*********************** ** ** ** Enough is Enough! ** ** ** *********************** ------------ - Contents - ------------ * Introduction - Overview - Caution! - More than Enough? * Compatibility * Installation - w/ INSTALL.BAT - w/ INST-BUT.BAT - Multiple User Profiles - Missing Files - CHOICE.EXE & Windows NT/2000/XP * Uninstallation - w/ INSTALL.BAT - w/ INST-BUT.BAT * What "Enough is Enough!" Really Does - Security Zones - Advanced Settings - Cookies - HTA Applications - "How Can I Tell if It Worked?" - "What does Enough is Enough! do that I can't do myself?" - "What if the WebZone Accessory Isn't Working?" * Coping with Problem Web Sites & Browser Add-ons - Problem Web Sites - Windows Update - Browser Add-ons & Plug-ins * For More Information * Why Enough is Enough! * Problems & Questions * Credits & Acknowledgements ---------------- - End Contents - ---------------- ============ Introduction ============ Have you just about had it with sneaky spyware installations, pesky third-party cookies from pushy advertisers and marketers, and the unending blizzard of popups and popunders from web sites? Haven't you really had just about enough of these obnoxious, invasive practices that trash your computer and violate your privacy? Then it's time you said, "Enough is Enough!" ~~~~~~~~ Overview ~~~~~~~~ Enough is Enough! is a lockdown utility for Internet Explorer 5 and 6. When you install Enough is Enough!, it will: * Lock down your Internet and Restricted sites zones with restrictive settings for dangerous options like ActiveX, Java, scripting, and a few others. * Severely restrict the use of cookies (but not completely disable them for trusted web sites or for single session use). * Disable several Advanced settings, including Install on Demand and Third-party Browser Extensions. * Install Microsoft's IE PowerTweaks WebZone Accessory, putting two new options on your IE Tools menu, with corresponding buttons on your Toolbar: "Add to Trusted Zone" and "Add to Restricted Zone." With these new Internet Explorer settings you will be protected from the more dangerous elements of the web without having to worry about putting known nasties into your Restricted sites zone: * You'll be protected from rogue crapware installations (e.g., Gator, BonziBuddy, WebHancer, Lop.com, and the like). * You won't be accepting cookies from direct marketing outfits who seek to monitor and track your travels around the Net. * You'll put an end to annoying, useless popups at most web sites by default. * You'll put all web sites on a "short leash" until you trust them enough to add them to your Trusted sites zone. In short, Internet Explorer will start behaving as YOU want it to behave, not as direct marketers and spyware pushers want it to behave. What you do with Enough is Enough! is enforce your very own "opt-in" policy: no web sites get to use permanent cookies, ActiveX, Java, JavaScript and other dangerous Internet Explorer options until you explicitly give them the go-ahead by putting those sites into your Trusted zone. ~~~~~~~~ Caution! ~~~~~~~~ A word of warning: the severely restrictive IE settings that Enough is Enough! uses will break many web sites until you add them to your Trusted sites zone. These settings will also disable third-party browser add-ons (commonly known as "plugins"). Keep in mind that you can always tweak IE's settings through the Internet Options box after installing Enough is Enough! And of course, Enough is Enough! installs Microsoft's Power Tweaks WebZone Accessory so that you can quickly and conveniently add sites you visit frequently (and which require permanent cookies or certain types of active content) to the Trusted sites zones. Once you add a site that you trust to the Trusted sites zone, it should start working again. See the section titled "Coping with Problem Web Sites & Browser Add-ons" below for more advice on dealing with problem web sites and third-party browser add-ons. ~~~~~~~~~~~~~~~~~ More than Enough? ~~~~~~~~~~~~~~~~~ Enough is Enough! isn't for everyone. If you find broken web sites *extremely frustrating*, and taking the time to add web sites to your Trusted sites zone is too annoying for you to deal with, then Enough is Enough! might be "more than enough" for you -- it might be much too much. There are several uninstallation options, so you're not stuck with Enough is Enough! by any means, should you decide that it's not for you (see the "Uninstallation" section below for more details). If Enough is Enough! isn't for you, you might consider downloading and installing IE-SPYAD. IE-SPYAD will add a long list of known advertisers, marketers, and crapware pushers to your Restricted sites zone, giving you a large measure of protection from the nastier elements of the web while still allowing you to keep your Internet zone settings fairly loose. You can download IE-SPYAD here: http://www.staff.uiuc.edu/~ehowes/resource.htm ============= Compatibility ============= Enough is Enough! is compatible with Internet Explorer 5 and above. Enough is Enough! also works with Windows XP Service Pack 2. The installer will detect if you're using Internet Explorer 6.0 and adjust the settings it installs accordingly. The installer is a bit dumb, though. If you once had Internet Explorer 6 on your system but have since uninstalled it and returned to some version of Internet Explorer 5, you should fire up REGEDIT.EXE and make sure that the following key doesn't still exist in your Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P If it does exist, delete it. That key is specific to IE6's P3P settings. That's the key that the installer looks for to determine if you're running IE6. If you've already run the installer once, you can re-run the installer to pick up the IE5 specific cookie settings. Enough is Enough! should not be used on Internet Explorer 3.0 or 4.0 (though the installer will let you do it). If you mistakenly install Enough is Enough! on Internet Explorer 3.0 or 4.0, you can uninstall it and restore your previous IE settings by re-running INSTALL.BAT. ============ Installation ============ Enough is Enough ships with two installer utilities: * INSTALL.BAT installs the complete Enough is Enough package, including all the Privacy & Security settings as well as the WebZone Accessory and Toolbar zone buttons. * INST-BUT.BAT installs just the WebZone accessory (or even just the Toolbar zone buttons, if you already have the IE Power Tweaks Web Accessories from Microsoft). