With user accounts, you can customize and personalize Windows for each user on your computer. Each user can have their own Documents folder and list of Web favorites, customize computer preferences, and protect private files. When you set up a new user account, the account appears on the Welcome screen, where the new user can log on. You can use User Accounts in the Control Panel to add or delete user accounts, create a guest account, change a user’s group or account type, change the way Windows starts, change the account picture, and set, change, and reset an account password.
Keeping your computer safe and secure is a continuing battle. With the Windows Security Center, you can manage computer security from one place. The Security Center makes it easy to find information about the latest virus or security threat, check the status of essential security settings, and quickly get support from Microsoft for a security-related issue.
While you’re browsing the Internet or working in your e-mail program, you need to be aware of viruses and other harmful attacks so you can protect your computer from being infected by one. Internet Explorer and Windows Mail include security enhancements to help you make your computer more secure. In Internet Explorer, you can create security zones to designate trusted web sites, set web site ratings to restrict user access, clean up Internet files and information, and manage cookies to protect your personal identity from unauthorized access. If you’re tired to closing unwanted pop-up ads, you can use Pop-up Blocker in Internet Explorer to prevent most pop-up windows from appearing. In Windows Mail, you can select a security zone, set options to prevent viruses in attachments and spam, and send secure e-mail using digital IDs and encryption.
Windows Vista provides several ways to secure your computer.
For a shared or workgroup computer, there are two main types of user accounts: administrator and standard. For a domain network computer, different account types (administrator, standard user, restricted user) provide similar permissions as the ones on a shared or workgroup computer.
The administrator account is for the person who needs to make changes to anything on the computer as well as manage user accounts. An administrator account can install programs and hardware, make system-wide changes, access and read all non private files, create and delete user accounts, change other people’s accounts, change your own account name, type and picture, and create, change, or remove your own password.
The standard account is for the person who needs to manage personal files and run programs. This account cannot install software or hardware, or change most computer settings.
The guest account doesn’t have a password for easy access and contains more restrictions than the standard account. The guest account is disabled by default and needs to be turned on.
You can also create a user group, which is a collection of user accounts that all have the same security rights. The most common user groups are the standard user and administrator. A single account can be a member of more than one group.
Use the Security Center to check your security settings—Window Firewall, Automatic Up-dates, and antivirus software—and learn how to improve the security of your computer.
If an option displays the Security Center icon (New!) next to it, you need to enter the administrator password or provide confirmation when prompted by the User Account Control (UAC). This adds an additional level of security to keep your computer secure. If you don’t need the security (not recommended), you can turn it off in User Accounts.
Windows Firewall is a security system that creates a protective barrier between your computer or network and others on the Internet. Windows Firewall monitors all communication between your computer and the Internet and prevents unsolicited inbound traffic from the Internet from entering your computer. For more information on Windows Firewall, see “Connecting to the Internet” on page 135 and “Setting Up Windows Firewall” on page 137.
Windows Automatic Updates allows you to keep your computer up-to-date with the latest system software and security updates over the Internet. For more information, see “Updating Windows” on page 440.
Internet Explorer provides security zones to browse secure web sites and a rating system to screen content, protects personal information and your privacy on the Internet, blocks pop-up ads, and displays information to help you make security decisions. For more information, see “Understanding Security on the Internet” on page 332.
Windows Mail provides security zones to help you determine whether or not to run potentially harmful content from inside an e-mail, prevents your e-mail program from sending mail with your e-mail address to contacts in your address book (which is a common way propagate a virus), and stops pictures and other content from automatically downloading inside and e-mail to your computer (which is a common way spammers confirm your e-mail address to send more spam). For more information, see “Sending and Retrieving a File” on page 180 “Reading and Replying to E-mail” on page 178, and “Protecting Against E-mail Attacks” on page 345.
Another way to protect the files on your computer is to use the built-in security provided by the NTFS file system. The NTFS file system is available for Windows NT-based computers, which doesn’t include Windows 95, Windows 98, or Windows Me. You can select your hard disk in the Computer window and display Details on the task pane to determine whether your computer uses the NTFS file system.
The NTFS file system provides additional security for your files and folders. You can make a folder private, use the advanced Encrypting File System (EFS) to protect sensitive data files on your computer. If someone tries to gain access to encrypted files or a folder on your computer, a unique file encryption key prevents that person from viewing it. While these security options are more advanced, they could be helpful for securing very sensitive information. For more information, see “Encrypting Files for Safety” on page 328.
Knowing your enemy (harmful intruders) can help you make safe computing decisions that lead to a secure computer rather than unsafe ones that lead to potential disaster. For information, see “Avoiding Viruses and Other Harmful Attacks” on page 330.
If you have an administrator account or are a member of the Administrators group, you can create a new user account or delete an existing one. When you add a new user to your computer, Windows creates a separate identity, allowing the user to keep files completely private and customize the operating system with personal preferences. The name you assign to the user appears on the Welcome screen and the Start menu. The steps to add and delete user accounts differ, depending on whether your computer is part of a domain network or shared/workgroup computer.
