Microsoft Windows XP Networking Inside Out
.pdf
6 Chapter
Part 2: Internet Networking
Restricted Sites Zone
The Restricted Sites zone works like the Trusted Sites zone except in reverse. Sites listed in the Restricted Sites zone are given the high security level in order to protect the computer from harmful content. Select the Restricted Sites zone, and click the Sites button to add sites that might use harmful content. This zone’s security settings also override the security settings the sites placed in this zone would otherwise receive if categorized into the Internet or Local Intranet zone.
Understanding Privacy
and Content Settings
Version 6 of Internet Explorer supports new privacy settings that enable you to control how Internet Explorer responds to cookies (described next) requested by Web sites. Also, as in previous versions of Internet Explorer, content settings are available so that you can control the kind of content that is allowed on your computer.
newfeature!
Privacy Settings
A cookie is a text file that is exchanged between your browser and a Web site. Cookies contain personal information about you, such as your name, e-mail address, and sometimes even your surfing habits. Cookies are a great feature because they allow a Web site to recognize you, remember your browsing preferences, and in the case of online stores, remember what you have bought. The good thing about cookies is they can contain all this information…the bad thing about cookies is…well…they contain all of this information. This is personal information that could get into the wrong hands. That’s where the problem comes in—cookies personally identify you, and on the Internet, that can result in different kinds of privacy invasions. Although outright identity theft is unlikely, much of the spam you probably receive in your e-mail inbox starts out from information gleaned from cookies.
Understanding Privacy
Internet Explorer 6 provides a collection of settings that can restrict and control cookies. These settings, when effectively used, can help safeguard your personal information and allow you to use sites that manage cookies in an appropriate manner. Previous versions of Internet Explorer allowed you to block all cookies or be prompted each time to accept them, but the use of these features is really impractical. You cannot even log on to some Web sites if you block all cookies, and cookies are used so much that being prompted constantly to accept this and that cookie can drive you crazy.
Internet Explorer 6 supports a standard called the Platform for Privacy Preferences (P3P), which enables Internet Explorer to inspect cookies, determine how they will be used, and then decide what to do about them. The feature is not perfect, and the standard
148
2: Internet Networking
Chapter 6: Using Internet Explorer Advanced Features
is still evolving and being adopted by Web sites, but it is a big step forward in handling online privacy. Before taking a look at your configuration options, let’s first define a few important terms and concepts:
●Compact privacy statement. A compact privacy statement describes how cookies are used on the site and the lifetime that a particular cookie is used. When you access a Web site, the compact privacy statement is contained in the HTTP header of the Web site, and Internet Explorer can read the compact privacy statement when you first access the site. The compact privacy statement works well, but it’s up to individual sites to provide the statement and honestly tell you their privacy policy. Many Web sites on the Internet do not currently provide a compact privacy statement, so the real-world benefit of compact privacy statements is still limited.
●First-party cookie. A first-party cookie is a cookie that is generated and used by the site you are currently viewing. For example, if you go to www.microsoft.com, cookies from www.microsoft.com are first-party cookies. First-party cookies contain information about you and your browser, and are commonly used to tailor site content to your needs.
●Third-party cookie. A third-party cookie originates from a site other than the site you are currently accessing, such as a banner ad or an advertisement that appears on the site you’re visiting. Third-party cookies can be a problem because you do not really know who is using them or what they will do with the personal information contained in the cookie.
●Session cookie. A session cookie is generated during a single session with a Web site and is deleted once the session has ended. In many cases, you cannot use a Web site unless a session cookie can be generated. Session cookies, because they’re deleted when you leave the site, are generally safe and useful. They perform tasks such as keeping track of items in your shopping cart while you’re shopping on a site.
●Implicit and explicit consent. Implicit consent means that you have not blocked a site from using a cookie. In other words, you have not granted permission, but you have not denied it either. On the other hand, explicit consent means that you have chosen to allow a Web site to use or gain personal information about you.
Understanding Privacy Settings
Now that you have taken a look at some basic definitions that privacy settings use, you can turn your attention to configuring privacy settings that work best for you. In Internet Explorer 6, choose Tools, Internet Options, and then select the Privacy tab, which is shown in Figure 6-11 on the next page.