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Complete Installation with INSTALL.BAT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Complete installation of Enough is Enough with INSTALL.BAT is simple. Make sure Internet Explorer is closed. Then run the installer, INSTALL.BAT. The installer will first: * copy CHOICE.EXE to your Windows directory if you're running Windows NT/2K/XP and don't already have that simple DOS utility (which is used by INSTALL.BAT); * check to see if you're running Internet Explorer 6.0; * copy CHOICE.COM to your Windows directory if CHOICE.COM is not already on your computer, * back up your current Internet Explorer settings (your current settings are backed up as 2 .REG files named BACK-*.REG in the \BACKUP sub-directory and will be used if you uninstall Enough is Enough!). * notify you if Internet Explorer 6.0 is detected. (You will receive this notice only the first time you run Enough si Enough!) Then you will be presented with the main menu. Choose option 1 to install Enough is Enough! Unfortunately, the installer is fairly inflexible -- there is only one installation configuration, and it's an "all or nothing" deal. You will get all the strict Internet Explorer Privacy and Security settings as well as the WebZone Accessory and Toolbar zone buttons. (See the 'What "Enough is Enough!" Really Does' section below for complete details of the IE settings used.) Of course, you can always tweak your settings through the IE Internet Options box after you install Enough is Enough! And don't forget the Power Tweaks WebZone Accessory, which lets you add sites to your Trusted sites and Restricted sites zones from the Tools menu. Note that if Microsoft's Internet Explorer Power Tweaks Web Accessories is already installed on your system, the installer will not install WebZone or the Toolbar zone buttons. (WebZone is derived from the Power Tweaks Web Accessories package and would be redundant.) If you want the Toolbar buttons, run INST-BUT.BAT, which is located in the same directory as INSTALL.BAT. Once Enough is Enough! is finished installing, fire up Internet Explorer and away you go! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Installation of Only WebZone/Buttons with INST-BUT.BAT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INSTALL.BAT assumes that you want to install all the configuration changes to IE's Privacy and Security settings as well as the WebZone Accessory (with the IE Toolbar zone buttons). If you would like to install ONLY the WebZone Accessory or even just the IE Toolbar zone buttons (i.e., you already have the Power Tweaks Web Accessories installed), then run the INST-BUT.BAT file in the same direcotyr as INSTALL.BAT. To uninstall just WebZone, you can either run the main installer (INSTALL.BAT) *or* INST-BUT.BAT -- both have options to completely uninstall WebZone. If you would like to uninstall ONLY the buttons (and leave WebZone or the complete PowerTweaks Web Accessories package), however, then run INST-BUT.BAT. ~~~~~~~~~~~~~~~~~~~~~~ Multiple User Profiles ~~~~~~~~~~~~~~~~~~~~~~ If you have multiple user profiles on your computer and want EiE's settings to work on all of those profiles, you'll have to install EiE separately on each profile. ~~~~~~~~~~~~~ Missing Files ~~~~~~~~~~~~~ If INSTALL.BAT or INST-BUT.BAT complains about a missing file when you attempt to install, the most likely reason is that the EiE package you downloaded wasn't completely unpacked. The EiE installation package contains several sub-directories under the main \ENOUGH install directory, and your "un-zipper" program may not have properly unpacked all the sub-directories. If you downloaded the .ZIP file, the easiest solution is to download the self-extracting .EXE install package and use that package instead. The .EXE file should extract on its own to the directory C:\ENOUGH. All the sub-dirs should be properly unpacked. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CHOICE.EXE & Windows NT/2000/XP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Both INSTALL.BAT and INST-BUT.BAT make use of CHOICE.COM, a DOS utility which shipped with every version of MS DOS 6.0 and above as well as all versions of Win 9x, including Windows 95, Windows 98, and Windows Me. Windows NT 4.0, Windows 2000, and Windows XP do not, however, include a copy of this file. Moreover, CHOICE.COM apparently has compatibility issues with the Windows XP command shell interpreter. This distribution includes a copy of both CHOICE.COM (from Windows 95 B - OSR2) and CHOICE.EXE (from the Windows 2000 Professional Resource Kit), which has equivalent functionality to CHOICE.COM. If INSTALL.BAT or INST-BUT.BAT detect that you're running Windows NT/2000/XP, they will automatically install CHOICE.EXE to your Windows directory (usually \WINNT). (If you're running Windows 95, 98, or Me and CHOICE.COM seems to be missing, they will instead install CHOICE.COM to \WINDOWS.) If you're running Windows XP and one of the installers gives you errors every time you reach one of the menus, the problem is likely that a straight DOS version of CHOICE.COM is somewhere on your path. Even when CHOICE.EXE is installed in the Windows directory (\WINNT), if one of the installers finds CHOICE.COM, it will use CHOICE.COM instead of CHOICE.EXE. We want the installers to use CHOICE.EXE, which is compatible with Windows XP. Check your Windows directory (usually \WINNT) as well as your System directory (\WINNT\SYSTEM32). If you find CHOICE.COM (as opposed to CHOICE.EXE), remove it. Also, if you downloaded an earlier version of this utility that included only CHOICE.COM, make sure that CHOICE.COM is not located in the top level installation directory (a copy is included in the \CHOICE sub-directory, but that's OK). In other words, make sure that there is no chance that CHOICE.COM will be used. On Windows XP, you should be using CHOICE.EXE instead. ============== Uninstallation ============== INSTALL.BAT and INST-BUT.BAT let you uninstall Enough is Enough! or parts of the Enough is Enough! package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Uninstallation with INSTALL.BAT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Uninstallation is more flexible than installation. Make sure Internet Explorer is closed. Then run the installer, INSTALL.BAT, which also serves as the uninstaller. From the main menu, choose option 2 to uninstall Enough is Enough! You will then be presented with a menu of uninstallation options: [1] Uninstall All This uninstalls everything, including WebZone, and restores your Internet