Click the Start button, and then click Control Panel.
Double-click the User Accounts icon in Classic view.
Click Manage another account.
Click Create a new account.
Type an account name.
Click the Administrator option, or click the Standard option.
Click Create Account.
Click the Close button.
Did You Know?
You can delete an account. In User Accounts, click the account you want to remove, click Delete the account, click Keep Files to save account file to the desktop or click Delete Files, click Delete Account, and then click the Close button.
You may need administrator access to make security changes. If a security option displays the Security Center icon (New!) next to it, you need to enter the administrator password or provide confirmation when prompted to make a change.
- Double-click the User Accounts icon in Classic view, and then click Manage User Accounts.
- Click Add.
- Type a user name and domain, and then click Next to continue.
- Click a user access level option: Standard user, Administrator, or Other.
- Click Finish.
- Click OK.
Did You Know?
You can delete an account on a domain network. In the User Accounts dialog box, click the Users tab, select the user you want to delete, click Remove, click Yes to confirm, and then click OK.
You can turn User Account Control on or off. In the User Accounts dialog box, click Turn User Account Control on or off, select or clear the User Account Control (UAC) to help protect your computer check box, click OK, and then click the Close button.
If you have an administrator account or are a member of the Administrators group, you can create a guest account. A guest account provides access to a computer for anyone who doesn’t have a user account. The steps to create a guest account differ, depending on whether your computer is part of a domain network or shared/workgroup computer.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view, and then click Manage User Accounts.
- Click the Advanced tab, and then click Advanced.
- Click Users.
- Double-click the Guest icon.
- Clear the Account is disabled check box.
- Click OK, and then click the Close button.
- Click OK.
If you have an administrator account or are a member of the Administrators group, you can change a user’s account type or user group on a domain network. A user account or group grants permissions to a user to perform certain types of tasks based on the account type or user group (domain network). The steps to create a guest account differ, depending on whether your computer is part of a network domain or shared/workgroup computer.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view.
- If you want to change another account, click Manage another account, and then click the user’s account name.
- Click Change your account type or Change the account type.
- Click an account type option.
- Click Change Account Type.
- Click the Close button.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view, and then click Manage User Accounts.
- Click the Users tab.
- Select the user account name you want to change.
- Click Properties, and then click the Group Membership tab.
- Click the group you want.
- Click OK, and then click OK again.
For added security, you can require users to use Ctrl+Alt+Delete (or Ctrl+Alt+Del) before they can select a user account and enter a password. This prevents other programs, such as spyware or a virus, from getting your user name and password as you enter it without your consent. When you lock your computer or switch users, the security option also requires users to press Ctrl+Alt+Delete.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view, and then click Manage User Accounts.
- Click the Advanced tab.
- Select the Require Users To Press Ctrl+Alt+Delete check box.
- Click OK.
Did You Know?
You can also change the logon security on a workgroup network. Open the User Accounts dialog box, click the Advanced tab, select the Require users to press Ctrl+Alt+Delete check box, and then click OK. To open the User Accounts dialog box, you can type NetplWiz.exe in the Run dialog box (click the Start button, point to All Programs, click Accessories, and then click Run), or click the link in the “Enable or disable secure logon” help topic in Windows Help and Support.
When you log on to Windows, the Welcome screen appears, displaying a list of user accounts with a picture next to each one. When you complete the logon process, the picture associated with your account appears at the top of the Start menu along with your user name. This identifies you as the current user of the computer. You can change the picture to suit your own personality. Changing your account picture is not available for computers on a domain network.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view.
- If you want to change another account, click Manage another account, and then click the user’s account name.
- Click Change your picture or Change the picture.
- Click the picture you want.
- Click Change Picture, or click Browse for more pictures and double-click the picture you want.
- Click the Close button.
If you don’t have a password associated with your user account, anyone can access your files. A password controls who has access to your files. When you create a password, enter one that is easy for you to remember, yet difficult for others to guess. Good passwords are typically at least seven characters and include letters (uppercase and lowercase), numbers, and symbols. Once you create a password, you can always change it.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view.
- If you want to change another account, click Manage another account, and then click the user’s account name.
- Click Change your password, Change the password, or Create a password.
- Type a password, and then type it again.
- Type a hint that reminds you of the password.
- Click Change password or Create password.
- Click the Close button.
If you have ever forgotten your password, you understand how important it is to write it down. However, writing down a password is not very secure. You can create a Password Reset disk, either a floppy disk or USB flash drive, to help you log on and reset your password. If you have any security credentials and certificates on your computer, the Password Reset disk restores them. If you have forgotten your password and don’t have a Password Reset disk, you can ask your administrator to reset it for you. Resetting your password also erases any security credentials and certificates on your computer.
- Click the Start button, and then click Control Panel.
- Double-click the User Accounts icon in Classic view.
- Insert a blank disk in the Floppy drive or USB Flash drive.
- In the Tasks pane, click Create a password reset disk.
- Follow the instructions in the Forgotten Password Wizard to create a password reset disk.
Did You Know?
