Adding unwanted sites to the Internet Explorer Restricted Zone

You can manually add an entry to the Restricted Zone or use either of the applications listed below (highly recommended) which contains most of the major ad servers, hijackers, dialers and parasites. This will help prevent installs of unwanted software. This also greatly reduces the amount of unwanted pop-ups! New to Internet Explorer is the ability to add IP addresses to the Restricted Zone. You'll find many times these parasites use an IP address rather than a URL. They do this to avoid being blocked by an entry in a HOSTS file. However you can still add a layer of protection to your system by adding those IP addresses to the Restricted Zone. Editors Note: adding a large amount of sites to the Restricted Zone in Windows can cause slow-down problems in Outlook/Windows Mail and possibly other applications. You can reduce the amount of entries by the use of Wildcards, so rather than adding a huge amount of DoubleClick entries, you can use (example) *.doubleclick.net

 

	These now includes most major parasites, dialers and hijackers!
	SpywareBlaster now has the ability to add sites to the Restricted Zone. SpywareBlaster Support Forum | Javacool Software Knowledge Base Note: Not recommended for Windows Vista - this is due to the way ActiveX is now handled.
	ZonedOut - Restricted Zone Manager (2K/XP/Vista) Note: the IE-SpyAd program has been discontinued. The existing list of sites is no longer valid, as it contains a huge amount of sites that either no longer exist or are "Parked" and no longer a threat ... sadly I know of no viable alternate ...

To determine sites that are getting thru your Layered Protection

Clear your browser cache, then browse for a while. Then close any open browser windows, go to:
Internet Options | General [tab] | Settings [button] | View Files [button]

Next: click the "Internet Address" header to sort the files by URL. Scroll the list, if you find a undesired address, either a URL or IP address - right-click the culprit in the "Name" header, and select: Properties. From there you can copy the entry. Once you have determined that this is an undesired site add the entry to the "Restricted Zone". In the event you are not sure, you can usually determine the "owner" from DomainTools or DNSstuff.

To remove all the sites listed in the Restricted Zone

Download: DelDomains.inf - Right-click and select: Save Target As
To use: right-click and select: Install (no need to restart - there is no on-screen action)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. DelDomains was revised (01-16-05) to include the "Enhanced Security Configuration Zones" as some of these newer infections are targeting the "Enhanced" Zone.

Microsoft decided to group both Zones into the same registry key [duh!] To remove individual entries: Click "Sites", highlight the entry - Click Remove. Also new to IE7 the "Reset Internet Explorer settings" will remove all sites in the Trusted and Restricted Zones.

Setting the Restricted Zone

Internet Options | Security tab and highlight the Restricted icon Click the Custom Level button and set all sections to Disable. Note: do not disable the Pop-up blocker or the Phishing Filter. This will prevent any sites listed from running ActiveX or Javascript file or installing files. Note: this will also prevent you from mistakenly downloading files from a listed site. (pop-up image on the right)

Setting the Internet Zone for Additional Security

There are quite a few new categories and settings in IE7. The default has been increased from Medium to Medium-High. However there are still a few options that need to be reset to harden the Internet Zone.

Font Download = reset to Disable ... don't worry the page will still display properly ...

Launching programs and files in a IFrame = reset to Disable ...
This is the single most exploited setting in Internet Explorer!
There are no legitimate sites that I know of that use this option ...

Websites in less privileged web content can navigate into this zone = reset to Disable
This affects sites that are added to the Restricted Zone ... so no you don't want them doing anything!

Editors Note: changing other setting my affect how websites are displayed or may cause problems with them displaying correctly. If you do set your own preferences and experience problems or prompts, simply reset the Zone to the default and start over again ...

Next: Click on the "Content" tab, Click the "Publishers" button
By default you should not have anything listed under "Trusted Publishers"
You can ignore the "Trusted Root Certification Authorities" section.
Highlight and click "Remove" any unknowns, click Ok. Why? read the below carefully.
Editors Note: a good example of this unsavory practice is eTrust.Win32.Wintrim.U

List of Trusted Publishers and Credentials Agencies This list controls whose software can be installed on your system without asking you first. The list can contain both individual software publishers and commercial software publishers. Software that has been published by a publisher in this list can be installed without your explicit approval. The list can also contain one or more credentials agencies. Similar to a notary, a credentials agency is an organization in the business of attesting to the identity of software publishers. If a credentials agency is in this list, then any publisher certified by that agency is considered trusted, allowing software they publish to be installed on your system without asking you first.

Add new Menu Items to Internet Explorer

You can also add several new right-click menu items for IE by installing the 3 free Web add-ons.
(from Microsoft) This includes "Add to Restricted Zone" and "Add to Trusted Zone". Yes these work in IE6 and IE7/XP.

• More Internet Explorer add-ons

Testing your Setup

• PC Flank Browser Test
• Jason's Toolbox Browser Security Tests
• Securing Your Web Browser - includes options for alternate browsers

Various Troubleshooting Articles

• How to Use Security Zones in Internet Explorer
• How to Use Wild Cards When You Add Web Sites to Security Zones
• Restricted Web Site Uses Internet or Local Intranet Zone Security Settings
• Problems Adding Top-Level Domains to Zone Sites List
• Description of Internet Explorer Security Zones Registry Entries
• A New Window Appears When You Visit Some Web Sites
• How to strengthen the security settings for the Local Machine zone in IE
• How to Configure Enhanced Security Features for Internet Explorer XP (SP2)

Editors Note: some of these newer parasites have been adding themselves to the "Trusted Zone" to bypass common security measures. There is no easy method to detect these new entries, you can either check them manually by highlighting the Trusted Zone icon, and press the Sites button. Or you can run HijackThis!, the new version detects Trusted Zone entries.

[Example]
O15 - Trusted Zone: *.pluginaccess.com
Note: this Dialer adds itself to the Trusted Zone during the install. To avoid this, place the site in the Restricted Zone - the thought being IE will not allow the same site to exist in two zones.

Important There are now a whole host of Trojans that will write multiple sites to the Trusted Zone. The majority of these culprits are now entries in the HOSTS file and marked as:  [Trojan.TrustedZones] You can add another "Layer of Protection" by using Microsoft Anti-Spyware which monitors the entries added to the Registry.

Copyright © 1998 - 2007 All rights reserved.
http://www.mvps.org/winhelp2002/restricted.htm