Hello everybody,
For certain performance reasons I HAVE to move back to from IE7 to IE.
I am actually mostly using Firefox, but yet, whenever I use IE6 I want it to be at least as 50% safe as IE7. Especially I want to find a way to block drive-by installs when

navigating infected websites.
Is there a way to configure IE6 in such way that nothing gets installed from browser, or no script will automatically run and install till I give IE6 permission to do that?
Is it possible at all to make IE6 safe?
Any info or links for good articles are deeply appreciated.
Regards.

Maybe you can play around with the Security and Privacy settings within INTERNET OPTIONS in IE

__________________
Watch Movies Free http://www.moviesniffing.net

Hi az0000000,

Yes, it is possible to block drive-by downloads. One product that is supposed to do this is Haute Secure. I've yet to test it against any hostile sites myself, so all I'm going by is hearsay on this one. But it is freeware, and assuming it does what it claims to do, it could be the only companion your firewall needs. I currently use it and Windows Firewall (also my router's firewall), but my main strategy is to lock the kernel. Because I don't use antivirus or antispyware, my machines run faster than Macs, and just as stable. You can learn more about Haute Secure and download it for free http://hautesecure.com/.

A solution I've actually put to the test myself is ScriptScan in McAfee's latest line of security products. Unlike dumb script blockers, which depend entirely on user decisions, McAfee discerns for itself which scripts to allow and which ones to block. Whenever a script tries to create, copy, or modify a file, or open the registry, McAfee blocks it automatically. You can get McAfee SecurityCenter for free if you sign up for an e-mail account with AOL (also free). If you're interested, you can get started http://safety.aol.com/isc/index.adp?.

I've read that Norton and Trend Micro have implemented similar solutions, but have yet to verify this. It's possible that other vendors have followed suit by now, and if not, I imagine they will before much longer. Signature-based detection and heuristics just don't cut it anymore.

Hope this helps!

-santuccie

http://invincible-windows.blogspot.com/

santuccie, thank you for nice reply.
I Assume McAfee SecurityCenter its a suite of apps, so it will be to heavy for my old machine.
Haute Secure is what attracts my attention. I guess i will have to test it, hopefully that its not a resource hog.
Thank you for advice,
Regards.

Hi,

You're very welcome. Yes, SecurityCenter is antivirus, antispyware, and firewall. It's actually not all that heavy, but if your machine is old, it may be too much for it. My grandma's P4 could handle it, but I wouldn't be satisfied with the speed. And when I know how to lock the core, even the lightest antimalware is heavier than none at all. Hopefully Haute Secure works out for you. Cheers!

So, how do you lock the core?

What version of Windows are you running? There is more than one way.

Its win xp pro sp2

Here's the easy way (the way I do it):
- Open "My Computer."
- Click "Tools," then "Folder Options."
- Click the "View" tab.
- Scroll to the bottom of the "Advanced settings" list, and uncheck the "Use simple file sharing (Recommended)" checkbox.
- Click "Apply," then "OK." Now, you can control file/folder access permissions in normal mode.
- Go to C:\WINDOWS.
- Scroll down until you see the "system32" folder. Right-click on "system32," then left-click "Properties."
- Click the "Security" tab.
- Under "Group or user names," make sure "Administrators" is highlighted.
- Check the "Deny" checkbox corresponding with "Full Control." All "Deny" checkboxes will be checked at once.
- Check the "Allow" checkbox corresponding with "Read & Execute." Three "Allow" checkboxes will be checked at once.
- Click "Apply."
- If you get a security warning, click "Yes," then "OK." Otherwise, just click "OK."
- Close the Explorer window.

To unlock the kernel, follow these instructions again, and check the "Allow" checkbox corresponding with "Full Control." All "Allow" checkboxes will be checked at once. Click "Apply," then "OK."

This is all it takes to prevent drive-by malware from accessing the command API. However, if you think you (or someone with physical access to your computer) might be duped into installing a "required codec" to play a media file, or opening an e-mail attachment without first scanning it at http://www.virustotal.com/, you might want to guard the registry as well. This way, you'll have some manner of protection against locally executed malware as well. At http://invincible-windows.blogspot.com/, you will find step-by-step tutorials (complete with screenshots for every single click) for Vista, XP, and 2K.

Very interesting way to protect.
Its first time i hear about that.
Did you realised this genius way alone or did some expert give you this tip?
Locking the kernel like that, will i be able to install software locally my self without unlocking it first? I mean some software usually need to place or modify some files in system or system32 folder, or perhaps in any other folder within Windows directory.
By the way, why not lock the kernel file it self instead of locking entire system32 folder?
Thank you a lot.