Chapter 6
149
2: Internet Networking
Part 2: Internet Networking
6 Chapter
150
Figure 6-11. The Privacy tab enables you to configure how cookies are handled with the Web sites you visit.
As you can see in Figure 6-11, the Privacy tab has a slider that enables you to select a desired privacy setting. The available standard privacy setting options are described in Table 6-1.
Table 6-1. Privacy Settings for Handling Cookies and What They Do
Privacy Setting |
Action |
Block All Cookies |
All cookies are blocked. Web sites cannot generate any |
|
new cookies, and no existing cookies can be read. |
|
|
High |
Cookies that use personally identifiable information can- |
|
not be generated without your explicit consent. Web sites |
|
that do not have a compact privacy statement cannot |
|
generate cookies. |
|
|
Medium High |
First-party cookies that use personally identifiable infor- |
|
mation are blocked without your implicit consent. Cookies |
|
are blocked from third-party Web sites that do not have a |
|
compact privacy statement. Also, third-party cookies that |
|
use personally identifiable information are blocked with- |
|
out your explicit consent. |
|
|
Medium |
First-party cookies that use personally identifiable infor- |
|
mation without your implicit consent are allowed, but |
|
they are deleted when you close Internet Explorer. Third- |
|
party cookies that use personally identifiable information |
|
without your implicit consent are blocked as well as |
|
third-party cookies that do not have a compact privacy |
|
statement. The medium setting is the default Internet |
|
Explorer setting. |
|
|
2: Internet Networking
Chapter 6: Using Internet Explorer Advanced Features
Table 6-1. (continued) |
|
Privacy Setting |
Action |
Low |
The low setting accepts all first-party cookies. Third-party |
|
cookies are restricted from sites that do not have a com- |
|
pact privacy statement. Third-party cookies that use per- |
|
sonally identifiable information are allowed without your |
|
implicit consent, but the cookies are deleted when you |
|
close Internet Explorer. |
|
|
Accept All Cookies |
All new cookies are allowed and Web sites can read exist- |
|
ing cookies that they generated in the past. |
|
|
To select one of the preconfigured privacy settings, move the slider to the desired position. However, you can also click the Import button to import a privacy policy from another computer, and you can configure some exceptions by clicking the Advanced button.
Configuring Advanced Privacy Options
Clicking the Advanced button on the Privacy tab of the Internet Options dialog box displays the Advanced Privacy Settings dialog box, as you can see in Figure 6-12. This dialog box allows you to override how cookies are handled for the Internet zone.
Figure 6-12. You can use the Advanced Privacy Settings dialog box to override automatic cookie handling.
Once you select Override Automatic Cookie Handling, you can choose Accept, Block, or Prompt for all first-party cookies and for all third-party cookies. You can also choose Always Allow Session Cookies (which are always deleted when you leave the site). Should you use this advanced dialog box? That all depends on your needs.
For some users, the automatic cookie handling settings do not provide the desired support. In this case, you can override these settings and choose how you want to
Chapter 6
151
2: Internet Networking
Part 2: Internet Networking
handle all firstand third-party cookies at all sites regardless of their compact privacy statement policies. Because these settings override the compact privacy statement and apply to all Web sites, the settings tend to be more uniform. But they also tend to be more problematic because the Block option prevents you from using cookies entirely, and the Prompt option can seriously hinder Web browsing because so many prompts appear.
In terms of the Always Allow Session Cookies option, you should typically allow session cookies to be generated so that the Web site can identify your interaction with the site while you are there. Session cookies are typically harmless, and you might find that Web surfing is hindered without them.
If you like, you can try changing these advanced settings and see how they work for you. If you want to see how often cookies are used, try the Prompt settings, and you’ll find out just how many cookies are used when browsing the Internet! The Prompt action also offers a treasure trove of third-party cookies that you’ll encounter on many sites due to their repetitive advertising on those sites. You can then specify these URLs individually to block just their cookies, as described in the next paragraph.
If you don’t choose Override Automatic Cookie Handling, you can still override the privacy settings for specific Web sites you specify. For example, suppose there is a site you regularly visit that contains firstand third-party cookies. However, the site does not have a compact privacy policy, and suppose that your usual privacy settings prohibit first-party cookies from sites with no compact privacy policy. Rather than changing the privacy policy for all your Web surfing, you can simply create an exception for the particular Web site by following these steps:
1On the Privacy tab, click the Edit button to open the Per Site Privacy Actions dialog box, which is shown in Figure 6-13.
