Running Microsoft Windows 2000 Professional
Security and privacy are related but somewhat distinct issues. Security means your ability to send sensitive data—your credit card numbers, for example—across the Internet without that data being intercepted by unauthorized parties. It also means your ability to screen out dangerous or objectionable content that might be coming toward you. Privacy means your ability to prevent Internet content providers and other parties from gathering information about you—demographic or marketing data, for example—that you'd rather they not have.
If you transact business over secure Web sites, you can be reasonably confident that third parties won't be able to intercept the information you send. In fact, thanks to encryption, you're almost certainly safer sending credit card information this way than you are sending it via fax or telephone. On the other hand, if you download a lot of material from the Internet, you probably know that there is no such thing as perfect security. There is always a chance that you might someday become the unwitting target of a malicious or incompetent programmer. The only surefire way to eliminate this hazard is not to use the Internet. If that drastic solution doesn't appeal to you, you might want to become familiar with Internet Explorer's security-zone feature.
We'll explore the concepts of security zones and secure Web sites in this section. We'll also look at how you can prevent Internet sites from gathering information about you by downloading cookies to your hard disk.
Working with Secure Sites
Internet Explorer is a secure browser, which means it's capable of exchanging encrypted (secure) data with a secure Web site. A secure Web site is one that has been given a valid security certificate by a third-party agency such as RSA Data Security, Inc. When you're connected to a secure site, a padlock icon appears on the status bar, and whatever you upload to that site is automatically encrypted.
Internet Explorer supports three security protocols, called Secure Sockets Layer (SSL), Private Communications Technology (PCT), and Transport Layer Security (TLS). The goal of each of these protocols is to ensure privacy (no one can intercept your communications), authentication (you and the site you're visiting are not impostors), and integrity (data reaches the other end unscathed).
Internet Explorer automatically chooses the appropriate protocol for the secure site that you're using. But if you're interested in knowing what protocol a server supports or any other details about its security, you can find out as follows:
- Log on to the secure site.
- Open the File menu and choose Properties.
- Click the Certificates button.
You'll see a dialog box similar to the one shown in Figure 18-15, below. Here you can learn the name of the authority that issued your site's security certificate, the effective date and expiration date of that certificate, the protocol used, and so on.
Figure 18-15. This dialog box shows details about a secure Web site's security certificate, protocol, and other matters.
Using Security Zones and Security Levels
Internet Explorer lets you assign any Web site to one of four categories, depending on the degree to which you trust the site. These four categories are called Trusted Sites zone, Local Intranet zone, Internet zone, and Restricted Sites zone. All sites are initially assigned to the Internet zone except sites that you access via an intranet. Internet Explorer automatically detects intranet sites and assigns them to the Local Intranet zone.
Each security zone is associated with a particular security level—a default configuration of defensive measures that Internet Explorer's designers consider appropriate for that zone. The Internet zone is given the medium security level, while the Local Intranet, Trusted Sites, and Restricted Sites zones are assigned the medium-low, low, and high security levels, respectively.
If you think that certain of the sites you use pose a higher than ordinary level of risk, you can move those sites to the Restricted Sites zone. On the other hand, if you find Internet Explorer's moderate safety measures intrusive with certain sites that you trust completely, you might want to assign these sites to the Trusted Sites zone.
To change a site's default zone assignment:
- Choose Internet Options from the Tools menu and click the Security tab.
- Select the zone to which you want to assign the site, and then click the Sites button. (This button becomes active when you select any zone other than Internet zone.)
- In the ensuing dialog box, you'll see a list of sites that you've already assigned to this zone, along with a text box where you can enter the address for the new site. Enter the site's address into this text box and click the Add button.
TIP
To avoid typing errors when entering a site's address, first select the address on Internet Explorer's Address bar. Press Ctrl+C to copy the address to the Clipboard. Then use Ctrl+V to paste the address into the security-zone dialog box.
TIP
Microsoft Internet Explorer 5 Power Tweaks Web Accessories adds commands to the Tools menu that make it easier to add sites to the trusted and restricted zones. For information about Web Accessories, see "Installing Web Accessories."
