Adding unwanted sites to
the Internet Explorer Restricted Zone
|Manually adding entries to the Restricted
Sites zone will help prevent installs of unwanted software,
greatly reduces the amount of unwanted
pop-ups! IE will not run scripts that originate from sites the
user places in the Restricted zone. To protect your privacy
further, IE will not send
cookies to sites in the Restricted Sites zone.
New to Internet Explorer is the ability to add IP addresses
to the Restricted Zone.
You'll find many times these parasites use an IP address rather than
a URL. They do this to avoid being blocked by an entry in a
However you can still add a layer of protection to your system by
adding those IP addresses to the Restricted Sites zone.
Editors Note: adding a large amount of sites to
the Restricted Zone in Windows may cause slow-down problems in
some applications. You can reduce the
amount of entries by the use of Wildcards, so rather than adding a
huge amount of DoubleClick entries, you can use (example)
Adding entries to the Restricted sites can
also eliminate the Back Button
determine sites that are getting thru your Layered Protection
Clear your browser cache, then browse for a while. Then go to:
Internet Options | General [tab] |
Settings [button] | View Files [button]
Next: click the "Internet Address" header to sort the files by
URL. Scroll the list, if you find a undesired address, either a URL
or IP address - right-click the culprit in the "Name" header, and
select: Properties. From there you can copy the entry. Once you have
determined that this is an undesired site add the entry to the
"Restricted sites". In the event you are not sure, you can
the "owner" from
To remove all the
sites listed in the Restricted Sites Zone
- Right-click and select: Save Target As
To use: right-click and select: Install (no need to
restart - there is no on-screen action)
Note: This will remove all entries in the "Trusted
Zone" and "Ranges" also. DelDomains was revised
(01-16-05) to include the "Enhanced Security Configuration Zones" as
some of these newer infections are targeting the "Enhanced" Zone.
||Microsoft decided to group both Zones into the same registry
To remove individual entries: Click "Sites",
highlight the entry - Click Remove.
Internet Explorer settings" will remove all sites in the
Trusted and Restricted Zones.
Setting the Restricted Sites Zone
|Internet Options | Security tab and
highlight the Restricted sites icon ...
Click the Custom Level button and set all sections to Disable.
Note: do not disable the Pop-up blocker or the
This will prevent any sites listed from running ActiveX or
Note: this will also prevent you from mistakenly
downloading files from a listed site.
(pop-up image on the right)
Setting the Internet Zone
for Additional Security
There are quite a
few new categories and settings in Internet Explorer. The default has been
increased from Medium to Medium-High. However there are still a few
options that need to be reset to harden the Internet Zone.
Font Download = reset to Disable ... don't worry the page
will still display properly ...
Launching programs and files in a IFrame = reset to
This is the single most exploited setting
in Internet Explorer!
There are no legitimate sites that I know of that use this option
Websites in less privileged web content can navigate into this
zone = reset to Disable
This affects sites that are added to the Restricted Zone ... so no
you don't want them doing anything!
Editors Note: changing other setting my affect how
websites are displayed or may cause problems with them displaying
correctly. If you do set your own preferences and experience
problems or prompts, simply reset the Zone to the default and start
over again ...
Click on the "Content" tab, Click the
By default you should not have anything listed under "Trusted
You can ignore the "Trusted Root Certification Authorities" section.
Highlight and click "Remove" any unknowns, click Ok. Why?
read the below carefully.
Editors Note: a good example of this unsavory practice is
Trusted Publishers and Credentials Agencies
This list controls whose software can be installed on your
system without asking you first.
The list can contain both individual software publishers and
commercial software publishers. Software
that has been published by a publisher in this list can be
installed without your explicit approval.
The list can also contain one or more credentials agencies.
Similar to a notary, a credentials agency is an organization in
the business of attesting to the identity of software
publishers. If a credentials agency is in this list, then any
publisher certified by that agency is considered trusted, allowing
software they publish to be installed on your system without
asking you first.
Editors Note: some of these newer parasites have been adding
themselves to the "Trusted Zone" to bypass common security
measures. There is no easy method to detect these new entries, you can
either check them manually by highlighting the Trusted Zone icon, and
press the Sites button. Or you can run
which displays Trusted Zone entries.
O15 - Trusted Zone: *.pluginaccess.com
Note: this Dialer adds itself to the Trusted Zone during the install.
To avoid this, place the site in the Restricted Zone - the thought
being IE will not allow the same site to exist in two zones.
Important There are now a whole host of Trojans that will
write multiple sites to the Trusted Zone. The majority of these
culprits are now entries in the HOSTS file
and marked as: [Trojan.TrustedZones]