MORE INFORMATION
For more information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base:
129972
Computer viruses: description, prevention, and recovery
Privacy in Internet Explorer 6
Internet Explorer 6 added a Privacy tab to give users more
control over cookies. There are different levels of privacy on the Internet
zone, and they are stored in the registry at the same location as the security
zones.
You can also add a site to allow or to block cookies based on
the site, regardless of the privacy policy on the Web site. Those registry keys
are stored in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\P3P\History
Listed under this key are domains that have been added as a
managed site. These domains can carry either of the following DWORD values:
0x00000005 - Always Block
0x00000001 - Always Allow
Internet Explorer 4.0 and later
Internet Explorer security zones settings are stored under the
following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
These registry keys contain the following keys:
- TemplatePolicies
- ZoneMap
- Zones
Note By default, security zones settings are stored in the
HKEY_CURRENT_USER
registry key. Because this key is dynamically loaded for each user, the
settings for one user do not affect the settings for another.
If the
Security Zones: Use only machine settings setting in Group
Policy is enabled, or if the
Security_HKLM_only DWORD value is present and has a value of 1 in the following
registry key, only local computer settings are used and all users have the same
security settings:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
With the Security_HKLM_only policy enabled, HKLM values will be
used by Internet Explorer, but the HKCU values will still be displayed in the
zone settings on the
Security tab in Internet Explorer. This
is by design and there are no plans to change this functionality.
If
the
Security Zones: Use only machine settings setting is not
enabled in Group Policy, or if the
Security_HKLM_only DWORD value does not exist or is set to 0, computer settings are
used along with user settings. However, only user settings appear in the
Internet Options. For example, when this DWORD value does not exist or is set
to 0,
HKEY_LOCAL_MACHINE
settings are read along with
HKEY_CURRENT_USER settings, but only
HKEY_CURRENT_USER
settings appear in the Internet Options.
Note With the Security_HKLM_only policy enabled, HKLM values will be
used by Internet Explorer, but the HKCU values will still be displayed in the
zone setting tab within the Internet Explorer Interface. This is by design, and
there are no plans to change this functionality at this time.
TemplatePolicies
The
TemplatePolicies key determines the
settings of the default security zone levels (
Low,
Medium Low,
Medium, and
High). You can change the security level settings from the default
settings. However, you cannot add additional security levels. The keys contain
values that determine the setting for the security zone. Each key contains a
Description string value and a
Display Name string value that determine the text that appears on the
Security tab for each security level.
ZoneMap
The
ZoneMap key contains the following
keys:
- Domains
- ProtocolDefaults
- Ranges
The
Domains key contains domains and protocols that have been added to change
their behavior from the default behavior. When a domain is added, a key is
added to the
Domains
key. Subdomains appear as keys under the domain where they belong. Each key
that lists a domain contains a DWORD with a value name of the affected
protocol. The value of the DWORD is the same as the numeric value of the
security zone where the domain is added.
The
ProtocolDefaults key specifies the default security zone that is used for a
particular protocol (ftp, http, https). To change the default setting, you can
either add a protocol to a security zone by clicking
Add Sites
on the
Security tab, or you can add a DWORD value under the
Domains key. The name of
the DWORD value must match the protocol name, and it must not contain any
colons (:) or slashes (/).
The
ProtocolDefaults key
also contains DWORD values that specify the default security zones where a
protocol is used. You cannot use the controls on the
Security
tab to change these values. This setting is used when a particular Web site
does not fall in a security zone.
The
Ranges key contains
ranges of TCP/IP addresses. Each TCP/IP range that you specify appears in an
arbitrarily named key. This key contains a string value (
:Range) that contains the specified TCP/IP range. For each protocol, a
DWORD value is added that contains the numeric value of the security zone for
the specified IP range.
When the Urlmon.dll file uses the
MapUrlToZone public function to resolve a particular URL to a security zone,
it uses one of the following methods:
- If the URL contains a fully qualified domain name (FQDN),
the Domains key is
processed.