Redefining Security Levels
Internet Explorer has four predefined security levels, called high, medium, medium-low, and low. You can find out exactly what any of these security levels means, and, if none of the predefined security levels meets your requirements for a particular security zone, you can assign that security zone a custom security level.
To view or change settings for a security zone:
- Choose Internet Options from the Tools menu and click theSecurity tab.
- Select the zone you're interested in.
- Click the Custom Level button.
Internet Explorer displays the dialog box shown in Figure 18-16. You can scroll through this dialog box to see exactly what potentially hazardous downloads are allowed, what kinds of downloads require you to answer a confirmation prompt, and so on. If you don't like what you see, you can change any of these settings. Internet Explorer then applies your custom settings, instead of its own predefined security level, to the selected zone. To return to the original settings, on the Security tab of the Internet Options dialog box, select the zone and click Default Level.
Figure 18-16. You can use this dialog box to fine-tune the security level associated with a security zone.
Blocking Cookies
A cookie, in Internet parlance, is a bit of information about you and your preferences, deposited on your hard disk by a Web site that you've visited. Web sites use cookies to customize their offerings for particular users. If you've ever wondered, for example, how that giant bookstore in the ether knows so much about your taste in reading matter, the answer is that it reads your cookie every time you log on.
Understanding Security Certificates
A security certificate is a statement issued by a third-party authority guaranteeing the identity of a Web site or person. Internet Explorer uses two kinds of certificates—site certificates and personal certificates. A personal certificate vouches for your identity. At this stage in the development of Internet commerce, a personal certificate's principal virtue is that it enables you to send encrypted e-mail. But you might at some time need to deal with a Web site that requires you to authenticate yourself by means of a personal certificate. For information about obtaining and using a personal certificate, see "Using Digital Signatures and Encryption."
A site certificate attests that a secure Web site is what it says it is—and not the work of an impostor. Site certificates, like personal certificates, have expiration dates. When you connect with a secure Web site, Internet Explorer makes sure that all the information on the site's certificate is valid and that the certificate hasn't expired. The program warns you if the certificate is invalid or not current by displaying a dialog box similar to the one shown below.
On the Content tab in the Internet Options dialog box, you'll find two buttons relating to security certificates. The Certificates button lets you inspect any personal certificates that have been installed on your computer and view a list of certifying authorities that are currently trusted by Internet Explorer. You can remove any that you don't want the program to trust.
The second button on the Content tab, Publishers, presents a list of software publishers that you have declared to be trustworthy. These publishers aren't guaranteed by a certifying authority. They are simply software sources that you, for the sake of convenience, have asked Internet Explorer to trust. For more information about trusting publishers, see "Trusting Software Publishers."
Cookies are stored in the %UserProfile%\Cookies folder. You can open your cookies in Notepad, but you'll find they're mostly indigestible—binary information that only a Web server can love.
In general, cookies are a convenience for end users. They make the Web sites you visit more responsive to your own needs and preferences. Cookies can contain only information that you provide; a Web site can't surreptitiously determine your e-mail address and place it in a cookie, for example. Nevertheless, some users do find them objectionable. If you want to keep Web sites from recording information about you on your own hard disk, you can either block cookies entirely or require Internet Explorer to display a confirmation prompt before downloading any cookie. To perform either of these tasks, visit the Security Settings dialog box shown in Figure 18-16 and scroll down the list of options until you come to the set labeled Cookies.
If you decide to have Internet Explorer prompt before accepting any cookies, you'll see a dialog box similar to the one shown in Figure 18-17 each time a site wants to send a cookie your way. If you tire of responding to these messages, you can return to the Internet Options dialog box or, more simply, select the check box before you click Yes.
Figure 18-17. You can ask Internet Explorer to prompt you before downloading any cookies, but you might tire of seeing messages like this.
Blocking Pornography and Other Objectionable Content
Some Web sites provide information or pictures that you might find objectionable for you or your children. Internet Explorer provides a feature called Content Advisor to help you block the display of objectionable material. When Content Advisor is enabled, if a user tries to go to a Web page that is beyond the limits you set, Internet Explorer won't show the page, and instead displays a warning dialog box. Users who know the supervisor password can bypass the warning and view the page.
