grc.com "SheildsUp" lowers IE7 Internet zone security setting ?

R

RJK

Just set up TalkTalk BB / SmartAX MT882 adsl modem/router for a friend:-
2005 Huawei Technologies Co., Ltd
http://www.huawei.com/products/terminal/products/view.do?id=121
Installed ZA, and set IE7's Internet security Zone slider to High, ...and
whilst tweaking things up, and wading around the ridiculous html menus in
the router, to check that NAT was on etc, I went to grc.com | Shields Up and
it reported that port 80 was open, and lots of other service ports were not
stealthed.

Then I noticed that IE7's Internet security zone "slider" had vanished, as
if Custom settings had been set, so I set Default and then yanked it back up
to High, cleared TIF and Cookies, repeated the "Shields up" test whilst
yanking that slider back up to High each step of the way and eventually got
a "Perfect" result.

So, it looks like Steve Gibson can change a persons IE7 Internet Zone
Security settings !!

Anyone know how to prevent this, other than not using Steve Gibsons "Shields
Up."

I think it's a bit of a dirty trick to reduce a customers security settings,
and then report that his port stealthing is inadequate !

regards, Richard
 
E

Ed Metcalfe

So, it looks like Steve Gibson can change a persons IE7 Internet Zone
Security settings !!

I think it's a bit of a dirty trick to reduce a customers security
settings, and then report that his port stealthing is inadequate !

regards, Richard
Click to expand...
<snip>

Richard,

grc.com doesn't use any client-side scripting at all so Steve is
*definitely* not changing any IE settings.

Ed Metcalfe.
 
S

Straight Talk

Just set up TalkTalk BB / SmartAX MT882 adsl modem/router for a friend:-
2005 Huawei Technologies Co., Ltd
http://www.huawei.com/products/terminal/products/view.do?id=121
Click to expand...
Installed ZA,
Click to expand...

You installed ZA on his machine? I thought you said he was your
friend?
and set IE7's Internet security Zone slider to High, ...and
whilst tweaking things up, and wading around the ridiculous html menus in
the router, to check that NAT was on etc, I went to grc.com | Shields Up and
it reported that port 80 was open, and lots of other service ports were not
stealthed.
Click to expand...
Then I noticed that IE7's Internet security zone "slider" had vanished, as
if Custom settings had been set, so I set Default and then yanked it back up
to High, cleared TIF and Cookies, repeated the "Shields up" test whilst
yanking that slider back up to High each step of the way and eventually got
a "Perfect" result.
Click to expand...

What makes you believe that what "Shields Up" reports has anything to
do with your browsers security settings?
So, it looks like Steve Gibson can change a persons IE7 Internet Zone
Security settings !!
Click to expand...

Not very likely. It obviously also didn't occur to you that if you
could set IE's security settings to high and some random web page was
able to change that, then first of all IE would have a serious
problem.
Anyone know how to prevent this, other than not using Steve Gibsons "Shields
Up."

I think it's a bit of a dirty trick to reduce a customers security settings,
and then report that his port stealthing is inadequate !
Click to expand...

I think it's a bit of a dirty trick to mangle with a friends system
when you have no clue about what you are doing.
 
R

RJK

Oh ! ...well all I can say is "you try it then."
After I got home, and just before I posted, I tried it on my PC at home and
got the same effect !

Start with IE7 Internet Zone slider set to High | go to grc.com Shields up |
and check Common ports.
AND each step of the way check to see if IE7 Internet Zone slider is still
there !!
I think it happens when URL changes from http to https

regards, Richard
 
R

RJK

Oh ! ...well all I can say is "you try it then."
After I got home, and just before I posted, I tried it on my PC at home and
got the same effect !

Start with IE7 Internet Zone slider set to High | go to grc.com Shields up |
and check Common ports.
AND each step of the way check to see if IE7 Internet Zone slider is still
there !!
I think it happens when URL changes from http to https

regards, Richard
 
R

RJK

Straight Talk said:
You installed ZA on his machine? I thought you said he was your
friend?
Click to expand...

....that's a good start, INSTANT indication that you don't know what you're
talking about !
....I thought I'd start with that seeing as that's what you say at the end of
your silly comments.
....Why bother to respond if you haven't got anything sensible or
constructive to say !
What makes you believe that what "Shields Up" reports has anything to
do with your browsers security settings?
Click to expand...

....you're kidding !!!
Not very likely. It obviously also didn't occur to you that if you
could set IE's security settings to high and some random web page was
able to change that, then first of all IE would have a serious
problem.