Explorer settings from the 2 backup files (hope you didn't delete them!). In effect IE will be restored to the state it was when you installed Enough is Enough! Note if the IE Power Tweaks Web Accessories is on your system, the uninstaller will not attempt to uninstall WebZone. [2] Uninstall, but leave WebZone Essentially the same as the first uninstallation option, but this one leaves WebZone. [3] Uninstall WebZone only This option leaves all your IE settings, but uninstalls WebZone. Note if the IE Power Tweaks Web Accessories is on your system, the uninstaller will abort and refuse to uninstall WebZone. Note that the WebZone Accessory is added to your Add/Remove Programs list in the Control Panel and can be selectively uninstalled from there as well. Look for the entry labeled "Microsoft Internet Explorer 5 Power Tweaks WebZone Accessory." [4] Restore Default IE6 Cookie Settings only This option is for IE6 users only. It restores IE6 cookie settings to the *default* settings (not your own previous settings.) This option is useful if you want to tweak IE6's cookies settings but can't hack the Registry to reset the cookie settings in the Trusted sites zone (which are not configurable from the Internet Options, unlike every other setting that Enough is Enough! changes.) If you're an IE5 user, the uninstaller will abort because you don't have IE6. ** After You Install ** Words of advice: don't delete the 2 BACK-*.REG files -- you just might need them if you decide that you you want to uninstall and return to your previous settings. If you'd like to conserve space on your hard drive and reduce clutter, you can save only the two BACK-*.REG files and delete the rest of the Enough is Enough! installation directory. To uninstall properly, though, you'll need to unpack a copy of Enough is Enough! and put the two BACK-*.REG files in a sub-dir called \BACKUP (where INSTALL.BAT expects to find them). Keep in mind that when those backups are restored, you will lose any customizations that you've made to Internet Explorer's zones since the backups were created -- for example, new sites that you've added to the Trusted zone. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Uninstallation of WebZone & Buttons with INST-BUT.BAT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To uninstall just WebZone, you can either run INSTALL.BAT *or* INST-BUT.BAT (in the same directory) -- both have options to completely uninstall WebZone. If you would like to uninstall ONLY the IE Toolbar zone buttons, however (and leave WebZone or the complete PowerTweaks Web Accessories package), then run INST-BUT.BAT. ==================================== What "Enough is Enough!" Really Does ==================================== Enough is Enough configures the Internet and Restricted Security zones in Internet Explorer very securely: * ActiveX, Java, and scripting are all disabled These kinds of "active content" can let web sites do obnoxious, dangerous, and malicious things to your web browser and computer. In worst case scenarios, such technologies can leave your PC open to security holes, exposing your computer and private data. Many web sites depend on active content technologies, though, and some web sites may break with these options turned off. * "Installation of desktop items," "Install on Demand," and "Enable third-party browser extensions" are all disabled These options can be used by unsavory web sites to install spyware and foistware on your computer, often with very little notice or warning. Disabling these options may break some browser add-ons or plugins, however. * Misc settings are disabled Internet Explorer includes several misc. settings that can expose your computer to security breaches in worst case scenarios. These settings (summarized below in the table) are disabled. With these settings disabled, however, some web sites may not work properly. * Cookies are severely restricted Cookies can be used to monitor and track your behavior across the internet. They are often used by web sites and big third-party advertisers and marketers to "personalize" their direct marketing pitches. Cookies are not completely disabled by Enough is Enough!, but they are severely restricted. Cookies do have legitimate uses (e.g., for shopping and banking), however, and some web sites that you visit frequently may require them. * HTA (Hypertext Applications) is disabled HTA applications are increasingly be used by rogue web sites to hijack browsers and execute potentially dangerous code on users' systems. Enough is Enough! "disarms" HTA applications by tweaking the Registry to stop them from being run. You'll note that many of the settings disabled by Enough is Enough! may be required by some legitimate web sites and browser add-ons. For advice on dealing with trusted web sites and browser add-ons that require these options to be enabled, see the "Coping with Problem Web Sites & Browser Add-ons" section later in this ReadMe. Here's a complete table summary of how Enough is Enough! configures Internet Explorer: ~~~~~~~~~~~~~~ Security Zones ~~~~~~~~~~~~~~ Enough is Enough! configures both the Internet and Restricted sites zones for maximum security. Here are the settings it uses for BOTH zones: ---------------- ActiveX Controls ---------------- * Download signed ActiveX controls......DISABLE * Download unsigned ActiveX controls....DISABLE * Run ActiveX controls and plug-ins.....DISABLE * Initialize and run ActiveX controls...DISABLE and plug-ins not marked as safe * Script ActiveX controls marked as.....DISABLE safe for scripting ------------ Microsoft VM ------------ * Java permissions......................DISABLE --------- Scripting --------- * Active scripting......................DISABLE * Scripting of Java programs............DISABLE * Allow paste operations via script.....DISABLE ---- Misc ---- * Access data sources across domains....DISABLE * Userdata persistence..................DISABLE * Navigate sub-frames across different..DISABLE domains * Installation of desktop items.........DISABLE * Load applications and files in an.....DISABLE IFRAME * Software channel permissions..........HIGH SAFETY ------------------- User Authentication ------------------- * Logon.................................Prompt for user name and password ----------- IE6 Options ----------- If you're using Internet Explorer 6.0, Enough is Enough! also configures the following IE6 specific options in both the Internet and Restricted sites zones: * Allow Meta REFRESH....................DISABLE * Display