You can reset your password at the welcome screen. At the Welcome screen, click the Help button to see your password hint, and then type the password if you remember it. If you don’t, click the arrow. Click Reset password, and then follow the instructions in the Password Reset Wizard to create a new password. Type your new password, and then press Enter.
If you are working on sensitive material and need to leave your computer unattended for a while, you can lock it so that no one can use it without your permission. While your computer is locked, all your programs continue to run. When you return to your computer, you can access your computer in the same way you started Windows. If the Ctrl+Alt+Del security option is enabled, you are required to press Ctrl+Alt+Del before you can enter a password.
- Click the Start button, and then click the Lock button.
- If the Ctrl+Alt+Del screen appears, press Ctrl+Alt+Del.
- At the Welcome screen, click your name (if prompted), type your password, and then press Enter.
See Also
See “Starting Windows Vista” on page 4 and “Switching Users” on page 22 for information on logging on to Windows Vista.
The Windows Security Center provides a single place to manage your four security essentials, Windows Firewall, Automatic Updating, Malware protection (virus and spyware) and Other security settings (Internet security and User Account Controls). The Security Center recommends security settings that you can use to help protect your computer. It also provides links to important information about the latest virus or other security threat, or to get customer support from Microsoft for a security related issue. As you work, Windows Vista uses security alerts and icons in the notification area on the taskbar to help you recognize potential security risks, such as a new virus, out of date antivirus software or an important security option is turned off, and choose appropriate settings.
- Click the Start button, and then click Control Panel.
- Double-click the Security Center icon in Classic view.
- To find out information on a security area, click the down arrow next to it.
- To set security settings, click the link (Windows Update, Windows Firewall, Windows Defender, and Internet Options) for the area you want to change.
- When you’re done, click the Close button.
- If the Security Center detects that your computer needs enhanced security, it displays an alert in the notification area.
- Read the security alert, and then click it.
- To find out information on a security option, click the down arrow next to it.
- To find out how to address the problem, click a link or a button, and then follow the instructions.
- When you’re done, click the Close button.
Did You Know?
You can change the way Automatic Updates alerts changes. Click the Start button, click Control Panel, double-click the Windows Update icon in Classic view, click Change settings, select the alert option you want, click OK, and then click the Close button.
Table . Security Icons
Icon | Description |
|---|---|
Security Settings: Indicates important security information and settings that are available, such as the Windows Security Center. | |
Potential Risk: Indicates your computer encountered a potential security risk; act upon the security alert. | |
No Risk: Indicates your computer is more secure and using recommended security settings; no action needed. | |
Security Warning: Indicates your computer encountered a warning alert, which is potentially harmful; consider adjusting security settings. | |
Security Problem: Indicates your computer is not using recommended security settings; consider adjusting them. |
Windows Defender (New!) helps you protect your computer from spyware and other potentially harmful software that attempts to install itself or run on your computer. Spyware is software that tries to collect information about you or change computer settings without your consent. Windows Defender alerts you in real-time when unwanted software tries to run on your computer. You can also use Windows Defender to scan your computer and set up a schedule to automatically scan on a regular basis. When you receive an alert of a potential problem, you can use the Microsoft SpyNet community to help you determine if the software is already to run. Windows Defender uses definitions to determine potential problems. Since software dangers continually change, it’s important to have up-to-date definitions, which you can get online.
- If a real-time alert appears with an attempt to:
Install software. Click Ignore, Quarantine, Remove, or Always Allow.
Change Windows settings. Click Permit or Deny.
- Click the Start button, and then click Control Panel.
- Double-click the Windows Defender icon in Classic view.
- To perform a scan, click the Scan button arrow, and then click Quick Scan or Full Scan.
- To view or clear history, click the History button, and then click an item to view history or click Clear History to remove all activities.
- To go backward and forward to the previously viewed screens, click the Back or Forward button.
- When you’re done, click the Close button.
- Double-click the Windows Defender icon in Classic view.
- Click the Tools button.
- Click the links to the tools and settings you want to change:
Options. Set up a scan schedule and choose default actions when alerts appear.
Microsoft SpyNet. Allows you to join the SpyNet community.
Quarantined items. Allows you to remove and restore items.
Allowed items. Allows you to remove items from the list.
Software Explorer. Allows you to scan your computer for programs and provide security information about them. You can stop, remove, disable or enable programs.
Windows Defender website. Access the Windows Defender Web site at Microsoft to get updates and definitions.
- To go backward and forward to the previously viewed screens, click the Back or Forward button.
- When you’re done, click the Close button.
Parental Controls (New!) help you manage how your children use the computer. Parental Controls allows you to set limits on your children’s Web access, the amount of time spent logged on the computer, and which games and programs they can use. You can set different settings for each user account on your computer, so you can adjust the level you want for each child. You can also review activity reports on a periodic basis to see what your children are doing on the computer.
- Click the Start button, and then click Control Panel.
- Double-click the Parental Controls icon in Classic view.
- To select a games rating system, or an activity report reminder option, click an option in the Tasks pane.
- Click the standard user account for which you want to set controls.
