Bugtraq mailing list archives
Re: IE5 allows executing programs
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 7 Sep 1999 11:23:17 -0700
A couple of people have sent me mail asking how to set Outlook 2000 such that mail comes in under the 'Restricted Sites' zone. Here's how: select Tools menu, Options item select security tab The area you want is in the middle of the page in the section marked 'Secure Content'. Default setting is 'Internet', which isn't too bad, but 'Restricted Sites' is better. One good reason for this is that most people don't have any sites in 'Restricted Sites' list, so anything you set in that zone won't screw up your normal web browsing. Another good reason is that the default security settings are better for this zone. Even with the 'High Security' settings, I like to go in and tweak the following: Script ActiveX Controls Marked Safe for Scripting - ActiveX seems to be disabled in other places, but go ahead and set this to prompt or disable just in case there is some exception I'm not aware of. Microsoft VM Java Permissions - the sandbox is set to high, but given that every Java VM out there has had a breach or another, and you don't know when the next will show up, I disable this. Who needs dancing bunnies in their e-mail anyway? Scripting, Active Scripting - I set this to disable. I haven't noticed any legitimate e-mail breaking, so I think these changes can be made without impacting anything you or your users might want. Please test this on your own before doing this to lots of machines. YMMV. The above is what I personally do, and may or may not reflect the views of my employer or anyone else. I'm reasonably sure that these settings disallow all of the e-mail attacks (attachments notwithstanding) that I'm aware of, so this should help make your system more secure against not only known attacks, but whole classes of undiscovered issues. I'm not sure what the variants of Outlook allow in this respect - I think the same thing was in Outlook 97, but I don't have it installed so I can't go check. Not sure about Outlook Express, and I don't know how Eudora 4.x works with this, either. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: IE5 allows executing programs David LeBlanc (Aug 30)
- <Possible follow-ups>
- Re: IE5 allows executing programs SysAdmin (Aug 30)
- Re: IE5 allows executing programs Jim Frost (Sep 01)
- Re: IE5 allows executing programs David LeBlanc (Sep 01)
- Re: IE5 allows executing programs Brad Griffin (Sep 02)
- Re: IE5 allows executing programs David LeBlanc (Sep 07)
- re, anti btrom Martin Markovitz (Sep 08)
- Re: IE5 allows executing programs Paul L Schmehl (Sep 08)
- SDI AMD remote exploit for RH linux Thiago (Sep 02)
- Re: IE5 allows executing programs J MacCraw (Sep 07)
- Re: IE5 allows executing programs Jesper M. Johansson (Sep 08)
- Re: IE5 allows executing programs SysAdmin (Sep 08)
- Re: IE5 allows executing programs Haxor, Wikit (Sep 16)
- Two SuSE 6.2 local root exploits Brock Tellier (Sep 16)