Mixed Content.................DISABLE ~~~~~~~~~~~~~~~~~ Advanced Settings ~~~~~~~~~~~~~~~~~ Enough is Enough! disables the following settings on the Advanced tab in the Internet Options box: * Automatically check for Internet......DISABLE Explorer updates * Enable Install On Demand (Internet....DISABLE Explorer) * Enable Install On Demand (Other)......DISABLE * Enable third-party browser............DISABLE extensions Note that some of these settings may break sites like Microsoft's Windows Update. If you use Windows Update, you can temporarily enable the Install on Demand options. (You also ought to add the microsoft.com domain to your Trusted sites zone.) They may also break third-party browser add-ons and plug-ins. ~~~~~~~ Cookies ~~~~~~~ Enough is Enough! configures cookies differently for Internet Explorer 5 and 6. ------------------- Internet Explorer 5 ------------------- Internet Explorer 5 cookies settings are configured as follows in both the Internet and Restricted sites zones (cookies in the Trusted sites zone are not touched): * Allow cookies that are stored.........DISABLE on your computer * Allow per-session cookies.............ENABLE (not stored) --------------------- Internet Explorer 6.0 --------------------- Internet Explorer 6.0 cookies settings are configured as follows: Internet: 1st-party - all "downgraded" to Session cookies 3rd-party - all blocked Trusted sites: 1st-party - all "leashed" to 1st-party contexts only 3rd-party - all blocked Session cookies are allowed in both zones. Restricted sites zone cookie settings are not configured (all cookies are blocked by default in IE6). Note that this is essentially R2's second (preferred) Custom XML Privacy Import file, which you can find as file 4d-s.xml in the XML-Menu package downloadable here: http://www.staff.uiuc.edu/~ehowes/resource5.htm#files Note also that unlike almost every other setting that Enough is Enough! changes, the cookie settings for the Trusted sites zone in IE6 cannot be tweaked or configured through the Internet Options box. That's why there's an uninstallation option specifically for IE6 cookie settings in the (un)installer utility, INSTALL.BAT. If you need more information on what all the settings you've seen are, then check the online Help from within Internet Explorer. Also, see the "For More Information" section towards the end of this ReadMe for links to several helpful web sites. ~~~~~~~~~~~~~~~~ HTA Applications ~~~~~~~~~~~~~~~~ HTA applications are executed with MSHTA.EXE (found in the Windows directory) and are associated with the .HTA File Extension and htafile File Type. All of these settings are stored in the Windows Registry. Enough is Enough! "disarms" and "re-arms" HTA applications by modifying the appropriate Registry keys and values. Here is a basic table of the Registry keys involved in the default .HTA File Association configuration: Note: all Registry keys and values are under [HKEY_CLASSES_ROOT\...] REGISTERED EXTENSION FILE TYPE DEFAULT FILE COMMAND TO BE FILE TYPE TYPE ACTION EXECUTED ---------- --------- --------- ------------ ------------- HTML Application .HTA htafile htafile\Shell JSFile\Shell\Open\Command @="Open" @="mshta.exe \"%1\" %*" The .HTA Extension points not only to a File Type, but to a MIME Content Type as well. Here is a table detailing the MIME Content Type specified by the .HTA Extension: REGISTERED EXTENSION MIME Content Type FILE TYPE ---------- --------- ----------------- HTML Application .HTA "Content Type"="application/hta" MIME Content Types are itemized under [HKEY_CLASSES_ROOT\MIME\Database\Content Type\...]. When Enough is Enough! "disarms" HTA applications, it changes the associated Extension (.HTA) so that the specified File Type is set to "Unknown" (and the MIME Content Type set to null). When Enough is Enough! "re-arms" HTA applications, it merely resets the specified File Type for the Extension (.HTA) to its default (see the table above). It also restores the proper MIME Content Type specified by .HTA (see the table above). Enough is Enough! also modifies the following CLSID Registry key: Windows 9x/Me: [HKEY_CLASSES_ROOT\CLSID\{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer32] @="%WINDIR%\\system\\mshta.exe" Windows NT4/2K/XP: [HKEY_CLASSES_ROOT\CLSID\{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}\LocalServer32] @="%WINDIR%\\system32\\mshta.exe" When "disarming" HTA applications, Enough is Enough! sets the value to null. When "re-arming" HTA applications, Enough is Enough! sets the value to its appropriate default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "How Can I Tell if It Worked?" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You can check to see that Enough is Enough! is installed properly by looking at Internet Explorer's Options box, where Internet Explorer lets you view and configure the very options that Enough is Enough! modifies. 1. Open the Internet Options box Hit Tools >> Internet Options... from within IE. Or go to the Control Panel and open the Internet Options applet. 2. Switch to the "Security" tab Click the "Security" tab to bring it to the fore. 3. Check the Internet zone & Restricted sites zone Select the Internet zone, then hit "Custom Level." IE will open the "Security Settings" for the Internet zone. From here you can scroll down and compare the settings you see with the settings listed above for Enough is Enough! They should match. Note that Enough is Enough! configures most, but not all, of the settings that you see here. You CAN tweak any of the settings that you see in the "Security Settings" box without losing all over the other customizations that Enough is Enough! made. If a particular option in a certain zone doesn't suit your preferences, tweak away. You can always restore all of Enough is Enough's settings by re-running the INSTALL.BAT and choosing the installation option. Click "OK" to exit the "Security Settings" for the Internet zone and then check the "Security Settings" for the Restricted sites zone. 4. Switch to the "Privacy" tab (IE6 only) If you're running Internet Explorer 6.0, you should also have a "Privacy" tab. (This tab doesn't appear in earlier versions of Internet Explorer.) Click on the "Privacy" tab to bring it to the fore. 5. Check "Privacy" tab settings (IE6 only) The "Privacy" tab allows IE6 users to configure cookie handling for the Internet zone. (By default, IE6 blocks all cookies in the Restricted sites zone and allows all cookies in the Trusted sites zone.) On the "Privacy" tab, the slider bar