To set up Content Advisor:
- Open the Tools menu, choose Internet Options, and click the Content tab.
- Click Enable.
The Content Advisor dialog box appears.
NOTE
After you enable Content Advisor, you can return to this dialog box by clicking Settings on the Content tab of the Internet Options dialog box, and then entering your supervisor password.
- On the Ratings tab, select a category and then drag the slider to set the limits you want. As you move the slider, a description of the current setting appears below the slider. Repeat this step for each category, and then click OK.
- If you haven't already set up a supervisor password, supply and confirm your supervisor password in the Create Supervisor Password dialog box that appears.
The Ratings tab contains a list of available rating systems and categories. By default, Internet Explorer comes with a system called RSACi, the Recreational Software Advisory Council's Internet rating system. The system has four categories: language, nudity, sex, and violence. Each category has five levels, numbered 0 through 4. A higher number indicates more explicit or intense content.
The supervisor password is the master key that lets you change the Content Advisor settings or bypass the Content Advisor protections. Write this password down in a safe place so that if you forget it, you won't be locked out of Internet Explorer.
NOTE
The settings you make in Content Advisor apply to all users on your computer; you can't make separate settings for each user.
Blocking Unrated Sites
Not all Internet content is rated. By default, Content Advisor blocks pages that don't have a rating, because Content Advisor has no way of knowing what types of content are on those pages. Just as when you attempt to view a site with ratings that exceed the permissible level you've defined, when you attempt to view an unrated site, you'll see a dialog box similar to the one shown in Figure 18-18.
Figure 18-18. Content Advisor blocks pages with ratings beyond the limits you set and pages that aren't rated.
If you don't want this type of protection, you can change the default setting by clicking the General tab in the Content Advisor dialog box, shown in Figure 18-19, and selecting the Users Can See Sites That Have No Rating check box.
Figure 18-19. The General tab lets you block unrated sites, bypass blocking, and change the supervisor password.
Because so many sites are unrated—including both "good" sites and "bad" sites—Content Advisor lets you create your own ratings for particular sites. To set up a list of sites that you want to allow or disallow, regardless of their claimed content rating, click the Approved Sites tab in the Content Advisor dialog box, shown in Figure 18-20. Type the site's address, and then click Always (to allow access) or Never (to prohibit access).
Figure 18-20. The Approved Sites tab lets you effectively override a site's rating and provide a rating for unrated sites.
Allowing a User to Bypass Blocking
Normally, your supervisor password is used only to turn the entire blocking mechanism on or off. If you want, however, you can allow a user to see a blocked page by supplying the password when he or she attempts to access the blocked Web page. To do this, display the Content Advisor dialog box and click the General tab. On the General tab, shown in Figure 18-19, select the Supervisor Can Type A Password To Allow Users To View Restricted Content check box.
Turning Off Blocking
If you change your mind about blocking offensive material, simply display the Internet Options dialog box and click the Content tab. Click the Disable button and enter your supervisor password.
Using Profile Assistant
Many Web sites request personal information, purportedly to help them deliver useful information to you. Internet Explorer provides a feature called Profile Assistant, which allows you to enter all your information once, and then control which Web sites have access to which kinds of information. Using Profile Assistant saves you from having to reenter the same information, such as your name and e-mail address, and it provides privacy safeguards.
When you visit a Web site that requests information from Profile Assistant, the request shows you the address of the requesting site, which information the site is requesting, how the information will be used, and whether the site has a secure connection. Before granting the request, you can verify that the site is legitimate, and you can choose which information you want Profile Assistant to provide, or you can refuse to give the site any information.
To configure Profile Assistant, choose Internet Options from the View menu. Click the Content tab, and then click the My Profile button. In the dialog box that appears, fill in the fields on each tab. (Remember, Web sites don't have access to this information until you explicitly give them permission.) Profile Assistant uses an Address Book record to store the information; you can select an existing record or create a new one. Click OK in the profile's properties dialog box, and then click OK in the Internet Options dialog box.