In this method, an exact site match overrides a random
match. - If the URL contains an IP address, the
Ranges key is processed.
The IP address of the URL is compared to the :Range value that is contained in each of the arbitrarily named keys
under the Ranges key.
Note Because arbitrarily named keys are processed in the order that
they were added to the registry, this method may find a random match before it
finds an exact match. If so, the URL may be executed in a different security
zone than the zone where it is typically assigned.
This behavior
is by design.
Zones
The
Zones
key contains keys that represent each security zone that is defined for the
computer. By default, the following five zones are defined (numbered zero
through four):
Value Setting
------------------------------
0 My Computer
1 Local Intranet Zone
2 Trusted sites Zone
3 Internet Zone
4 Restricted Sites Zone
Note By default, My Computer does not appear in the
Zone box on the
Security tab.
Each
of these keys contains the following DWORD values that represent corresponding
settings on the custom
Security tab.
Note Unless stated otherwise, each DWORD value is equal to zero, one,
or three. Typically, a setting of zero sets a specific action as permitted, a
setting of one causes a prompt to appear, and a setting of three does not allow
the specific action.
Value Setting
-----------------------------------------------------------------------
1001 Download signed ActiveX controls
1004 Download unsigned ActiveX controls
1200 Run ActiveX controls and plug-ins
1201 Initialize and script ActiveX controls not marked as safe
1206 Allow scripting of Internet Explorer Webbrowser control
1400 Active scripting
1402 Scripting of Java applets
1405 Script ActiveX controls marked as safe for scripting
1406 Access data sources across domains
1407 Allow paste operations via script
1601 Submit non-encrypted form data
1604 Font download
1605 Run Java
1606 Userdata persistence
1607 Navigate sub-frames across different domains
1608 Allow META REFRESH *
1609 Display mixed content *
1800 Installation of desktop items
1802 Drag and drop or copy and paste files
1803 File Download
1804 Launching programs and files in an IFRAME
1805 Launching programs and files in webview
1806 Launching applications and unsafe files
1807 Reserved **
1808 Reserved **
1809 Use Pop-up Blocker **
1A00 Logon
1A02 Allow persistent cookies that are stored on your computer
1A03 Allow per-session cookies (not stored)
1A04 Don't prompt for client certificate selection when no
certificates or only one certificate exists *
1A05 Allow 3rd party persistent cookies *
1A06 Allow 3rd party session cookies *
1A10 Privacy Settings *
1C00 Java permissions
1E05 Software channel permissions
1F00 Reserved **
2000 Binary and script behaviors
2001 Run .NET components signed with Authenticode
2004 Run .NET components not signed with Authenticode
2100 Open files based on content, not file extension **
2101 Web sites in less priveleged web content zone can navigate into this zone **
2102 Allow script initiated windows without size or position constraints **
2200 Automatic prompting for file downloads **
2201 Automatic prompting for ActiveX controls **
2300 Allow web pages to use restricted protocols for active content **
{AEBA21FA-782A-4A90-978D-B72164C80120} First Party Cookie *
{A8A88C49-5EB2-4990-A1A2-0876022C854F} Third Party Cookie *
* indicates an Internet Explorer 6 or later setting
** indicates a Windows XP Service Pack 2 or later setting
Notes about 1200, 1803, 1A00, 1A10, 1E05, and 1C00
Run ActiveX controls and plug-ins (1200) has an extra setting
named Administrator approved. When this setting is turned on, the DWORD value
is 00010000. When this setting is turned on, the following registry key is
checked for a list of approved controls:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls
There is no prompt setting for File Download (1803) because it is
either allowed or not allowed.
Logon setting (1A00) may have any one
of the following values (hexadecimal):
Value Setting
---------------------------------------------------------------
0x00000000 Automatically logon with current username and password
0x00010000 Prompt for user name and password
0x00020000 Automatic logon only in the Intranet zone
0x00030000 Anonymous logon
Privacy Settings (1A10) is used by the
Privacy
tab slider. The DWORD values are:
Block All Cookies: 00000003
High: 00000001
Medium High: 00000001
Medium: 00000001
Low: 00000001
Accept all Cookies: 00000000
Based on the settings in the slider it will also modify the values
in {A8A88C49-5EB2-4990-A1A2-0876022C854F} or
{AEBA21Fa-782A-4A90-978D-B72164C80120} or both appropriately.