- Click the On, enforce current settings option and then click the On, collection information about computer usage option.
- Click the links to the Windows Settings you want to change:
Web restrictions. Select a Web restriction level (High, Medium, None or Custom) and options to block or allow websites or file downloads.
Time limits. Click and drag the hours you want to block or allow.
Games. Select options to block or allow games based on ratings or specific games.
Allow or block specific programs. Select an option to use all programs or only the programs I use.
- Click OK, and then click OK again.
With Windows CardSpace (New!), you can securely send information in the form of online cards to Web sites or online services. Windows CardSpace is a system for creating relationships with Web sites and online services that provides a consistent way for you to review the identity of a site, manage your information, review information before sending it to a site and for sites to request information from you. Windows CardSpace can replace the user names and passwords that you use to register and log on to Web sites and online services. You can create a personal card or have a business or organization issue you a managed card.
- Click the Start button, then click Control Panel.
- Double-click the Windows CardSpace icon in Classic view.
- If necessary, click OK to dismiss the introduction screen.
- To add a card, click the Add a card button, click Add, click a card type, enter information, and then click Save.
- In the main screen, use task commands to duplicate, delete, back up, and restore cards.
- To modify a card, double-click the card, and then click any of the following task commands:
Edit card. Make changes, and then click Save.
View card history. View the information, and then click OK.
Lock card. Type a PIN code, type it again, and then click Lock.
- To go back to the main screen, click the Back button.
- When you’re done, click the Close button.
If your computer uses NTFS, you can use the advanced Encrypting File System (EFS) to protect sensitive data files on your computer. If someone tries to gain access to encrypted files or a folder on your computer, a unique file encryption key prevents that person from viewing it. When you encrypt a file, you also need to decide whether you want to encrypt the folder, too. When you encrypt a folder, you need to decide whether you want to encrypt all files and subfolders within it. After you encrypt your files, you can use the Backup Wizard in the Backup and Restore Center to back them up for safe keeping (NewSP1)
- Right-click the file or folder you want to encrypt, and then click Properties.
- Click the General tab.
- Click Advanced.
- Select the Encrypt contents to secure data check box to encrypt the file or folder or clear the check box to decrypt it.
- Click OK.
- Click OK.
- If necessary, click an option to apply changes to this folder only or to this folder, subfolders, and files.
- Click OK.
If you have a two NTFS drive partitions (also known as volumes)—one for the system boot volume and one for the operating system volume—and a computer with a compatible Trusted Platform Module (TPM) microchip and BIOS, you can use BitLocker (New!) to encrypt the operating system volume. If you have other internal volumes with data, you can also use BitLocker to encrypt it (NewSP1). BitLocker helps protect your system and blocks hackers from accessing sensitive information behind the scenes. When you add files to your computer, BitLocker automatically encrypts them. When you copy files to another location, the files are decrypted. After you turn on BitLocker, it’s critical that you create a recovery password, because BitLocker locks up the entire drive if it detects a problem during startup. In order to turn on BitLocker on data volumes, you need to turn on BitLocker on the operating system volume first. The encrypted data volume automatically unlocks when the system boots into the operating system volume.
- Click the Start button, then click Control Panel.
- Double-click the BitLocker Drive Encryption icon in Classic view.
- Click Turn On BitLocker on the operating system volume.
If prompted, follow the Initialize TPM Security Hardware wizard.
- Follow the wizard to save a recovery password, select the volumes to encrypt, select the Run BitLocker System Check check box, and then wait for BitLocker to encrypt the volume upon restart.
When your computer starts up after the encryption, you won’t see any change. If a problem occurs or someone tries to illegally access your operating system, your computer switches into recovery mode until you supply the recovery password.
- To turn off or temporarily disable BitLocker, click Turn Off BitLocker Drive Encryption, click Disable BitLocker Drive Encryption or Decrypt the volume, and then click OK.
Using the Internet can expose your computer to a wide variety of harmful attacks, such as viruses, worms, and Trojan Horses. These attacks can come through e-mail, file transferring, and even possibly through Java and ActiveX, which are both programming languages used to enhance web pages.
A virus is an executable program whose functions range from just being annoying to causing havoc to your computer. A virus may display an innocuous warning on a particular day, such as Friday the 13th, or it may cause a more serious problem, such as wiping out your entire hard disk. Viruses are found in executable (.exe and .com) files, along with Microsoft Word and Microsoft Excel macro files. A worm is like a virus, but it can spread without human action across networks. For example, a worm might send e-mail copies of itself to everyone in your e-mail Address Book. A worm can consume memory causing your computer to stop responding or even take it over. A Trojan Horse, like it’s mythological counterpart, is a program that appears to be useful and comes from a legitimate source, but actually causes problems.
