Configuring Microsoft products for safety, security and privacy
Permitting 'trusted senders' to 'download' richer content - Web sites
Occasionally you will want or need to see a web site
(OR AN E-MAIL - see How to trust an e-mail)
as the sender intended you to view it - images, interactivity etc..
To view a Web Site with full graphics/interactivity "etc." and associated risks
By taking our advice you will have disabled certain MS features that
are by far the biggest security holes for the consumer in the MS product line.
The consequence of this change is that highly interactive sites that previously
worked may not function correctly without intervention - they need to
95% of the sites that have problems can be made to function as
intended by promoting them from the "Internet Zone" (level 2) to one higher -
the "Local Intranet" (3) or even the "Trusted" (4) zone.
There are caveats to doing so - see How to trust a web site for the full details
of setting this up in the first place.
To promote a site from the (now restricted!) Internet Zone
THIS PAGE is intended to show how to simply add a site to an elevated
zone in MSIE (N.B. Microsoft Internet Explorer - doesn't work in Firefox!)
When browsing - the simplest approach to elevate a site is to double
click on the Zone indicator within Internet Explorer at the very bottom
right of the browser window - see image to right:
You will see four Zone icons across the top of a window.
Simply click on the Local or Trusted Zone as appropriate -
on the whole very, very few sites need to be in the Trusted zone because
you should keep that for sites that you KNOW will need to take actions
which are inherently risky - the classic one is Windows Update which
makes fundamental changes to your PC every time it makes an update.
The Local (or LAN) Zone is for those sites that you trust not to harm
your PC but don't need any serious control over your PC other than to do
things like show you web-based material in interesting formats etc.
If you have chosen the latter then the next popup will NOT appear
as it is only relevant for Local Area Network connections which includes
Wireless (a.k.a. WiFi) networks.
Then Click on "Sites" which is a button which will only become clickable
when you select a zone other than Internet Zone.
After clicking 'Sites' you will one of the next two popups
that are shown below.
IF you have chosen "Local Intranet Zone" which is symbolised
by a small picture of a Globe with a PC in front of it then you will see
the popup to the right, if not then skip this part of the operation.
En-route to adding specific sites you will always be prompted for some
generic inclusions - unless you know what you are doing you should disable
all of these as anyone who (for instance) managed to encroach on your
Wireless LAN could potentially trick you into running code from a dummy site
which they could have running on a Laptop in a nearby Car Park for criminal
If in doubt you should check that all of the prompts that start with the
words "Include all" are DE-selected as illustrated
and then click on "Advanced".
If you have chosen the "Trusted" zone you get straight to this popup.
You can then enter the Web Site address that you wish to be promoted
(e.g. www.tony-blair.gov.uk) and then click on "Add".
If there is a prompt
"Require server verification (https:) for all sites in this zone"
then de-select it - i.e. no tick in the box.
The restriction of requiring 'https' makes the use of zones almost impossible
while adding little additional security in real terms.
That choice will be remembered.
Adding sites is straightforward and IE may offer the site for you to add
without typing... on the whole be specific if the site is very large - e.g.
microsoft.com then you might add these four:
this would allow 3 subdomains and 1 folder (prefix to microsoft.com
like the first 3 above and one suffix - the last example).
This would ensure that only those sites that are tightly managed to
provide very specific facilities and content were allowed to take over
your browser to the extent needed to update your PC.
An * at the front permits all subdomains, e.g. *.bbc.co.uk includes
news.bbc.co.uk as well as www.bbc.co.uk.
If you then click on "OK" 2-3 times! you should find that the site will now
have a changed symbol in the status bar at the bottom of MSIE which shows
that the site is being treated as "Local Intranet" (or "Trusted")
rather than "Internet".
If it says 'Mixed' then see Notes¹.
- If it says 'Mixed' then you can be sure that the web developers have
made life difficult because they have split their content across multiple
servers for some reason.
eBay is a classic example of this in that they use all sorts of odd names:
*.ebayimg.com, *.ebaystatic.com are examples.
However - eBay is NOT a site that I would suggest that you trust ANYWAY.
Not that I have any malevolence towards them but they have a huge amount
of content that is not actually within their control as anyone can sell
items on eBay and submit their descriptions.
I hope that has been useful. Any Comments, suggestions or corrections
to: Contact us please.
This would be especially useful if the software environment you have is
different to mine and the headings, text or prompts are different.