A Tour of Windows XP Service Pack 2 - Part 4.

   In the last episode we had a glimpse of the Windows Firewall and how it was enhanced to prevent untoward incidents to the computer. While the firewall helps to keep the computer secure from outside attacks, it is not the only fool proof way to secure the computer. Most of the connection to the outside world is done from the web browser and hence the browser has undergone a lot of tweaking and enhancements to minimize the risks. The major changes done to Internet Explorer are:
  • Make browsing more enjoyable with dramatically fewer pop-up ads.
  • Provide better protection from potentially harmful downloads.
  • Assistance in finding and controlling Internet Explorer add-ons.
  • Stop scripts that resize or reposition windows without your permission.
  • Offer stronger security for your PC with built-in security enhancements.

    •    With an improved security infrastructure, Internet Explorer blocks unruly windows and helps to defend your PC by drawing tighter security around it. These security enhancements include things such as zone elevation blocks and changes to object caching—serious sounding names for serious security protections. Let us explore the features one by one.

       Pop up windows.

       The biggest intruder in recent times when browsing was the famous pop up window. Whenever a website was opened, the activity on the page would be delayed because the pop up window would obstruct the opening of the page. And this caused a great discomfort to the user because the pop up window would open every time a page was loaded and there was no control over this pop up window. Many third parties provided pop up blocking tool bars but that was a pain to download the same and it was difficult to limit the pop up windows which had to be allowed. And these tool bars could not differentiate between a window that popped up by itself and a pop window which opened with a user’s click.

       Earlier when a user was working on an application and he would accidentally dismiss any dialog box that obtruded on the way and he wouldn’t realize that he had clicked on a dialog box and wouldn’t be aware what the dialog box was all about. Remember that in an earlier article on Longhorn, I had written how Longhorn would change the way users worked with dialog boxes and the side bar would contain the history of all previous dialog boxes and alerts that appeared on the desktop. Well the same thing has been done to Internet Explorer. If the pop up was blocked without any indicator to the user, the user wouldn’t have any indicator that a pop up window appeared. Hence Internet Explorer had to do something to give some indicator to the user. This is done with the Information bar. This is a new feature provided with Service Pack 2 and appears below the toolbar at the top and gives different messages depending on the security setting. We shall see more of the Information bar in the next few paragraphs. The information bar also provides with settings to tweak with.

    Figure. 1 The pop up blocker.

    Figure.2 The menu on the Information bar to configure pop up settings.

       What happens when a pop up window is blocked.

       When a site opens a pop-up window that is blocked by Internet Explorer, a notification appears in the Information Bar and status bar and a sound is played. Clicking on the notification in the Information Bar or status bar, displays a menu with the following options:
  • Temporarily Allow Pop-ups. Reloads the page, allowing pop-up windows. This can be used in scenarios where the user wants to see what kind of pop up window appears and whether it is informative or not. This setting lasts only for the life time of that instance of the browser window. When the browser window is closed, the settings are reset to the default.
  • Always Allow Pop-ups from This Site. This allows the user to add the current site to the “Allow list”. The sites that appear in the “Allow List” will always allow the pop up window and the Information bar will not appear for these web sites.
  • Settings. Shows more Pop-up Blocker settings menu items and gives access to the Pop-up Blocker Settings window.

    •    There are some advanced options that Internet Explorer provides for advanced configuration of Pop-up Blocker settings. This is set through the Pop up blocker Settings. The options are:-

    Figure. 3 The pop up blocker dialog box.
  • Web site Allow List: This allows the user to add sites to the Allow list. Any site on the Allow list can open pop-up windows.
  • Notification and Filter Level: There are 2 notification settings which can be set on and off. They are :-
  • Play a sound when a pop up window appears: You can toggle whether or not Pop-up Blocker plays a sound when a pop-up is blocked through the Advanced settings in Internet Options. You can also change the sound that plays. To do this, click Start, click Control Panel, and then double-click the Sounds and Audio Devices icon, and then specify the Blocked Pop-up Window system sound.
  • Show the information bar when a pop up window is blocked: This allows the user to configure if he wants to see the information bar when the pop up window is blocked. If he doesn’t want to see any information then he can use the filter level to control the pop up windows which is discussed in the next paragraph.

    •    There are 3 filter levels which can be set for the pop up blocker. They are:
  • High: Block all pop ups, Ctrl to override. This setting allows sites to open a pop-up window when the user clicks a link. This setting changes that behavior by blocking windows that are opened from a link. If this setting is enabled, you can allow pop-up windows to open by pressing the CTRL key at the same time that you launch the pop-up.
  • Medium: Block most automatic pop up windows. This is the default setting.
  • Low: Allow pop ups from secure sites. Customers can expand the scope of Pop-up Blocker to include the Local Intranet or Trusted Sites zones in the Security tab of Internet Options.

    •    There are some scenarios in which the pop up window will appear even if the pop up blocker is enabled.

  • The pop-up is opened by a link which the user clicked.
  • The pop-up is opened by software that is running on the computer.
  • The pop-up is opened by ActiveX controls that are instantiated from a Web site.
  • The pop-up is opened from the Trusted Sites or Local Intranet zones.

    •    Internet Explorer Window Restrictions

       Earlier Internet Explorer provided the capability for scripts to programmatically open additional windows of various types, and to resize and reposition existing windows.

       When visitors visited certain web sites, they had peculiar problems when handling pop up windows. These methods of opening the pop up window were called by scripts and used to spoof a user interface or desktop or to hide malicious information or activity by one of the three following methods:
  • Positioning the window such that the title bar, status bar, or address bar are off-screen.
  • Positioning the window to hide important elements of the user interface from the user.
  • Positioning the window so that it is entirely off-screen.