should not appear. Instead, you should see the message "Custom - advanced or imported settings." Enough is Enough! uses custom cookie settings for both the Internet and Trusted sites zones. If you click the "Advanced..." button to bring up the "Advanced Privacy Actions" box, the "Override automatic cookie handling" checkbox should be unchecked and all other settings greyed out. Note: do not change the settings on the "Privacy" tab if you want to continue using Enough is Enough's cookies settings. If you use the "Advanced Privacy Settings" tab or the Privacy Settings slider bar (by hitting the "Default" button), then you will override and undo the cookie settings that Enough is Enough! put in place. Of course, if this is what you want to do, by all means override them. You can, however, add sites to the "Per Site Privacy Actions" box (by hitting the "Edit" button) without changing Enough is Enough's cookies settings. Keep in mind, though, that you cannot configure cookie handling in IE6 for the Trusted sites zone through the Privacy tab -- by default, all cookies (both 1st-party and 3rd-party) are allowed unless you load custom cookie settings, such as Enough is Enough! does. 6. Switch to the "Advanced" tab Click the "Advanced" tab to bring it to the fore. 7. Verify the "Advanced" tab settings Enough is Enough! disables only four settings on the "Advanced" tab: * Automatically check for Internet Explorer updates * Enable Install On Demand (Internet Explorer) * Enable Install On Demand (Other) * Enable third-party browser extensions The rest are left alone. 8. Close the Internet Options box Click "OK" to close the Internet Options box. From within Internet Explorer you should also see two round buttons on the IE Toolbar. If you move your mouse over them, their colors will change, and you should see the labels "Add to Trusted Zone" and "Add to Restricted Zone" respectively. On the "Tools" menu, you should see two entries with the same text labels. These are the WebZone functions, which allow you to add the current site you happen to be visiting to either zone. Remember that Internet Explorer Privacy & Security settings are user specific. In other words, the configuration changes that Enough is Enough! makes apply only to the user logged in when Enough is Enough! runs. If there are multiple profiles on the PC, the users associated with those other profiles retain their own IE settings. By contrast, the new Tools menu options and Toolbar buttons for the WebZone Accessory will show up in Internet Explorer for all users. If you need more information on any of the settings you've seen, check the online Help from within Internet Explorer. Also, see the "For More Information" section towards the end of this ReadMe for links to several helpful web sites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What does Enough is Enough! do that I can't do myself?" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The biggest selling point of EiE is convenience: instead of wading through all of Internet Explorer's Privacy and Security settings manually, you can run EIE and configure all of the most important settings for maxiumum security in one simple step. It is true, though, that most of the settings that EiE configures can be modified by the user through the Internet Options box. But not all of them, if you're running Internet Explorer 6.0. For Internet Explorer 6.0, EiE sets the following cookie options: Internet: 1st-party - all "downgraded" to Session cookies 3rd-party - all blocked Trusted sites: 1st-party - all "leashed" to 1st-party contexts only 3rd-party - all blocked The Privacy tab does not allow you to configure cookies for the Internet zone in that way. The Advanced Privacy Settings allow you to configure 1st-party and 3rd-party cookies, but you can't select "downgrade." The slider bar does incorporate cookie "downgrading," but no one of the 6 pre-configured slider levels will give you the combination you see above. Moreover, unlike EiE, the Privacy tab doesn't allow you to configure cookies in the Trusted sites zone at all. Period. Third-party cookies from sites in the Trusted sites zone cannot be blocked -- you allow them whether you want them or not. And because you accept all 1st-party cookies in the Trusted sites zone with no strings attached, those sites can turn around and re-use them in 3rd-party contexts. By contrast, EiE "leashes" 1st-party cookies in the Trusted sites zone to 1st-party contexts only and blocks all third-party cookies in the Trusted sites zone. Now, you can achieve the same results for IE6 by hacking the Registry or creating your own custom XML Privacy Import file, but you can't do it through the default IE6 GUI. Of course, EiE, offers only one configuration set for cookies in IE6. If you're interested in others, you might check out XML-Menu, also on my web site: http://www.staff.uiuc.edu/~ehowes/resource5.htm XML-Menu gives you 100 custom XML Privacy Import files that you can use with IE6. In case you're curious, the settings that EiE uses correspond to file 4d-s.xml from XML-Menu (R2's second Import file). Finally, EiE does install the IE PowerTweaks WebZone Accessory for you as well as R2's Toolbar buttons for "Add to Trusted Zone"/"Add to Restricted Zone." In fact, if you only want the WebZone Accessory and the Toolbar buttons, you can install just those. Run the INST-BUT.BAT installer, not the main installer (INSTALL.BAT). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What if the WebZone Accessory Isn't Working?" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If the WebZone Accessory with the "Add to..Zone" options and buttons doesn't seem to be working, here's what you can try: 1. Uninstall the WebZone Accessory Run the INSTALL.BAT again, choose Uninstall, then choose Uninstall WebZone only. 2. Download & Install the IE Power Tweaks Web Accessories Download the full PowerTweaks Web Accessories from Microsoft here: http://www.microsoft.com/windows/ie/previous/webaccess/default.asp ...and install it. 3. Selectively Install the Zone Buttons After installing PTWA from MS, run the INST-BUT.BAT installer from Enough is Enough! From the main install menu, choose to install the Zone Buttons only. In most cases this should get the WebZone Accessory working on your system. =============================================== Coping with Problem Web Sites & Browser Add-ons =============================================== While the Internet Explorer settings that Enough is Enough! uses provide you a great deal of