Many viruses and other harmful attacks spread through file downloads and attachments in e-mail messages. Virus writers capitalize on people’s curiosity and willingness to accept files from people they know or work with, in order to transmit malicious files disguised as or attached to benign files. When you start downloading files to your computer, you must be aware of the potential for catching a computer virus, worm, or Trojan Horse. Typically, you can’t catch one from just reading a mail message or downloading a file, but you can catch one from opening or running an infected program, such as a file attached to an e-mail message, or one you download for free. And even though most viruses and other harmful attacks take the form of executable programs, data files that have macros or Visual Basic code attached to them, such as Word or Excel files, can also be infected with viruses.
There are a few things you can do to keep your system safe from the infiltration of viruses and other harmful attacks.
Make sure Windows Firewall is turned on. Windows Firewall helps block viruses and worms from reaching your computer, but it doesn’t detect or disable them if they are already on your computer or come through e-mail. Windows Firewall doesn’t block unsolicited e-mail or stop you from opening e-mail with harmful attachments. For more information on Windows Firewall, see “Connecting to the Internet” on page 135 and “Setting Up Windows Firewall” on page 137.
Make sure Automatic Updates is turned on. Windows Automatic Updates regularly checks the Windows Update web site for important updates that your computer needs, such as security updates, critical updates, and service packs. Each file that you download using Automatic Update has a digital signature from Microsoft to ensure it’s authenticity and security. For more information, see “Updating Windows” on page 440.
Make sure you are using the most up-to-date antivirus software. New viruses and more virulent strains of existing viruses are discovered every day. Unless you update your virus checking software, new viruses can easily bypass outdated virus checking software. Companies such as McAfee and Symantec offer shareware virus checking programs available for download directly from their web sites. These programs monitor your system, checking each time a file is added to your computer to make sure it’s not in some way trying to change or damage valuable system files.
Be very careful of the sites from which you download files. Major file repository sites, such as FileZ, Download.com, or TuCows, regularly check the files they receive for viruses before posting them to their web sites. Don’t download files from web sites unless you are certain that the sites check their files for viruses. Internet Explorer monitors downloads and warns you about potentially harmful files and gives you the option to block them. For more information, see “Downloading Files from the Web” on page 160.
Be very careful of file attachments in e-mail you open. As you receive e-mail, don’t open or run an attached file unless you know who sent it and what it contains. If you’re not sure, you should delete it. The Attachment Manager provides security information to help you understand more about the file you’re opening. To protect your computer from harmful attacks, see “Sending and Retrieving a File” on page 180, “Reading and Replying to E-mail” on page 178, and “Protecting Against E-mail Attacks” on page 345.
Make sure you activate macro virus checking protection in both Word and Excel. To do so, click the Tools menu, point to Macro on the expanded menu, click Security, and then make sure that the High Security Level option is selected. (In Office 2000, XP, or later, click the Tools menu, click Options, click the General tab, and then make sure the Macro Virus Protection option is selected.) And always elect not to run macros when opening a Word or Excel file that you received from someone who might not be using proper virus protection.
Spyware is software that collects personal information without your knowledge or permission. Typically, spyware is downloaded and installed on your computer along with free software, such as freeware, games, or music file-sharing programs. Spyware is often associated with Adware software that displays advertisements, such as a pop-up ad. Examples of spyware and unauthorized adware include programs that change your home page or search page without your permission. To avoid spyware and adware, read the fine print in license agreements when you install software, scan your computer for spyware and adware with detection and removal software (such as Ad-aware from Lavasoft), and turn on Pop-up Blocker. For details, see “Blocking Pop-Up Ads” on page 342.
Spam is unsolicited e-mail, which is often annoying and time-consuming to get rid of. Spammers harvest e-mail addresses from Web pages and unsolicited e-mail. To avoid spam, use multiple e-mail addresses (one for web forms and another for private e-mail), opt-out and remove yourself from e-mail lists, and turn on the Block Images And Other External Content In HTML E-mail option. For details, see “Protecting Against E-mail Attacks” on page 345.
Phishing is an e-mail scam that tries to steal your identity by sending deceptive e-mail asking you for bank and credit card information online. Don’t be fooled by spoofed web site that look like the official site. Never respond to requests for personal information via e-mail; call the institution to investigate and report it.
No other web browser offers as many customizable features as Internet Explorer does, particularly advanced security features that are built into the program. To understand all the Internet Explorer security features, you first have to learn about security on the Internet in general.
When you send information from your computer to another computer, the two computers are not linked directly together. Your data may travel through multiple networks as it works its way across the Internet. Since your data is broadcast to the Internet, any computer on any of these networks could be listening in and capturing your data. (They typically aren’t, but they could be.)
In addition, on the Internet it’s possible to masquerade as someone else. E-mail addresses can be forged, domain names of sites can easily be misleading, and so on. You need some way to protect not only the data you send, but also yourself from sending data to the wrong place.
Furthermore, there is always the potential that someone (referred to as a “hacker”) or something, such as a virus or worm, could infiltrate your computer systems. Once infiltrated, a hacker or virus can delete, rename, or even copy valuable information from your computer without your knowledge.
Through the use of security zones, you can easily tell Internet Explorer which sites you trust to not damage your computer and which sites you simply don’t trust. In your company’s intranet you would most likely trust all the information supplied on web pages through your company’s network, but on the Internet you may want to be warned first of potential dangers a site could cause your system. You can set up different levels of security based on different zones.
