Re: Can we prevent IE exploits a priori?
> So I wanted to know, has anyone tried these programs successfully?
> Can anyone validate their claims?
> Better yet, does anyone have a link to a "how to" doc, that tells smart
> geeks how to make the registry changes ourselves, so we don't have to rely
> on some program to do it for us?
How about this: a sandbox that you can run IE in, controling things like:
-ShellExecute() calls such that only selected programs can be started
by IE, say Notepad, Real Player, but not the MS-Help tool?
-truly prevents Java Script from running (IE had bugs in the past that
allowed running javascript-code even if it was turned of)
-Only allow selected activeX controls to load (acrobat reader etc.)
-Deny TCP connections to certain sites
etc. etc.
http://www.heise.de/ct/ftp/projekte/iecontroller/
This software is free, sourcecode available (though not GPL!), but unfortunately
the documentation is in German. It was build by one of the German
computer magazines (c't). If anybody is truly bored and speaks German,
a GPLed version of this would be incredibly useful. I also think that can do
more than some registry hacks.
-Markus