Microsoft Windows XP Home Edition - Zenk - Security - Repository
Microsoft Windows XP Home Edition - Zenk - Security - Repository
Microsoft Windows XP Home Edition - Zenk - Security - Repository
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Microsoft</strong> <strong>Windows</strong> <strong>XP</strong> <strong>Home</strong> <strong>Edition</strong><br />
<strong>Security</strong> Implementation<br />
Version 1.4b Option 1<br />
Drag and Drop or Copy and Past Files<br />
This option is enabled by default for Local and Trusted Sites. The<br />
issue with having this enabled is that a file could potentially have a<br />
script or control to move from a restricted site to a lower security<br />
site where it can do what it wants. Unless you are 100% confident<br />
in your Trusted or Local Site you should consider changing this to<br />
Prompt.<br />
Installation of desktop items<br />
This option is enabled by default only in the Trusted zone. This<br />
option allows you to protect yourself against a security vulnerability<br />
Key fingerprint<br />
that<br />
= AF19<br />
could<br />
FA27<br />
allow<br />
2F94<br />
a user<br />
998D<br />
to<br />
FDB5<br />
gain<br />
DE3D<br />
unauthorized<br />
F8B5 06E4<br />
privileges<br />
A169 4E46<br />
on your<br />
computer.<br />
Launching programs and files in an IFrame<br />
IFrames are in-line, floating frames that are often used for pop-up<br />
windows. Some security problems related to IFrames have been<br />
buffer overflows and hostile scripts. This option is enabled by<br />
default only in the Trusted zone.<br />
Software Channel Permissions<br />
This option controls the permissions given to software distribution<br />
channels. There are three levels that this option can be set at.<br />
High Safety. This option will prevent you from being notified about<br />
software updates by e-mail and keeps software from being<br />
automatically downloaded and installed. Medium Safety. This<br />
option will allow you to receive e-mails and downloads as long as<br />
they are digitally signed. There is no automatic installation with this<br />
option. Low Safety. This option will allow you to receive e-mail<br />
notification and will automatically download and install the software.<br />
Submit non-encrypted form data<br />
This option affects the transmission of forms data over non-SSL<br />
connections. You can have this option Disabled, Enabled, or<br />
Prompt. Disabling this option will disable the transmissions,<br />
Enabling this option will allow the transmissions, and Prompting will<br />
prompt you to see if you want to perform this or not.<br />
© SANS Institute 2003, Author retains full rights<br />
Userdata Persistence<br />
This option allows web sites to create XML files that store personal<br />
data for reuse by the web site. This is enabled in all the zones<br />
Key fingerprint except = AF19 Restricted. FA27 2F94 998D This is FDB5 not a DE3D security F8B5 risk 06E4 because A169 4E46 you choose<br />
what information to provide to the web site.<br />
Page 40 of 53<br />
© SANS Institute 2003, As part of the Information <strong>Security</strong> Reading Room. Author retains full rights.