I think it's a bit of a dirty trick to mangle with a friends system
when you have no clue about what you are doing.
Click to expand...

....from your comments, it's clear that it is you who haven't a clue !
....quite why I wasted my time here I don't know !
 
K

Kayman

RJK said:
Just set up TalkTalk BB / SmartAX MT882 adsl modem/router for a friend:-
2005 Huawei Technologies Co., Ltd
http://www.huawei.com/products/terminal/products/view.do?id=121
Installed ZA, and set IE7's Internet security Zone slider to High, ...and
whilst tweaking things up, and wading around the ridiculous html menus in
the router, to check that NAT was on etc, I went to grc.com | Shields Up
and it reported that port 80 was open, and lots of other service ports
were not stealthed.

Then I noticed that IE7's Internet security zone "slider" had vanished, as
if Custom settings had been set, so I set Default and then yanked it back
up to High, cleared TIF and Cookies, repeated the "Shields up" test whilst
yanking that slider back up to High each step of the way and eventually
got a "Perfect" result.

So, it looks like Steve Gibson can change a persons IE7 Internet Zone
Security settings !!

Anyone know how to prevent this, other than not using Steve Gibsons
"Shields Up."

I think it's a bit of a dirty trick to reduce a customers security
settings, and then report that his port stealthing is inadequate !
Click to expand...

http://www.google.com/search?q=steve+gibson+sucks

http://www.nerdnet.com/?q=node/11
"In case you don't know what a complete f.ing moron Steve Gibson is..."

http://www.securityfocus.com/columnists/382?ref=rss
"...Gibson has a bad track record: a history of latching onto arcane issues
that he doesn't fully understand and can never prove, and converting his
limited understanding into fodder for the next internet melt-down."

....don't shoot the messenger :)
 
S

Straight Talk

http://www.securityfocus.com/columnists/382?ref=rss
"...Gibson has a bad track record: a history of latching onto arcane issues
that he doesn't fully understand and can never prove, and converting his
limited understanding into fodder for the next internet melt-down."

...don't shoot the messenger :)
Click to expand...

Anyway, if a web page can change security settings in an IE with it's
security settings set to high, first and foremost IE has a problem.

I'm sure the OP's observation is caused by something else. Could well
be ZA.
 
E

Ed Metcalfe

RJK said:
Oh ! ...well all I can say is "you try it then."
After I got home, and just before I posted, I tried it on my PC at home
and
got the same effect !

Start with IE7 Internet Zone slider set to High | go to grc.com Shields up
|
and check Common ports.
AND each step of the way check to see if IE7 Internet Zone slider is
still
there !!
I think it happens when URL changes from http to https

regards, Richard
Click to expand...

Yep, I get the same thing too. I also get it on Yahoo Search, Google and
several others I've tried. It isn't dirty tricks from Steve Gibson.

Ed Metcalfe.
 
E

Ed Metcalfe

Straight Talk said:
Anyway, if a web page can change security settings in an IE with it's
security settings set to high, first and foremost IE has a problem.

I'm sure the OP's observation is caused by something else. Could well
be ZA.
Click to expand...

Definitely not ZA. I've tried it and get the same results (without running
ZA).

Ed Metcalfe.
 
R

Rob ^_^

Hi All,

Same here. Slider control does not appear on the Internet Zone when Level is
Custom. Click the Default Level button and the Slider will re-appear.

Regards.
 
R

RJK

Thanks for that.

regards, Richard


Ed Metcalfe said:
Yep, I get the same thing too. I also get it on Yahoo Search, Google and
several others I've tried. It isn't dirty tricks from Steve Gibson.

Ed Metcalfe.
Click to expand...
 
R

RJK

Thanks for the "anti" - Steve Gibson links. I've read quite a few of them
across the years, they're always entertaining !

regards, Richard
 
T

Tom [Pepper] Willett

....and always true ;-)

| Thanks for the "anti" - Steve Gibson links. I've read quite a few of them
| across the years, they're always entertaining !
|
| regards, Richard
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

grc.com | ne.dll 2
IE7 GPO Proxy issues 2
tools>internet options>security tab 1
Security setting for internet zone 4
Zone Alarm + Windows Xp: Loss Of Internet Access 10
Vista Security Settings 2
Options -> Security -> Zone -> Internet printing 2
Reset "Local Machine Zone" Security settings to default... 2

Top