protection while you surf the web, they may also cause you problems with some web sites and browser add-ons (plug-ins). What follows is some advice for dealing with problems that crop up after you install Enough is Enough! ~~~~~~~~~~~~~~~~~ Problem Web Sites ~~~~~~~~~~~~~~~~~ Some web sites require things like Java, JavaScript, ActiveX, and cookies. In many cases these web sites will warn you that they do require such things and will not let you in until they are enabled. If you encounter a web site that requires cookies or JavaScript, for example, and you *trust* that web site not to do malicious things to your computer or violate your privacy, you can add that web site to your Trusted sites zone. The Trusted sites zone uses much looser Privacy and Security settings, and web sites that were once broken should start to work properly once they are put in the Trusted sites zone. After you install Enough is Enough!, it's easy to add web sites to your Trusted sites zone. Enough is Enough! installs the WebZone Accessory and Toolbar buttons. This places two options on your "Tools" menu in IE along with corresponding buttons on the IE Toolbar: * Add to Trusted Zone * Add to Restricted Zone When you encounter a web site that you trust and which needs things like JavaScript and cookies, simply hit the "Add to Trusted Zone" button or "Tools" menu option to add it to your Trusted sites zone. Then reload the page. In most cases that web site should now work. In some cases, though, you may have to add additional sub-sites or sub-pages from the web site to your Trusted sites zone to get the entire web site working. If a web site still doesn't work after reloading the page and adding other sub-pages to the Trusted sites zone, try clearing your Temporary Internet Files (Tools >> Internet Options... >> Delete Files), and then closing and re-opening Internet Explorer. Keep in mind that once you add web site to the Trusted sites zone, it will be able to use ActiveX, Java, scripting, and cookies -- so be choosy about the sites you add to the Trusted sites zone. Make sure that they are sites you really trust. You can view and edit the web sites that you've added to your Trusted sites zone in the Internet Options... box: 1. Go to "Tools" >> "Internet Options..." 2. In the Internet Options box that pops up, hit the "Security" tab. 3. Select the Trusted sites zone (the green checkmark icon). 4. Hit the "Sites..." button to bring up the list of sites in your Trusted sites zone. 5. Edit or add sites as you see fit. Two tips for doing so: * Uncheck the "Require server verification (https:) for all sites in this zone." Until you do, you won't be able to manually type in standard web sites through the "Sites" box. * Use wildcards ( * ) to specify entire domains. For example, instead of adding multiple web sites from Microsoft, you can add the following entry, which will add all Microsoft web sites to the Trusted sites zone: *.microsoft.com Note the use of the *. to specify all microsoft.com URL's and protocols. And note also that we didn't have to add an http:// at the front of the entry. Be cautious in adding entire domains to the Trusted sites zone. If you know that all you need is one particular page or URL, then it would be safer to add just that one URL for the page you need to the Trusted sites zone. 6. Once you're through adding and editing web sites, click "OK" to save your changes, and then "OK" again to close the Internet Options box. As we noted earlier, after you install Enough is Enough! web sites aren't allowed to use potentially dangerous and privacy invasive technologies until you give them the go-ahead by adding them to your Trusted sites zone. Yes, it is an extra step or two, but this arrangement is much safer than letting web sites (esp. unknown ones) use such technologies by default. If you're running Internet Explorer 6.0 and you encounter web sites that need cookies enabled in order to work, but you don't trust the site enough to let it into your Trusted sites zone, you can add the site to the "Per Site Privacy Actions" box on the Privacy tab. The "Per Site Privacy Actions" box lets you override the Privacy tab's cookie settings for individual sites (either "Block" or "Allow"). Here's how to do it: 1. Open the "Per Site Privacy Actions" box On the Privacy tab, hit the "Edit..." button. The "Per Site Privacy Actions" box will open. 2. Type site URL in "Address of web site:" Type the URL of the site you want to "Allow" or "Block" into the "Adress of web site:" box. Keep in mind that Internet Explorer will shorten the address to just the domain. For example, if you type in www.myfavoritesite.org, IE will shorten it to simply myfavoritesite.org. 3. Click "Allow" (or "Block") to Add to "Managed Web Sites" Click the "Allow" (or "Block") button to add the site to the "Managed Web Sites" list. You can always remove the site later with the "Remove" button later if you want. 4. Close the "Per Site Privacy Actions" box Click "OK" to close the "Per Site Privacy Actions" box and save your changes. Remember that when you add sites to the "Per Site Privacy Actions" you are configuring only cookie-handling for those sites. They remain in the Internet zone, which means that they follow all other restrictions you have in the Internet zone (e.g., ActiveX, Java, scripting, et al). Adding the same sites to the Trusted sites zone, by contrast, will give those sites access not only to cookies, but to all the other (presumably lenient) security policies that you've set in the Trusted sites zone. Indeed, the "Per Site Privacy Actions" box can be useful to let certain sites use cookies while still keeping them on a short leash otherwise (because you're not adding them to the Trusted sites zone). One last note: setting the Privacy Settings slider bar to "Block All Cookies" will disable the "Per Site Privacy Actions" box (the "Edit" button will be grayed out). You can still block all cookies in the Internet zone and use the "Per Site Privacy Actions" by choosing "Advanced..." and setting "block" for both 1st-party and 3rd-party cookies in the "Advanced Privacy Settings." ~~~~~~~~~~~~~~ Windows Update ~~~~~~~~~~~~~~ Windows Update is a service offered on Microsoft's web site to help you keep your copy of Windows and other Microsoft software like Internet Explorer and Office up-to-date with all the latest bug fixes and security patches. It's a handy service, but it requires several options that Enough is Enough! disables. If you use Windows Update, here's what you can do to