Difference between revisions of "Internet Explorer"
Line 1: | Line 1: | ||
− | == | + | == Load Internet Explorer FULL SCREEN in KIOSK MODE == |
When you run Internet Explorer in Kiosk mode, the Internet | When you run Internet Explorer in Kiosk mode, the Internet | ||
Line 14: | Line 14: | ||
{{:Sparse Entry}} | {{:Sparse Entry}} | ||
+ | |||
+ | == Blocking Scripts and XSS filtering with MSIE == | ||
+ | |||
+ | {{:Firefox With NoScript -vs- Microsoft Internet Explorer}} | ||
== Stop Unwanted Toolbars, Disable Addons MSIE 11 == | == Stop Unwanted Toolbars, Disable Addons MSIE 11 == |
Revision as of 14:06, 23 July 2014
Contents
Load Internet Explorer FULL SCREEN in KIOSK MODE
When you run Internet Explorer in Kiosk mode, the Internet Explorer title bar, menus, toolbars, and status bar are not displayed and Internet Explorer runs in Full Screen mode. The Windows 95 taskbar is not displayed, but you can switch to other running programs using the ALT+TAB or CTRL+ALT+DEL key combinations. Because Internet Explorer is running in Full Screen mode, you cannot access the Windows 95 desktop until you quit Internet Explorer.
iexplore.exe -k www.inacomlnk.com iexplore -k \\<server>\<share>\homepage.htm
Note: This page is notably incomplete. You can help. Please contribute by registering your email address and adding your knowledge to this page. The D.U.C.K. wiki was created to be a free informative place that allows an open exchange of accurate information. Learn more... |
Blocking Scripts and XSS filtering with MSIE
Firefox With NoScript -vs- Microsoft Internet Explorer 7
Microsoft's Internet Explorer 7 offers significant security improvements over its deservedly criticized predecessor. But the new IE still does not do enough to protect users.
Microsoft has, in IE 7, locked down some of the problem areas in IE 6. The browser will permit a Web site to nag you only once about installing an ActiveX control, for instance. (Some users will approve an installation simply to get rid of the pop-up windows.)
But malicious scripting attacks remain a big problem. Some miscreant Web sites use scripting code (such as JavaScript) to exploit security holes. This can allow them to perform drive-by installations of spyware or Trojan horse programs. IE 7 has a host of features designed to thwart exploits, including showing a pop-up warning that lets the user know when a site is trying to use scripting. But the new features don't go far enough.
Firefox's NoScript plug-in provides an elegant solution to the problem of malicious scripting. Once installed, NoScript prevents scripting from working at any Web site you visit until you approve it for that particular site. Being able to control scripting on a site-by-site basis with a single mouse click gives you a powerful security advantage.
But instead of the surgical script controls of NoScript, IE 7 still uses the same mud-covered sledgehammer that IE 6 did. Like NoScript, IE lets you block scripting for all sites in the Internet Zone, after which you can enable scripting for a particular site, but getting to the necessary dialog box takes at least six mouse clicks, and you must then enter the site's URL into the Trusted Sites list. It's a hassle most users won't deal with.
Microsoft touts IE 7's Phishing Filter as a significant new security feature, but a recent test of IE 7's filters by researchers at Carnegie Mellon University found that the Phishing Filter caught, at best, 68 percent of the phishing URLs that the researchers threw at the browser. (You can read more about the study's findings "Phinding Phish: An Evaluation of Anti-Phishing Toolbars.") Your best bet: Install an antiphishing toolbar as a safety net. In the CMU tests, SpoofGuard identified 91 percent of phishing sites. EarthLink's free toolbar placed second, with 83 percent accuracy.
None of this means that you shouldn't upgrade to IE 7. The new browser is more secure than IE 6--and given how tightly it's integrated into Windows, that extra protection is critical. Andrew Brandt is a contributing editor for PC World. E-mail him at privacywatch@pcworld.com.
source: PC World. PC World has removed the link destination of this article.
Firefox With NoScript -vs- Microsoft Internet Explorer 8
Microsoft has added NoScript style XSS filtering to Internet Explorer 8. This brings Internet Explorer closer to the security available in Firefox with NoScript. Firefox has this technology which comes as an add-on to Firefox called NoScript.
The XSS Filter added to Internet Explorer is only a black list. The things that Internet Explorer does block are going to be known and high risk XSS attacks. That leaves room for the ones that are unknown no matter how serious the risk. The XSS filter in MSIE only protects against XSS (cross-site scripting) attacks.
The NoScript plugin added to Firefox does more than just protect you from XSS Attacks. NoScript by default blocks every website you visit from running Scripts. This extra layer of protection protects you from a list of other attacks that are carried out using scripts. If you are blocking scripts by default until you allow them for a certain site, then no attack ever takes place.
The new filtering in MSIE 8 has also caused incompatibility with some web sites. Users of MSIE 8 have had to disable the feature to use certain web sites such as company secure file and email systems.
To disable the XSS Filtering ub MSIE 8:
Open Internet Explorer 8
- Click on the Tools Menu,
- Click on Internet Options
- Click on the "Security" tab
- Under the Security Tab, click on the "Internet" Icon (it looks like a picture of earth)
- After selecting the Internet Icon, click on the ‘Custom Level’ button at the bottom
- Scroll down the list of settings and click "Disable" in the Enable XSS Filter option
Click OK to apply the setting and then you can close out of the Internet Options and Relaunch Internet Explorer to be Sure the settings are saved and applied
NoScript plugin writer Giorgio Maone posted a commentary on IE 8's new filters, drawing comparisons to his own widely popular NoScript Firefox plugin. Maone writes:I’m happy to learn that IE8 is going to implement a less ambitious version of a feature which NoScript users have enjoyed for more than one year now.
Stop Unwanted Toolbars, Disable Addons MSIE 11
There are 4 types of add-ons:
- Search Providers. Type a term and see suggestions provided by your search provider.
- Accelerators. Highlight text on a web page and then click the blue Accelerator icon to email, map, search, translate, or do many other tasks.
- Web Slices. Subscribe to parts of a website to get real-time information on the Favorites bar.
- Toolbars. Add features (like stock tickers) to your browser.
Using the Local Group Policy Editor to manage group policy objects
You can use the Local Group Policy Editor to change how add-ons work in your organization. To manage add-ons
In the Local Group Policy Editor, go to Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.
Change any or all of these settings to match your company’s policy and requirements. Turn off add-on performance notifications
Automatically activate newly installed add-ons
Do not allow users to enable or disable add-ons
Go into the Internet Control Panel\Advance Page folder, where you can change: Do not allow resetting Internet Explorer settings
Allow third-party browser extensions
Go into the Security Features\Add-on Management folder, where you can change: Add-on List
Deny all add-ons unless specifically allowed in the Add-on List
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Close the Local Group Policy Editor when you’re done.
ref: http://msdn.microsoft.com/en-us/library/dn454941.aspx