Open IE's fifth security line

IE is the most "care" object for viruses, hackers, and malicious websites, so its security is extremely important. Today we are going to get through its fifth line of defense to make your system safer!

About IE's four security zones

Open the IE Properties window. In the "Security" tab, you can find that IE divides Web content into "Internet", "Local Intranet", and "trusted". Four different security zones, "restricted sites". By default, IE places all sites in the "Internet" zone and sets a medium level of security to protect them. When downloading potentially unsafe content, the system prompts (but does not prohibit unsafe behavior, also That is to say, unsafe content can also be run after user confirmation). Of course, users can put a fully trusted or suspicious Web site into three other security zones, such as: usually add the Windows Update site to a "trusted site," while some malicious sites can put it in "accepted" Restricted sites".

Open IE's fifth security line

In fact, IE has a hidden security area in addition to the four areas mentioned above, and by default in IE's "security." The option settings are not displayed and must be opened by modifying the registry.

Step 1: Open the Registry Editor and find [HKEY_CURRENT _USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones].

Step 2: Several sub-items under "Zones" are the security zone items already defined in the computer. The areas controlled by numbers from 0 to 4 are as follows:

0 I Computer
1 Local Intranet Zone
2 Trusted Site Zone
3 Internet Zone
4 Restricted Site Zone

Step 3: Where "My Computer" Does Not Appear In the "Region" box of the "Security" tab, the key that controls this property is "Flags" (REG_DWORD type) whose value determines whether the user can modify the properties of the security zone. To determine the Flags value, you can add the values ​​represented by the corresponding settings listed below (decimal, the same below):

Value corresponding to the setting
0 Prohibit changing the setting
1 Allow changes from Define settings
2 Allow users to add Web sites to the zone
4 Requires authenticated Web site (https protocol)
8 Web site including bypass proxy server
16 Included in other zones Web sites not listed
32 Do not display security zones in Internet properties
64 Display the "Require server authentication" dialog box
128 Treat Universally Named Connections (UNC) as Intranet Connections

For example, you need to specify "Allow changes to custom settings" and "Show 'Require server verification' dialog box", then Flags should be set to 65 (1+64).
By default, the "My Computer" has a Flags value of 33, which is 1+32, so this security setting cannot be seen in the "Security" setting of the IE option.

Step 4: As long as you subtract 32 from the original value, set this value to 1 (see Figure 1) and close the Registry Editor. Right click on IE and select Properties. You will find "My Computer" in the "Security" tab (see Figure 2).

FIG. 2

Tips

★ value can be set as long as the Flags
not included in the value of 32 can be turned so that IE's fifth security line.
★ "Local Intranet Zone" corresponds to "Flags" default value of 219, "Trusted Site Area" is 71, "Internet Zone" is 1, "Restricted Site Zone" is 3, when needed Restore according to the default values ​​above.

Using the fifth security thread

1. Controlling the security of web pages on the local hard disk

Select "I" under "Security" tab of "Internet Options" "The computer", found that its corresponding "site" and "default level" buttons are gray is not optional (can be activated by modifying other registry keys, but not necessary). Click on the "Custom Level" button to find its default security level is "High". Here you can set the behavior of opening a webpage with IE on the local hard disk. Usually browsing the webpage offline and opening the webpage in the local hard disk/disc belongs to the scope of the "My Computer" security zone. Of course, these downloaded web pages are closer to the system than the content viewed on the Internet, so IE sets them to the highest level by default. We can change the security level of the webpage on the local hard disk by changing this setting.

2. Thoroughly ban pages that should not be viewed - hide "restricted sites"

The "Flags" for all security zones are different, if several others The "Flags" value plus 32, they will not display the security area in the Internet properties, this feature can help us completely ban pages that should not be viewed, such as not wanting children to browse those unhealthy pages, many friends just By simply putting these web addresses into the untrusted list, it is believed that children with a certain computer base can easily open the IE properties to remove these restrictions. However, if you add this content to the "Restricted Sites" list first, then modify the registry to hide this security zone, you can rest assured! The steps are as follows:

Step 1: Open the Registry Editor and find [HKEY_CURRENT_ USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4].

Step 2: Double-click the “Flags” button in the right window to change the original 3 (decimal) to 35 (the hexadecimal is 23) and exit the editor.