6 Chapter
Figure 6-13. Use the Per Site Privacy Actions dialog box to override the current privacy policy for Web sites you list here.
152
2: Internet Networking
Chapter 6: Using Internet Explorer Advanced Features
2Enter the URL of the Web site in the Address Of Web Site box, and then click the Block or Allow button. Choosing Block always blocks the URL’s cookies, and Allow always allows its cookies.
3Web sites that you have blocked or allowed appear in the Managed Web Sites list. To remove an item on this list, select it, and click the Remove button.
Managing Cookies
There are two other actions you can perform concerning cookies. If you are curious, you can open and read the information contained in any of the cookies Internet Explorer has stored. Just follow these steps:
1In Internet Explorer, choose Tools, Internet Options.
2On the General tab under Temporary Internet Files, click the Settings button.
3In the Settings dialog box, shown in Figure 6-14, click the View Files button.
Figure 6-14. To see cookies and downloaded pages and graphics, click the View Files button.
tip The View Files button shows you temporary Internet cookies, but there are also permanently stored cookies attached to your user profile. You can find them in the %UserProfile%\Cookies folder. By default the environment variable %UserProfile% will take you to the C:\Documents and Settings\Username folder, where Username is your Windows XP account name. If you open a Command Prompt window, switch to the drive on which Windows XP is installed (usually drive C), you can go directly to the Cookies folder by typing cd %UserProfile%\Cookies.
4In the Temporary Internet Files folder that opens, sort by file type by clicking the Type column.
Chapter 6
153
2: Internet Networking
Part 2: Internet Networking
5Scroll to see files of type Text Document, and then look for file names that begin with Cookie.
6Double-click one of these files to open it in Notepad. Some of the information will be Web site data, but some might be personal information you are exchanging with the site.
Deleting Temporary Internet Files and Cookies to Improve Performance
Internet Explorer is able to store the amount of temporary Internet files and cookies that you allow it to, depending on the hard disk space configured in the Settings dialog box, as shown in Figure 6-14. However, too many cookies and temporary Internet files can make your Web surfing sluggish. If your Web surfing speed seems to have slowed down over time, try deleting all of the cookies and temporary Internet files. Internet Explorer will start storing them again, but this might help unclog your browsing experience. You can delete both temporary cookies and temporary Internet files by clicking the appropriate buttons on the General tab of Internet Options. Also, take a look at the permanent cookies stored in %UserProfile%\Cookies. You might find a number of cookies that are no longer needed. Consider deleting those as well to help speed up Internet Explorer.
You might also have noticed that Internet Explorer automatically allocated a percentage of your hard disk space to storing temporary Internet files. If you'd like to free up that space for other purposes, you can enter a smaller value in the MB field of the Settings dialog box shown in Figure 6-14, or adjust the Amount Of Disk Space To Use slider.
You can check out cookies that are blocked and also view a site’s compact privacy policy if you are so inclined. When a cookie is blocked for the first time, you will see the notification dialog box, which is shown in Figure 6-15. Note that a blocked cookie icon appears on your Internet Explorer status bar. The status bar is typically visible at the bottom of the Internet Explorer window, but if you do not see it, choose View, Status Bar to display it.
6 Chapter
Figure 6-15. This notification appears when a cookie is first blocked.
154
2: Internet Networking
Chapter 6: Using Internet Explorer Advanced Features
If you want to find out more about the blocked cookies, just double-click the blocked cookie icon on the Internet Explorer status bar. You’ll see the Privacy Report dialog box, shown in Figure 6-16, that tells you which cookies were blocked when you visited the current site. You can then double-click a blocked listing to find out more about the site’s compact privacy policy if one exists.
Figure 6-16. You can access this window to see which site cookies have been blocked.