When shopping on the Internet, you want to do business with only those companies that offer a certain level of security and promise to protect your buying information. In turn, those companies want to do business with legitimate customers only. A certificate or digital ID provides both the browser and the company with a kind of guarantee confirming that you are who you say you are and that the site is secure and genuine, not a fraud or scam. When you send an e-mail message, it also verifies your identity to your recipients.
A digital ID is made up of a public key, a private key, and a digital signature. When you digitally sign an e-mail, Windows Mail adds your public key and digital signature (the two together is the certificate) to the message. When your recipients receive the e-mail, your digital signature verifies your identity and your public key is stored in their Address Book so they can send you encrypted messages, which only you can open with your private key.
An independent company, called a credentials agency, issues three types of certificates: personal, authority, and publisher. A personal certificate identifies you so that you can access web sites that require positive identification, such as banks that allow online transactions. You can obtain a personal certificate from a credentials agency called VeriSign using the Security tab of the Options dialog box in Windows Mail. An authority certificate ensures that the web site you are visiting is not a fraud. Internet Explorer automatically checks site certificates to make sure that they’re valid. A publisher certificate enables you to trust software that you download, such as ActiveX controls. Internet Explorer maintains a list of software companies whose certificates are valid and trustworthy. You can view your certificate settings on the Content tab of the Internet Options dialog box.
Just about everyone can find objectionable material on the Internet. Parents might not want to subject their children to some of this material, such as strong language, violence, and other adult themes. However, most parents cannot spend every online minute with their children, censoring objectionable sites. In such cases, you can employ Internet Explorer’s Content Advisor to screen out inappropriate sites, preventing youngsters from seeing things they shouldn’t.
The Content Advisor works with different rating bureaus, such as the Recreational Software Advisory Council (RSAC), to rate sites within certain ranges. The RSAC’s rating system is based on research that compiled a rating system to reflect different levels of violence, strong language, and so on. You decide exactly what kind of sites that your children can access, what ratings systems are used, which ranges are available to users within those sites, and whether users of your computer can see unrated sites.
You can also assign a supervisor password to allow a user to view such sites. As long as the user supplies the password you specified when you initially set up the content rating systems, the user can view sites where the material rates above the level chosen. You can turn off the Content Advisor at any time, opening up all sites on the Internet for viewing by any user without having to enter a password.
In order for the rating system to work, sites must subscribe to the system so that their ratings are passed to your computer when you access the sites. Most sites that want to offer quality information for children and those adult sites interested in making sure only individuals 18 years old or older are accessing their sites subscribe to rating systems like the RSAC. A site that voluntarily rates itself usually displays the RSAC logo on its home page. This logo is your indication that the site has properly rated itself and offers only materials that are appropriate to its rating.
When you browse the Internet, you can access and gather information from web sites, but web sites can also gather information about you without your knowledge unless you set up Internet security on your computer. You can set Internet privacy options to protect your personal identity from unauthorized access. When you visit a web site, the site creates a cookie file, known as a first-party cookie, which stores information on your computer, such as your web site preferences or personal identifiable information, including your name and e-mail address. Not all cookies are harmful; many first-party-cookies save you time re-entering information on a return visit to a web site. However, there are also third-party cookies, such as advertising banners, which are created by web sites you are not currently viewing. Once a cookie is saved on your computer, only the web site that created it can read it. The privacy options allow you to block or permit cookies for web sites in the Internet zone; however, when you block cookies, you might not be able to access all the features of a web site. When a web site violates your cookie policy, a red icon appears on the status bar.
Internet Explorer lets you create security zones based on where information comes from. For example, you might want to restrict access to web pages that can be viewed from the Internet, but not to those sites within your company’s intranet. You can specify the level of security for each of the four available security zones: Local Intranet, Trusted Sites, Restricted Sites, and Internet. When you access a web page or download content from the site, Internet Explorer checks its security settings and determines the web site’s zone. Internet Explorer displays a padlock icon in the status bar to indicate the web site is secure. All Internet web sites are assigned to the Internet zone until you assign individual web sites to other zones.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the Security tab.
- Click the zone to which you want to assign security options.
- If you want, click Default Level to reset the settings to Microsoft’s suggested level.
- Move the slider to the level of security you want to apply.
- If you want to specify individual security options, click Custom Level.
- Scroll to a settings area, and then click the Enable, Prompt, or Disable option button.
- Click OK.
Click OK.
Did You Know?
You can reset default settings for security options. To return each option to its default settings for a specified security level, click the Reset Custom Settings list arrow, select a security level, and then click Reset.
You can remove a site from your Restricted Sites zone. Click the Tools menu, click Internet Options, click the Security tab, click Restricted Sites, and then click the Sites button. In the Web Sites box, click the site you want to remove, click Remove, and then click OK. Click OK to close the Internet Options dialog box.
You can enable Internet Explorer protection mode in Internet Properties. In the Internet Properties dialog box, click the Security tab, select the Enable Protected Mode (required restarting Internet Explorer check box, and then click OK.
