Re: Updating Internet Options using a Script

From: Joe Sodora (sodora_at_aol.com)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 06:56:20 -0700

Than why do they allow these exact same files to be run
from the internet without giving you an error message? Are
files run from the internet safer than local files on your
computer?

Try it yourself. Take simple html file and insert
JavaScript. If you ftp that file to a web site, you will
be able to run it from the web with the default browser
settings. Then try to run that same file from your c:
drive. You will get the security error message.

The fact is once you install any file on your local
computer, you are vulnerable. If you install an exe file,
it can do a lot more damage than an html file with
JavaScript.

But anyway, I'm not looking to argue this point, I looking
for help to get around a problem created by SP2.

Joe

>-----Original Message-----
>> ...The two options "Allow active
>> content from CD's to run on my computer" and "Allow
active
>> content to run in files on my computer" just need to be
>> set. This should be the default settings with SP2.
>
>I (and MS, obviously) disagree. Consider that one
helluva lotta hijackware
>is "drive by" installed under just those settings!
>--
>~PA Bear
>
>Joe Sodora wrote:
>> Robear,
>>
>> Thank you for responding, but I don't think you
understood
>> my question or the situation.
>>
>> (1) I don't want to run a script out of I/E that changes
>> the security settings. I would like to include another
>> file with the setup to do this. This would be the same
as
>> instructing the user to make the changes themselves. I'm
>> trying to make it less confusing for them. Our software
is
>> sold to real estate agents who in turn customize html
>> files and distribute them for free. I don't have contact
>> with the actual end users.
>>
>> (2) It's not a matter of making our application more SP2
>> security compatible. These are local files that contain
>> JavaScript. There is no way to rewrite them and there's
>> nothing unsecure about them. Local files whether they
are
>> run from a browser or not should be considered safe. All
>> local files should be trusted according to the help file
>> for Internet Explorer. Here is an excerpt directly from
>> the I/E help file in the section titled "Understanding
>> Security Zones". "In addition, any files already on your
>> local computer are assumed to be very safe, so minimal
>> security settings are assigned to them. You cannot
assign
>> a folder or drive on your computer to a security zone."
>>
>> The ironic thing is - these same files run just fine
from
>> the internet. It's only when they are on your local PC
>> that you get the error. (How's that for security?) It's
>> actually a problem with SP2. The two options "Allow
active
>> content from CD's to run on my computer" and "Allow
active
>> content to run in files on my computer" just need to be
>> set. This should be the default settings with SP2.
>>
>> Thanks again.
>>
>> Joe Sodora
>>
>>> -----Original Message-----
>>> Joe Sodora wrote:
>>>> Is it possible to update I/E's Internet Options using
a
>>>> separate script file? After installing SP2 on an XP
box,
>>>> I/E does not run local html files containing
JavaScript.
>>>> You have to manually go into the Internet Option
settings
>>>> and check two boxes. Is it possible to have a separate
>>>> script file that will automatically do this? I would
like
>>>> to package such a file with software that we sell.
Thanks.
>>>
>>> That would be defeating the added security features in
SP2, Joe, and I
>>> for
>>> one would not want to use (let alone buy) software
which would do so.
>>> Perhaps you can rework the application to be more SP2
>>> Security-compatible?
>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-Windows (IE/OE), AH-VSOP
>>>
>>> WinXP SP2: What's New for Internet Explorer and
Outlook Express
>>>
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
>>>
>>> What You Should Know About Spyware
>>>
http://www.microsoft.com/athome/security/spyware/deviousso
ftware.mspx
>>>
>>> AumHa Forums
>>> http://forum.aumha.org
>>>
>>> .
>
>.
>

Relevant Pages