Software
channel permissions (1E05) has 3 different values; high, low, and medium
safety. Values for these are:
high: 00010000
medium: 00020000
low: 00030000
The Java Permissions setting (1C00) has the following five
possible values (binary):
Value Setting
-----------------------
00 00 00 00 Disable Java
00 00 01 00 High safety
00 00 02 00 Medium safety
00 00 03 00 Low safety
00 00 80 00 Custom
If Custom is selected, it uses
{7839DA25-F5FE-11D0-883B-0080C726DCBB} (that is located in the same registry
location) to store the custom information in a binary.
Each security
zone contains the
Description string value and the
Display Name string value. The text of these values appears on the
Security tab when you click a zone in the
Zone box. There is also an
Icon string value
that sets the icon that appears for each zone. Except for the My Computer zone,
each zone contains a
CurrentLevel,
MinLevel, and
RecommendedLevel DWORD value. The
MinLevel value sets the lowest setting that can be used before you receive
a warning message,
CurrentLevel is the current setting for the zone, and
RecomendedLevel is the recommended level for the zone.
What values for
Minlevel,
RecommendedLevel, and
CurrentLevel mean:
Value (Hexadecimal) Setting
----------------------------------
0x00010000 Low Security
0x00010500 Medium Low Security
0x00011000 Medium Security
0x00012000 High Security
The
Flags DWORD value determines the ability of the user to modify the
security zone's properties. To determine the
Flags value, add the numbers of the appropriate settings together. The
following
Flags values are available (decimal):
Value Setting
------------------------------------------------------------------
1 Allow changes to custom settings
2 Allow users to add Web sites to this zone
4 Require verified Web sites (https protocol)
8 Include Web sites that bypass the proxy server
16 Include Web sites not listed in other zones
32 Do not show security zone in Internet Properties (default
setting for My Computer)
64 Show the Requires Server Verification dialog box
128 Treat Universal Naming Connections (UNCs) as intranet
connections
If you add settings to both the
HKEY_LOCAL_MACHINE and
the
HKEY_CURRENT_USER
keys, the settings are additive. If you add Web sites to both keys, only those
Web sites in the
HKEY_CURRENT_USER are visible. The Web
sites in the
HKEY_LOCAL_MACHINE key are still
enforced according to their settings, but they are not available, and you
cannot modify them. This situation can be confusing because a Web site may be
listed in only one security zone for each protocol.
Internet Explorer 3.x
The security settings for Internet Explorer 3.x are kept in two
sections, one for changing options and one for level.
Options that
are enabled or disabled are located in the following registry keys:
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
The specific options under the
Security tab are:
Allow downloading of active content
String - "Code Download"
Values - Yes (checked) or No (unchecked)
Enable ActiveX controls and plug-ins
Binary - "Security_RunActiveXControls"
Values - Checked=hex:01,00,00,00 Unchecked=hex:00,00,00,00
Run ActiveX scripts
Binary - "Security_RunScripts"
Values - Checked=hex:01,00,00,00 Unchecked=hex:00,00,00,00
Enable Java programs
Binary - "Security_RunJavaApplets"
Values - Checked=hex:01,00,00,00 Unchecked=hex:00,00,00,00
The settings for the safety levels are located in the following
registry keys:
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_USERS\.default\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
The options for the registry listings are:
High
String = "Trust Warning Level"
Value = "High"
String = "Safety Warning Level"
Value = "FailInform"
Medium
String = "Trust Warning Level"
Value = "Medium"
String = "Safety Warning Level"
Value = "Query"
None
String = "Trust Warning Level"
Value ="No Security"
String = "Safety Warning Level"
Value ="SucceedSilent"