IE restricted areas

[BoardBabe]

How can I implement my list of restricted areas in IE secuirty options during UA setup?

(Don't know the exact translation of the setting, as I'm running .no OS)

[Lazy8]

Takeshi and RogueSpear offered the more elegant solutions here:

http://www.msfn.org/board/index.php?showtopic=64641

...whereas mine offers easier UI for novice users like me to find and change settings. If you go this route, you should be able to find a language version to suit you. Hope this reply addresses your question.

[RogueSpear]

Probably the easiest thing to do is export the registry key for restricted sites to a .reg file and then perform the import during your ua. Restricted sites is

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Cookies (as in cookies to never accept) is

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

and finally, ActiveX controls is

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

I find it convenient to update SpywareBlaster and then export these three keys as they correspond to what SpywareBlaster is actually doing. This way you can import them from cmdlines.txt and know you have at least a minimum amount of protection right from the start.

[BoardBabe]

I knew about the activeX blocker, as I made an app that autoimplements the latest blocklist from spywareguide.com during UA, and checks for updates on run, but not the other two, thank you!

[BoardBabe]

If I add keys under

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

I't does'nt appear under zones. Only If I add under HKU...

-sure its correct with HKLM...?

[RogueSpear]

What appears under Security Zones in the Internet control panel applet, is anything under HKCU. I prefer, and I think it's the better way to go, to put them under HKLM for two reasons - it protects everyone, including service accounts and secondly, the casual user will not see anything under the restricted zone and therefore won't be tempted to remove anything.

Edited January 10, 2006 by RogueSpear

[BoardBabe]

It only appears under HKLM, not HKCU (even after reboot) and not in Security zones options thingy.

[RogueSpear]

So is it working for you under HKLM? I believe that's where both SpywareBlaster and Spybot both place their immunizing registry settings.

[BoardBabe]

SpyWare blaster puts it under HKU\S-1-5-21-xxxx\software...

How can I know if it works or not? I believe not, cause it does not appear in zone list, and are not "copied" to HKCU.

[RogueSpear]

Try this line out:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Yahoo.com]
"*"=dword:00000004

That should put Yahoo in the restricted sites zone.

[BoardBabe]

Yeh, that's what im doing. I exported the regchanges made with SpyWareBlaster found with regshot from HKCU\S-1-5-21....SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\...

Then changed path to above HKLM, however as previously staded this does not add to the list of restricted zones in IE, and does not copy to HKCU\samepath, and I have no idea how to test if a site is really restricted or not.

[boggen]

not sure about registery enteries. old way of putting in restrictions with with lmhosts file located in windows\system32 directory

see lmhosts.sam for sample file and info.

to put in restrticted sites. instead of putting actuall IP to name put in loopback IP

aka

127.0.0.1 nono.com

127.0.0.1 forgetit.com

etc...

when folks attempt to goto site they get url not found.

[BoardBabe]

Any ideas? Im kinda stuck here at HKLM not knowing if things work or not!

[RogueSpear]

@BoardBabe, This is all really puzzling to me. When I repackage SpywareBlaster, the captured registry settings are all within HKLM. Why it is otherwise for you is a mystery to me. I'm not saying you're making a mistake or anything like that, I'm just telling you my results from a repack capture project that I went back and looked at last night. What I can tell you is that I always export these three registry keys after updating both Spybot and SpywareBlaster (they both do immunizing) and import the resulting reg during installs, whether they be from CD/DVD or RIS based. And it certainly works because every now and then I get a call from someone complaining that a site they want to visit shows "Restricted" in the status bar of IE.

@boggen, While it's true that this can work, I always disable LMHOSTS during setup since I also disable NetBIOS. Further, if you wanted to take an approach like that you might better off populating the hosts file with blacklisted sites. Or even better, use a freeware utility called eDexter which is a really small proxy that uses a hosts like file. The difference is that eDexter's blacklist file can use wildcards where hosts cannot. If you do a google search for "ad blocking hosts file" you'll find a lot out there with something like 14,000 sites it blocks. But this comes at a price and that is major, as in severe, performance issues. That's why eDexter is the better solution for that type of blocking.

Edited January 11, 2006 by RogueSpear

[BoardBabe]

Humm I simply did a regshot while "running" SpywareBlaster, and the only changes made were in HKU... but ill try again and see if I can get a different result.

Hmmm would sure like it If I could make an app that autoupdates the def that SpyBot or SpywareBlaster uses and then implements, the same way I did with www.spywareguide.com/blocklist.reg (blocks 3531 atm. activeX controllers). Wouldnt have an idea how to do so?