O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Protecting Your Computer While Browsing
|
223
3. You’ll then see a list of ActiveX controls and other add-ons in this category.
4. Click the add-on you want to work with.
5. To disable the add-on, click Disable to prevent the add-on from running in Inter-
net Explorer.
6. To enable the add-on, click Enable to allow the add-on to run in Internet
Explorer.
7. To delete the add-on if you previously downloaded it, click Delete. The add-on
is then removed from Internet Explorer.
Understanding Web Address and Domain Restrictions
In Internet Explorer, the component responsible for parsing web addresses and
determining domain name and location components is the Universal Resource Loca-
tor (URL) handler. URLs are simply the formal names of web addresses and other
types of addresses that you can use to universally locate resources on the Internet.
While the URL handler is extracting the domain name and location components
from a web address, it performs several checks to ensure the validity of the web
address and prevent possible URL parsing exploitations, such as URLs that attempt
to run commands or URLs that perform suspect actions. These checks are new for
Internet Explorer 7.
As part of its new features, Internet Explorer 7 supports both standard English
domain names and internationalized domain names. English domain names are
domain names represented using the letters A–Z, the numerals 0–9, and the hyphen.
Internationalized domain names, also referred to as IDNs, are domain names repre-
sented using native language characters.
Unfortunately, as sometimes happens when new features are introduced, Internet
Explorer’s support for internationalized domain names makes it possible to create
lookalike domain names for popular and trusted sites. For example, someone might
create a site at http://www.micrósoft.com and if you didn’t look really closely at the
domain name, you could be fooled into believing you were accessing http://www.
microsoft.com.
To help ensure that international characters aren’t used to make a site seem like
something it isn’t, Internet Explorer implements international domain name anti-
spoofing. International domain name antispoofing is designed to warn you against
sites that could otherwise appear as known, trusted sites. Thanks to this feature,
you’d receive a warning notification about possible spoofing if you clicked on a link
to http://www.micrósoft.com.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required