Table . Security Zones
Zone | Description |
|---|---|
Internet | Contains all web sites that are not assigned to any other zone; default is Medium |
Local intranet | Contains all web sites that are on your organization’s intranet and don’t require a proxy server; default is Medium |
Trusted sites | Contains web sites that you trust not to threaten the security of your computer; default is Low (allows all cookies) |
Restricted sites | Contains web sites that you believe threaten the security of your computer; default is High (blocks all cookies) |
If you have children who surf the Internet and you don’t want to subject them to strong language, violence, or sexually explicit material, you can use the Content Advisor to restrict their access to inappropriate web sites. If a rated site matches your ratings specifications, the site can be viewed. If the site is rated above the level you’ve set, or if the site is not rated and you’ve restricted access to unrated sites, the site can be viewed only when the supervisor password is supplied.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the Content tab.
- Click Enable. This button toggles between Enable and Disable.
The first time you use Content Advisor, set your initial settings.
- Click OK, type a supervisor password twice, and then click OK.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the Content tab.
- Click Settings. If necessary, type the supervisor password, and then click OK.
- Click the category for which you want to set the rating.
- Move the Rating slider to the rating level you want.
- Click OK, and then click OK again.
As you browse the Web, Internet Explorer stores information relating to what you have provided to Web sites when you log on (passwords) or fill out a form, the location of Web sites you have visited (history), and preference information used by Web sites (cookies). When you visit a Web site, Internet Explorer saves Web pages, images, and media (temporary Internet files) for faster viewing in the future, which can take up a lot of space on your hard disk. You can clean up the Internet files and information individually or all at once (New!), which will also improve your computer performance.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the General tab.
- Click Delete.
- Click the Delete buttons you want to clean up your computer:
Delete all. Delete all information (listed below).
Delete temporary files. Deletes files created while browsing.
Delete cookies. Deletes information gathered by using Web sites.
Delete history. Deletes list of Web sites you have visited.
Delete forms. Deletes saved information you have enter into forms.
Delete passwords. Deletes password used for automatic logon to Web sites.
- Click Yes to confirm the deletion.
- Click Close.
- Click OK.
You can set Internet privacy options to protect your personal identity from unauthorized access (New!). The privacy options allow you to block or permit cookies for web sites in the Internet zone; however, when you block cookies, you might not be able to access all the features of a web site. When a web site violates your cookie policy, a red icon appears on the status bar. To find out if the web site you are viewing in Internet Explorer contains third-party cookies or whether any cookies have been restricted, you can get a privacy report. The privacy report lists all the web sites with content on the current Web page and shows how all the web sites handle cookies.
To further protect your privacy, you can use certificates to verify your identity and protect important information, such as your credit card number, on the Internet. A certificate is a statement verifying the identity of a person or the security of a web site. You can obtain your personal security certification from an independent Certification Authority (CA). A personal certificate verifies your identity to a secure web site that requires a certificate, while a web site certificate verifies its security to you before you send it information. When you visit a secure web site (one whose address may start with “https” instead of “http”), the site automatically sends you its certificate, and Internet Explorer displays a lock icon on the status bar. A certificate is also known as a Digital ID in other programs, such as Windows Mail, or the Windows Contacts.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the Content tab.
- Click Certificates.
- Click the tab with the type of certificate you want.
- Click Import.
- Follow the instructions in the Certificate Import Wizard to import a certificate.
- Click Close.
- Click OK.
Phishing is a technique people use to trick computer users into revealing personal for financial information. Typically, a phishing scam starts with an e-mail message that appears to come from a trusted source, such as a bank or credit card company, but actually directs recipients to provide information to a fraudulent Web site. Windows and Internet Explorer provide increase security to help protect you from phishing (New!) schemes. You can set phishing options in Internet Options in the Control Panel or on the Tools menu in Internet Explorer. You can check Web sites for phishing and report them to Microsoft if you think they are fraudulent.
Did You Know?
You can display security information in the Security Status bar. While you browse the Web, Internet Explorer 7 automatically checks for valid Web site certificates and any irregularities that might indicated a possible phishing site or any unwanted or malicious programs. If Internet Explorer detects a potential problem, it displays a color warning in the Address bar with text in the Security Status bar on the right indicating the problem type. The Address bar displays red for certificate errors and known phishing sites, green for sites with high security (connected to the certificate), and yellow for suspected phishing sites. You can click the security icon in the Security Status bar to find out more information and possible solutions.
The Pop-up Blocker prevents most unwanted pop-up windows from appearing. When Internet Explorer blocks an ad, a new window appears with an alert message in the Information Bar at the top. Blocked items are replaced in the window with a red “x”. The Information Bar in Internet Explorer lets you temporarily or permanently open pop-ups, change Pop-up Blocker settings, and get Information Bar help. With the Pop-up Blocker Settings dialog box, you can allow or disallow pop-ups from specific sites, play a sound or show the Information Bar when a pop-up is blocked, and set a filter level to block pop-ups.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the Privacy tab.