get it working again after installing Enough is Enough!: 1. Add the *.microsoft.com domain to your Trusted sites zone. You'll have to do this through the Internet Options box. See the previous section ("Problem Web Sites") for specific instructions on how to do it. 2. Enable "Install on Demand." This option is on the "Advanced" tab in the Internet Options box. Note that this option affects ALL web sites -- it isn't specific to Security zones. Windows Update should now work properly. If it doesn't, try enabling "Third-party browser extensions" on the "Advanced" tab. Also, try clearing your Temporary Internet Files (Tools >> Internet Options... >> Delete Files), and then closing and re-opening Internet Explorer. After you visit Windows Update you ought to consider disabling these same options until the next time you visit Windows Update (you can keep the microsoft.com domain in your Trusted sites zone). ~~~~~~~~~~~~~~~~~~~~~~~~~~ Browser Add-ons & Plug-ins ~~~~~~~~~~~~~~~~~~~~~~~~~~ Enough is Enough! disables several options in Internet Explorer that affect browser add-ons and plug-ins. First, it disables the "Enable third-party browser extensions" option on the "Advanced" tab, which may break plug-ins and add-ons. Second, it disables both "Install on Demand" options, also on the "Advanced" tab, which may prevent you from installing add-ons and plug-ins directly from web sites. If you use a browser plug-in or add-on that you simply can't do without, then you can re-enable the "Enable third-party browser extensions" option on the "Advanced" tab. In some cases, though, you may have to re-install those browser plug-ins and add-ons after you re-enable this option. I would be wary of re-enabling the "Install on Demand" options, except for very short periods of time to install specific add-ons and plug-ins. Leaving these options enabled can let spyware and foistware from shady web sites install automatically on your system, often with very little notice or warning. It's like leaving the front door to your house open all day long and expecting no strange characters to walk right in. In other words, Install on Demand is just plain dangerous. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Outlook Express & HTML Email ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If you're in the habit of using Outlook Express to send HTML email (as opposed to the default plain text email preferred and used by most Internet users), then you may run into problems after using Enough is Enough! In particular, when the setting "Allow paste operations via script" is disabled for the Internet zone, you may encounter errors when trying to insert digital photos (.JPG, .GIF, .BMP, etc.) into the body of your HTML formatted emails. The solution is to enable "Allow paste operations via script" in the Internet zone by setting that option to "Prompt." ==================== For More Information ==================== For more information on Internet Explorer's Security zone settings, see the Microsoft KB article: Description of Internet Explorer Security Zones Registry Entries (Q182569) http://support.microsoft.com/default.aspx?scid=kb;EN-US;q182569 Note that the above KB article discusses Security zone settings that are included IE 5 and and earlier. It does not discuss IE 6 specific settings (though IE 6 has many of the same settings). Moreover, the cookie options it describes are for IE 5 only. You also ought to have a look at this series of articles from Windows IT Security: "Internet Explorer Security Options" Part I: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20468 Part II: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20622 Part III: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20700 Part IV: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21026 Part V: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21199 Part VI: http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21282 You can find links to still more information about web browser security on this page: http://www.staff.uiuc.edu/~ehowes/info3.htm This page will point you to resources which discuss the problems with ActiveX, Java, and scripting: http://www.staff.uiuc.edu/~ehowes/info10c.htm You can find one other take on secure settings for Internet Explorer here: http://www.markusjansson.net/eienbid.html And for information about Internet Explorer 6.0's new Privacy settings, which configure cookies in the Internet zone, see the links on this page: http://www.staff.uiuc.edu/~ehowes/info2.htm And for more information (and a configuration utility) for HTA applications, see the web page for HTAStop: http://www.nsclean.com/htastop.html You can find my other utilities for Internet Explorer 6.0 on this page: http://www.staff.uiuc.edu/~ehowes/resource5.htm If you'd like the complete IE Power Tweaks Web Accessories package from Microsoft (of which the WebZone Accessory is but one part), visit the following download page: http://www.microsoft.com/windows/ie/previous/webaccess/default.asp I'd recommend uninstalling the WebZone Accessory (use option 3 from the Uninstallation menu) before installing the full IE Power Tweaks Web Accessories package. If you don't, you'll wind up with two very similar entries in your Add/Remove Programs list. Two aspects of Internet Explorer that may represent privacy concerns but which Enough is Enough! doesn't configure are the Profile Assistant and AutoComplete. Both are configurable from within the Internet Options box: * On the "Advanced" tab you have the following options: - Enable Profile Assistant - Use inline AutoComplete * On the "Content" tab you will encounter these options: - AutoComplete... Use AutoComplete for: ~ Web addresses ~ Forms ~ User names and passwords on forms + Prompt me to save passwords ~ Clear Forms ~ Clear Passwords - My Profile... Your Personal Profile is stored in the Address Book (accessible from the Start menu), and you can delete it from there if you're interested. You can also use one of these third-party utilities to configure AutoComplete: AutoWhat http://www.pcmag.com/article/0,2997,s=1478&a=23589,00.asp or http://common.ziffdavisinternet.com/download/0/1415/autowhat.zip (direct download) Internet Organizer Pro http://www.sf.yucom.be/wdprojects/ Another feature of Internet Explorer that may concern you is Browser Helper Objects (BHO's). Browser Helper Objects are special add-ons for IE that allow other programs to piggyback on and use Internet Explorer's functionality. BHO's have been used by spyware/foistware pushers to