In addition, if you want to review privacy policy and cookie information for a site that doesn’t show you a blocked cookie icon on the status bar, go to the site and choose View, Privacy Report. In the Show box, select All Web Sites, and you’ll see a list of all Web sites with content on the current page as well as whether any cookies have been accepted. (If any cookies on this site had been blocked, you would have seen the blocked cookies icon on the status bar.)
tip Internet Explorer helps you control cookie usage and protect your privacy, but there are additional third-party utilities that can give you a finer level of control. Cookie Pal is a good one that works with Internet Explorer 6 and Windows XP, and you can check it out at www.kburra.com/cpal.html. For more information about utilities for managing potentially intrusive cookies, see “Managing EFS,” page 595.
Content Settings
Internet Explorer 6 provides content settings that enable you to control the sites that can be accessed by Internet Explorer. The content settings feature can be a great way to stop pornographic, violent, racist, or hatred content from being displayed on your
computer. Although content settings are a valuable feature, they depend on Web sites rating themselves in a fair and honest way, so the feature is not foolproof. If you want to
155
Chapter 6
2: Internet Networking
6 Chapter
156
Part 2: Internet Networking
configure content settings to help prevent your children from seeing offensive content, use the Content Advisor explored later in this section. But you should also investigate such third-party software products as CYBERsitter (www.cybersitter.com) or Net Nanny (www.netnanny.com). With these tools and your supervision, the Internet can be a safe place for your family members.
How Content Rating Works in Internet Explorer
Web sites can provide a rating so that Internet Explorer knows whether to allow or block a site. If a Web site wants to provide a rating, the Web site administrator completes a form at the Internet Content Rating Association (ICRA) Web site. This site then evaluates the administrator’s responses and provides a label for the Web site to apply. When you or your children attempt to view the site in Internet Explorer, the site’s rating label is read, and Internet Explorer takes the appropriate action, depending on how you have configured the content settings. The ICRA is an independent organization and is not a censor, so the rating of the site fully depends on how the administrator responds to questions in the application. In a nutshell, the site’s rating has a lot to do with the honesty of the site administrator. However, most sites that want a rating do so in the best interest of privacy and protecting children.
tip You can learn more about the ICRA at www.rsac.org/ratingsv01.html.
The ICRA ratings are based on language, nudity, sexual content, and violence. You can use Internet Explorer to adjust the levels of each you want users to be able to view when using Internet Explorer. You can also assign a supervisor password to the content settings you select so that the configuration cannot be overridden by your children or others without access to the password.
Enabling and Configuring Content Advisor
To enable and configure Content Advisor, follow these steps:
1Choose Tools, Internet Options, and then select the Content tab.
2Click the Enable button. The Content Advisor window appears with four configuration tabs.
3Select the Ratings tab, shown in Figure 6-17, and you will see a list of rating categories: Language, Nudity, Sex, and Violence. Select one of the categories, and then move the slider to the level of content you want to allow users to view. Note that each category starts at Level 0 at the far left, which is the least offensive, most censored setting. Adjust each of the categories as desired, and then select the Approved Sites tab.
2: Internet Networking
Chapter 6: Using Internet Explorer Advanced Features
Figure 6-17. Select a category and move the slider to the desired level of viewing.
4On the Approved Sites tab, override the settings that you configured on the Ratings tab by entering specific Web site addresses and clicking the Always or Never button. Always will allow anyone to see the site without a supervisor password. Although the tab is named Approved Sites, by entering a URL and clicking Never, you are really disapproving the site because the user will always be prompted for the supervisor password to view the site, effectively blocking it. After entering any sites you want to explicitly allow or block, select the General tab.
5On the General tab, shown in Figure 6-18 on the next page, you are provided with the following configuration options:
■Users Can See Sites That Have No Rating. This option should not be used if you are trying to secure the computer from harmful content. Just because a site contains inappropriate content does not mean that it has a rating. By leaving this check box cleared, if a site does not have a rating, Content Advisor will display a prompt that requires the user to enter the supervisor password before viewing the site. Entering passwords for all unrated sites can cause some surfing frustration, but it is the safest setting.
■Supervisor Can Type A Password To Allow Users To View Restricted Content. You should always keep this setting selected so that you can override any site prohibitions with the supervisor password if needed unless you fear that another user might guess the password (in which case you should choose a better password). If you do clear this check box and decide you want to access a prohibited page, you’ll have to disable Content Advisor entirely, at least temporarily.
Chapter 6
157
2: Internet Networking