- Select the Turn on Pop-up Blocker check box.
- Click Settings.
- To add a pop-up exception, enter a web site address, then click Add.
- Select or clear check boxes to play sound or show on Information Bar when an ad is blocked.
- Click the Filter Level list arrow, then click a pop-up filter: High, Medium, Low.
- Click Close.
- Click OK.
The Information Bar in Internet Explorer makes it easier for you to make informed decisions about potentially harmful content entering your computer. Internet Explorer displays the Information Bar below the address bar where you can view important security information about blocked pop-ups, downloads, security risks, and other harmful threats. When Internet Explorer blocks a pop-up ad or program from running on your computer, the Information Bar appears at the top of the window with information and options. If the default settings in Internet Explorer are turned on, the Information Bar appears when a web site tries to install an add-on, such as an ActiveX control, open a pop-up window, or download a file to your computer. A pop-up window typically display annoying ads. ActiveX controls provide added functionality to Internet Explorer, which makes using the Internet more enjoyable. However, it also opens the door for Spyware and Adware to invade your computer and privacy. When an outsider tries to enter your computer, the Information Bar appears, where you can click the message to take an action, such as block or unblock the content, or get more information. See “Blocking Pop-Up Ads” on page 342 for information on turning on the Information Bar.
Windows Mail adds a security option to stop pictures and other content from automatically downloading to your computer from contacts who are not in your address book. Spammers commonly use automatic picture download to confirm your e-mail address and send you more spam. Blocking the picture download provides a faster display, and reduces spam e-mail. When Windows Mail blocks images and other potential harm content in an e-mail message from downloading to your computer, the Information Bar appears at the top of the e-mail message with status information. Blocked items in e-mail are replaced with a red “x”. You can follow the instructions on the Information Bar to view the blocked content. However, when you edit, print, forward, or reply to an e-mail message with blocked items, the blocked content is downloaded. See “Protecting Against E-mail Attacks” on page 345 for information on setting e-mail security options.
Add-on are programs that extend the functionality of Internet Explorer to perform a unique task, such as provide search toolbars or display Flash content. In most cases, add-ons are useful, but sometimes poorly built or old ones can slow down your computer, cause system crashes, or invade your privacy (such as Spyware or Adware that are sometimes deceptively installed). To help you work with add-ons, Internet Explorer includes the Add-on Manager, which provides a list of add-ons currently loaded or used by Internet Explorer. You can use the Add-on Manager to individually enable, disable, or update add-ons. The Add-on Manager can also detect add-ons related crashes in Internet Explorer and displays an option to disable it.
- Click the Start button, click Control Panel, and then double-click the Internet Options icon in Classic view.
- Click the Programs tab.
- Click Manage add-ons.
- Click Show list arrow, and then click the option with the type of add-ons you want to display.
- Click the add-on you want to manage.
- Click the Enable or Disable option.
- Click OK.
- Click OK.
In Windows Mail, security zones allow you to determine whether or not to run active content, such as ActiveX controls, from inside HTML e-mail messages, which potentially can carry viruses and other harmful threats. You can adjust the security zone levels using Internet Options in the Control Panel. To provide further protection, you can set options to let you know when an program tries to send mail with your e-mail address to contacts in your address book (which is a common way to propagate a virus), to not allow attachments to be saved or opened that might contain a virus, and to stop pictures and other content from automatically downloading to your computer (which is a common way spammers confirm your e-mail address to send more spam) from contacts who are not in your Address Book until you have a chance to read the message.
- Click the Start button, then click Windows Mail.
- Click the Tools menu, then click Options.
- Click the Security tab.
- Click the security zone option you want: Internet zone (Less secure) or Restricted sites zone (More secure).
- Select the Warn me when other applications try to send mail as me check box.
- Select the Do not allow attachments to be saved or opened that could potentially be a virus check box.
- Select the Block images and other external content in HTML e-mail check box.
- Click OK.
See Also
See “Avoiding Viruses and Other Harmful Attacks” on page 330 for information on security threats in e-mail.
In Windows Mail, you can set security options to send e-mail messages with a digital ID or encryption. A digital ID verifies your identity to your recipients in the same way a picture ID verifies your identify when you write a check. Before you can send a digitally signed e-mail, you need to get a digital ID from an independent certification authority, which you can access from Windows Mail. Encryption prevents others on the Internet from intercepting and reading your e-mail. Before you can send an encrypted e-mail, your Windows Contacts needs to contain a digital ID for each recipient, which allows them to decrypt the message for reading.
- Click the Start button, then click Windows Mail.
- Click the Tools menu, then click Options.
- Click the Security tab.
- To get a digital ID, click Get Digital ID, and then follow the instructions.
- To encrypt e-mail, select the Encrypt contents and attachments for all outgoing messages check box.
- To digitally sign e-mail, select the Digitally sign all outgoing messages check box.
- Click Advanced.
- Select the check boxes to include my digital ID and add sender’s certificates to my Windows Contacts.
- To check for a revoked digital ID, click the Only when online option.
Click OK.
Click OK again.
