Keep Internet Explorer's Shields Up
while you surf the web with MUCH greater safety
|The GRC TrustPuppy is a small, efficient, and completely free add-on to Microsoft's Internet Explorer (IE) web browser. It works with IE's awkward and seldom used security zone system to make Internet surfing with Internet Explorer MUCH safer than ever before probably even safer than using any other web browser.|
|How is web surfing unsafe?|
|Modern web browsers go far beyond displaying simple text pages. Under the command of remote web sites, contemporary browsers download and run "scripts" and "plug-ins" received on-the-fly from web sites. These bits of code usually create pop-up menus, page navigational aids, and other supplemental effects to distinguish the web site. But thanks to Microsoft's fundamentally insecure (and terminally wrong-headed) ActiveX plug-in technology, there is no limit to what they can do.|
To make the user's experience as smooth and seamless as possible, browsers obey the instructions from web sites without asking their user. This naively and dangerously assumes that the user chose the web site carefully, and that the site has the user's best interests at heart.
Making matters worse, critical defects in these web site enhancement technologies are continuously discovered which is why our systems need to be continuously patched. Tools that were designed for "good" are being subverted to malicious purposes by criminal hackers. And overly aggressive corporations employ web sites to install their spyware, adware, and other malware into visitor's computers without asking, and without concern for the visitor's wishes.
In other words, users blindly turn their computers over to every web site they visit. Under their browser's default settings, the user's system will obey any web site's instructions to do virtually anything it wants with the user's computer and personal data.
While this may be fine in the case of trustworthy web sites like Amazon, Google, or Yahoo, Internet users quickly learn that there are many disreputable web sites, companies, and people lurking in the dark corners of the Internet. Web surfers have discovered unwanted "add-ons" such as Comet Cursor, Gator, Incredifind, and many other types of "junkware" installed into their systems without their knowledge or permission. Their web browser, blindly obeying the instructions from an intrusive or malicious web site once visited, was instructed to install this unwanted software behind their backs.
|How can this problem be solved?|
|We solve this crucial problem for Internet Explorer (IE) by surfing with IE's security cranked all the way up and all of its potentially insecure remote executable code technology completely disabled. We trust no web sites by default. But we allow users to change their minds with a single click of their mouse. This lowers their browser's security by enabling scripting and plug-ins only for those specific web sites whose enhanced "executable" features they wish to trust and use.
with greatly improved security by default,
and only a minor loss of convenience.
|How does the GRC TrustPuppy accomplish this?|
|To understand how the TrustPuppy works, we need to take a look at Internet Explorer's security "zone" system . . . |
Internet Explorer employs the concept of security "zones". Unknown web sites are treated as if they are in the "Internet" zone and specific web sites can be added to the other zones as required.
Internet Explorer enables and disables its wide range of powerful but inherently dangerous and insecure web site enhancement features based upon a web site's "zone" membership.
For this security model to provide useful safety and security, the default "Internet" zone containing all unknown and untrusted web sites would be locked down tight with ALL of IE's unsafe features (and even potentially unsafe features) safely disabled. But the "Trusted" zone would have IE's executable content features enabled. In this way, known and trusted web sites can have access to the full range of Internet Explorer's powerful web browser features, while unknown or untrusted sites are prevented from accessing and possibly abusing those same powerful technologies.
You can see IE's zone management controls for yourself on the "Security" tab of "Internet Options" under IE's "Tools" menu . . .
IE's web site zone security system is a solution with great potential for enhancing web browsing security . . . even beyond that of all other web browsers. But there are several problems with using it. The GRC TrustPuppy corrects them all:
|Few users are aware of this system. No one ever told them about it or explained it to them. An unused security system provides no security.|
The fact that you are reading this page has already solved that problem.
|The only thing worse than not knowing about IE's security zone system is trying to use it. Adding sites to IE's trusted zone is a manual, error-prone and time-consuming process. The flow of all web surfing stops while the domain's URL must be manually added to the list of trusted sites. Then the site's page must be refreshed under the trusted zone's security permissions.|
of that to a single mouse click.
|Over time, a large number of "just visited once" web sites tend to accumulate in the trusted sites list. These are sites that were visited once and required the use of executable scripting or ActiveX plug-ins. Many such sites will never be visited again. Yet after being added to the list of trusted sites, they remain there unless and until they are manually removed.|
The GRC TrustPuppy introduces the concept of temporarily trusting sites. This allows uncommon sites to be fully used for a while, after which (once their trust has expired) they will be automatically removed from the trusted zone.
|Microsoft configures the "Internet" zone to be insecure by default. They must do this for everyone who isn't using their awkward zone system, otherwise many Internet web sites would not function correctly. But even after setting the Internet zone's security all the way up to maximum, potentially dangerous ActiveX code can still be downloaded and run by untrusted sites without the user's permission. Even IE's "maximum" security is not secure. But the GRC TrustPuppy fixes that too . . .|
The GRC TrustPuppy automatically customizes the security of all IE zones to firmly lock down IE's security for unknown, untrusted, and restricted sites, while allowing full operation of all trusted sites.
web site can execute code on your system.
The GRC TrustPuppy also sets IE6's browser cookie handling to prevent third-party privacy-violating tracking. (None of this is set correctly in IE by default, even when cookie privacy is set to maximum.)
|How does it work exactly?|
|The GRC TrustPuppy adds a single "trust control button" to IE's standard toolbar:|
|As you browse the web, the color and symbol of the button changes to continuously show the "trust" you may have previously given to the current site. Sites you have never visited before, or have never explicitly chosen to "trust", will show the red dash symbol, indicating that they are unknown or not trusted and therefore unable to cause your browser to load or run any executable code in your PC. You are safe from anything they might try to do.|
If you are at a site whose advanced executable services you require, that site's "trust" can be instantly and easily changed with a single click of the TrustPuppy button:
|What if an IE pop-up window doesn't have a toolbar?|
|A trusted site might use a script to open a small window whose contents are coming from a different and untrusted site for showing a movie preview or presenting an online poll question, for example. You might want or need to "trust" that other site to allow the new window to operate fully. But if its window does not have a toolbar, you can't click its TrustPuppy trust control button to trust it.|
The GRC TrustPuppy resolves this by watching for windows without toolbars opening on currently untrusted sites. As this happens, the GRC TrustPuppy will prompt the user, showing the name of the new web site that's being opened, and asking the user whether and how they would like to extend their trust to this additional web site:
|Once users are familiar with the TrustPuppy popup functions, they may elect to display the smaller popup. A setting on the TrustPuppy Options panel may be used to select the smaller popup. It uses button "tooltips" to remind the user of button functions:|
|The GRC TrustPuppy is designed to be extremely quick and easy to learn and use. The installation wizard will walk you through the various installation steps, taking care to save all of your current IE settings for automatic restoration in case you ever decide to remove the TrustPuppy and return to manual operation.|
Although the GRC TrustPuppy is extremely easy to use, we also designed it to be a complete solution for Internet Explorer web site trust management. So there are a number of additional features that we have not covered on this introductory page. The "Options Panels" documentation page will introduce you to those additional features and capabilities.
You are welcome to grab your own copy of the free GRC TrustPuppy, or peruse the additional pages shown below which contain answers to frequently asked questions (FAQs) and documentation on the TrustPuppy's additional features and options panels.
I wish you all the best of luck using this powerful but simple tool to HUGELY improve the security of Microsoft's Internet Explorer.
Here's to using the Internet safely,
Gibson Research Corporation is owned and operated by Steve Gibson. The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
|Last Edit: Mar 09, 2013 at 13:47 (778.21 days ago)||Viewed 32 times per day|