2008 you have to access the Security Information section which can be found in the root folder of server management.

Which Internet Explorer do I Have

If you are on Windows 7 you are more than likely at least running Windows Explorer v8. To verify, just start Windows Explorer and then click the cog wheel or Tools icon situated top right in the menu bar. A menu will drop down where clicking on ” About Internet Explorer” will reveal which Internet Explorer version your computer is running.

Internet Explorer Security Configuration – http://technet.microsoft.com/en-us/library/dd883248.aspx

Configuring Application Compatibility

Shim – temporary system compatibility fix allowing older applications to work with Windows 7

Application Compatibility Toolkit (ACT) – allows for testing the compatibility of applications with Windows 7

ACT – http://technet.microsoft.com/en-us/library/cc749034(WS.10).aspx
http://blogs.technet.com/springboard/archive/2009/04/03/windows-7-application-compatibility-toolkit-5-5-interview-with-Jeremy-Chapman.aspx

Windows XP Mode – provides a fully functional Windows XP SP3 copy running on top of Windows 7 in Windows Virtual PC so programs that are only XP compatible can be run directly from the start menu. Windows XP mode is only available if you are running Windows 7 Professional or higher while having at least 2 GB of RAM and 15 GB extra hard drive space.

Bear in mind that Windows XP mode is only meant to assist organizations in their move from XP to Windows 7 and that XP mode is not intended or optimized for resource hungry programs such as video games. Windows XP mode can be downloaded by accessing the following link www.microsoft.com/windows/virtual-pc/download.aspx

You can use ACT to check Internet Explorer compatibility data and issues.
http://technet.microsoft.com/en-us/library/cc766461(WS.10).aspx

Application Control Policies

application control policies

New in Windows 7 is the ability of an administrator to restrict the install of applications according to an executable’s digital signature.

This basically means that you could allow the install of Office 2010 while disallowing the install of previous Office versions through AppLocker. You can configure AppLocker from the Application Control Policies node of Local Security Policy.

Full Control of Which Programs are Allowed to Run

  • User-Specific Controls – specify rules for a given security group or individual user
  • Stop E-mail attachments from executing
  • Certificate Rules identify software based on the certificate
  • Path Rule – Grant or deny access based on the Universal Naming Convention (UNC) path
  • Network Zone Rule – can be used only for msi packages based on an Internet Explorer network zone
  • Hash rule – checks a preset number of bytes to verify whether a program is allowed to execute

AppLocker Audit Only mode is useful to check which individuals in your company are executing what applications.

Leave a Response