    •    When these elements are hidden from view, the user might think they are on a more trusted page or interacting with a system process when they are actually interfacing with a malicious host. Malicious use of window relocation can present false information to the user, obscure important information, or otherwise “spoof” important elements of the user interface in an attempt to motivate the user to take unsafe actions or to divulge sensitive information.

       The Window Restrictions security feature, formerly called UI Spoofing Mitigation, restricts two types of script-initiated windows that have been used by malicious persons to deceive users: popup windows (which do not have components such as the address bar, title bar, status bar, and toolbars) and windows that include the title bar and status bar. As a consequence script-initiated windows with the title bar and status bar are constrained in scripted movement to ensure that these important and informative bars remain visible after the operation completes.
  • Scripts cannot position windows so that the title bar or address bar are above the visible top of the display.
  • Scripts cannot position windows such that the status bar is below the visible bottom of the display.

    •    The visible security features of Internet Explorer windows provide information to the user to help them ascertain the source of the Web page and the security of the communication that uses that page.

       Internet Explorer Add-on Management

       Add-ins are small programs that are embedded in the browser and help the user to get certain functionality when browsing the Internet or using particular applications. Example of add-ins are:
  • Browser help objects
  • ActiveX controls
  • Toolbar extensions
  • Browser extensions

    •    Add-ons are installed from a variety of locations. The different process of installing the add-ins are :
  • Downloading and installation while viewing Web pages
  • Installation by the user by way of an executable program.
  • As pre-installed components of the operating system.
  • As pre-installed add-ons that come with the operating system.

    •    Examples of popular add-ins that are used by the majority of browser users are:
  • Shockwave ActiveX controls.
  • Shockwave Flash object.
  • Windows Media Player.
  • Yahoo Messenger.
  • MSN Messenger.
  • MSN Toolbar.
  • Yahoo toolbar.
  • Antivirus Toolbars from popular antivirus companies.

    • Figure.4 The Manage Add-on’s dialog box.

       The problem with add-ins are that they are also equally deceptive in nature and can perform a variety of tasks which are not known to the user. For example, a user might unintentionally install an add-on that secretly records all Web page activity and reports it to a central server. These kind of deceptive add-ons could only be identified by specialized software and deep technical knowledge was required to identify and remove that add-on.

       Internet Explorer Add-on Management provides an easier way to detect and disable particular add-on’s. It also allows the user to view the add-ons that have been installed on his computer and give more control over particular controls that might be harmful to his computer. Internet Explorer Add-on Management allows users to view and control the list of add-ons that can be loaded by Internet Explorer with more detailed control than before. It also shows the presence of some add-ons that were previously not shown and could be very difficult to detect. These add-ons might provide undesired functionality or services and, in some cases, might present a security risk.

       Managing Add-ons

       Users can enable and disable each add-on individually and view information about how often the add-ons have been used by Internet Explorer. To do this, use the following procedure to open Manage Add-ons.
  • Click Start, and then click Internet Explorer.
  • Click Tools, and then click Manage Add-ons.

    •    You can also open Manage Add-ons through Control Panel by following these steps:
  • Click Start, and then click Control Panel.
  • Double-click Internet Options.
  • Click the Programs tab, and then click Manage Add-ons.

    •    Manage Add-ons has several options that allow you to change your add-on configuration. You can use Show to control the way in which the add-ons list is displayed. It has two options:

       Add-ons currently loaded in Internet Explorer. This option lists the add-ons that have been instantiated (or loaded into memory) within the current Internet Explorer process and those which have been blocked from instantiating. This includes ActiveX controls that were used by Web pages that were previously viewed within the current process.

    Figure.5. Add-ons currently loaded in IE.

       Add-ons that have been used by Internet Explorer. This option lists all add-ons that have been referenced by Internet Explorer and are still installed. The list of add-ons shows all installed add-ons of the types mentioned earlier in this document. To enable or disable an installed add-on, click the add-on in the list, then click Enable or Disable.

    Figure 6. Add-ons that have been used by Internet Explorer.

       If you click an ActiveX control in the list, then click Update ActiveX, Windows searches for an update at the location where the original control was found. If a newer version is found at that location, Internet Explorer attempts to install the update.

       The list of add-ons also contains signed add-ons that were blocked from installation because their publisher was untrusted. After selecting one of these controls, the user can unblock the control by clicking Allow. Caution should be exercised when doing this, because clicking Allow removes the publisher from the Untrusted list. There are indicators to view add-ons that were blocked by the user or add-ons that comes from untrusted publishers. We will discuss about untrusted publishers in a future article.

       Indicators of blocked add-ons.

       Blocked Add-on status bar icon: A Blocked Add-on icon appears in the status bar when a Web page attempts to instantiate an ActiveX control that is disabled or blocked because its publisher is untrusted. You can double click the icon to open Manage Add-ons. The status bar icon is accompanied by a balloon tip the first five times it appears.

       Add-on notification balloon tip: When a Web page attempts to instantiate a disabled add-on and there is no current Blocked Add-on status bar icon, a message appears to tell the user that the current Web page is requesting an add-on that is disabled. The user can click the message for more details on blocking add-ons.

      We have covered a lot today and saw how the browser has been revamped in SP2. But that is not all that has been enhanced in the browser. There is more to be seen and we will see in the next article.

      To be continued...
     
     
    Best viewed with 1024 x 768 px Resolution
    Developed in association with K K Webtech P Ltd.