customize Internet Explorer. You can find a good article about BHO's by Dave Methvin at the old WinMag web site: IE Helpers That Don't Help! http://content.techweb.com/winmag/fixes/2000/1013.htm At least three utilities exist to help you monitor and uninstall BHO's that may be on your system: BHOCaptor http://www.xcaptor.org/bhocaptor.php or http://www.webattack.com/get/bho.shtml BHO Cop http://www.zdnet.com/downloads/stories/info/0,10615,77432,00.html or http://download.cnet.com/downloads/0-3364664-100-5930345.html BHODemon http://www.wilders.org/downloads.htm Finally, if Enough is Enough's IE settings are too strict for your tastes, you might consider downloading and installing IE-SPYAD. IE-SPYAD will add a long list of known advertisers, marketers, and crapware pushers to your Restricted sites zone, giving you a large measure of protection from the nastier elements of the web while still allowing you to keep your Internet zone settings fairly loose. You can download IE-SPYAD here: http://www.staff.uiuc.edu/~ehowes/resource.htm ===================== Why Enough is Enough! ===================== Why put together a batch file package that configures Internet Explorer options? For the most part what Enough is Enough! does isn't much different from what you can do yourself through the Internet Options box in IE. The advantage here, of course, is that with the installer you do it all in one go. One disadvantage to this approach, however, is that by relying on a program like Enough is Enough!, novice users may not learn all they could or should about what their browser is doing. Ideally folks would take the time to learn their PC's, their applications, and their OS's. And I'm hoping that users of "Enough is Enough" might be intrigued enough to take a look "under the hood" and start investigating the settings that the installer modifies. But all too many folks find IE's settings too confusing and intimidating. In their view, computers ought to operate like any other consumer appliance in the house -- and computers don't of course. Although I agree that PC users ought to invest the effort to learn the in's-and-out's of the programs they use on a daily basis, I finally decided to make this program after several things occurred. First, I'd spent a couple hours helping one of my students clean up her computer, and there was the usual assortment of spyware and marketing detritus on that box. That wasn't the first time I'd had to clean up someone's box after it had been trashed by pushy direct marketers. One box I recently saw was less than a year old and had been reduced to a state of near non-functionality. And that didn't happen because of any apps the owner had deliberately installed or configuration changes she had knowingly made (she didn't even realize she could change the desktop resolution/screen area). Second, I was taken aback at the recent spate of news articles about the alarming rise in obnoxious spyware pushers. Curious, I decided to disable all my "defenses" one afternoon and go surfing. What I encountered left me appalled. It'd been a long time since I'd seen the Web as most folks see it, and I simply wasn't prepared for what happened: popups beyond belief, auto-installing toolbars and other browser add-ons, ActiveX controls upon cookies upon JavaScript bombs. My system was quickly mired in a swamp of crapware and popups. Now, I'd heard the horror stories from users and seen the aftermath on people's computers, but I hadn't seen all of this with my own eyes. (I guess I've been living a kind of sheltered existence behind my strict IE settings and AtGuard.) And I couldn't help but think: if people are actually putting up with this (and most folks are), it has to be because they either don't know what to do, or they're too confused by the settings they confront when they try to do something about it. Once I saw what folks were dealing with, I decided to put together the utility. It was a spur of the moment decision. I finished the initial version in a few hours and posted it the same night. Over the next few days I tweaked it with the help of several online forum participants. And my own experiences on the web that one afternoon led directly to the name: "Enough is enough!" Enough is Enough! isn't for everyone, but it's a start. And maybe it'll help a few folks prevent their own PC's from being hijacked and used against them. ==================== Problems & Questions ==================== I hope you find this utility helpful in your use of Windows and Internet Explorer. If you run into serious problems with this utility and you have made every attempt to address the problem but remain stumped, I can be reached at: eburger68@myrealbox.com Please keep in mind that my busy schedule may not allow me to respond immediately. I will attempt to get back to you, though, and address your questions. Other helpful resources for getting answers to questions about protecting you privacy in Internet Explorer include the GRC Privacy & Security news groups, which are generously hosted by Steve Gibson of Gibson Research (GRC): http://grc.com/discussions.htm ...and the DSLR Security forum: http://www.dslreports.com/forum/security,1 I've found the folks who hang out in these groups to be helpful, knowledgeable, passionate, and more than wise to the wiles of the marketing droids which infest the Net. Finally, you might also check out my web site at The University of Illinois at Urbana-Champaign, a site which contains a bevy of links to information and software relevant to Privacy & Security on the Internet: http://www.staff.uiuc.edu/~ehowes/ ========================== Credits & Acknowledgements ========================== A special thanks to R2 (a frequent poster at the DSLR Security forum) for his "Add to..Zone" buttons. They make Microsoft's own PowerTweaks WebZone Accessory much more useful. ------------------------------------------------- Date: 4/9/02, 4/11/02, 4/13/02, 5/28/02, 6/13/03, 10/15/03, 9/2/04 From: http://www.staff.uiuc.edu/~ehowes/ Made By: Eric L. Howes (eburger68@myrealbox.com) ------------------------------------------------- Copyright (c) 2000-2002 Eric L. Howes This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Some files distributed with this package may not be covered by the GNU GPL. Those files remain the property of their original owners and are covered by the licenses under which they were originally distributed. All trademarks are the property of their respective owners. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.