The Trouble with Untrusted Sites


It seems that rogue web sites will always be a part of our daily lives.  You run into them most often when searching for a particular topic and click on one of the listed sites from your search:  suddenly your browser takes on a life of its own, spawning additional browsers and taking you places you’d rather not go.  More often than not, these sites will start a fake antivirus scan and “alert” you that you’ve got multiple infections and then provide you with an easy “fix” that will not only ask you for a credit card number, but will also install all sorts of nasty spyware on your computer.

There are a number of ways to protect yourself from these rogue sites, but unfortunately none of them are foolproof.  A good antivirus product should always be your first and best line of defense.

In this article, I’m describing one of my favourite low-cost measures to protect your Internet Explorer browsing experience:  the use of Trusted sites.  Here’s how it works in a nutshell:

  1. Under Internet Options/Security, crank up the security of the Internet zone to the maximum (High).  This will disable (almost) all functionality on any untrusted site you stumble across.
  2. Whenever you find a site that has functional problems because it uses Flash or Javascript, and you trust that site, you can manually add that site to your Trusted Sites list under Security Options to enable (most) functionality.

The concept is simple, yet in practice it can be a bit of a pain to setup and use successfully.  Here is a good how-to article I found when searching on Internet Explorer and Trusted Sites:  It explains exactly how to set this up and includes a link at the bottom for a Power Tweaks utility from Microsoft for IE that can be used to add a “Add to Trusted Sites” menu option to IE.

Once you’ve configured your IE browser to work with Trusted Sites, there are still times that things just don’t work.  Some sites will give you a hint as to what the problem is (“this site requires you to have the latest version of Flash, or have ActiveX enabled, etc), but many other sites just do nothing, even after they’ve been added to your Trusted Sites zone.  The most common reason for this is that many sites use background services on affiliated or even third-party sites that also need to be part of your Trusted Sites zone for full functionality.  An example of this is any site that uses CAPTCHA (a challenge-response mechanism to ensure a live person is subscribing), such as Ticketmaster.

If a particular site doesn’t work even after you’ve added the site to your Trusted Sites zone, here are some of the things you can try, in increasing order of complexity and/or decreasing order of security:

  1. I often add a wildcard to the trusted site, such as *, to get all of the sub-domains of the main www site.  Sometimes you also need to add *, if the site has a Canadian presence.
  2. If item 1 fails, try going to menu Page/ (in IE 7) or Safety/ (in IE8) and Select Webpage Privacy Policy…  In the window list that comes up, you’ll see all of the web sites that make up the page that you are viewing.  Be very careful NOT to add all of the sites that you see in that list to your Trusted Sites zone.  Many of these are just advertisement links and other tracking processes that you really don’t want to trust.   You need to look for the one or two sites in the list that can likely be causing you problems.  In the case of Ticketmaster, the sites are *, * and, the site that provides the CAPTCHA challenge/response code on behalf of Ticketmaster.
  3. If all else fails,or if item 2 above is too complicated, it’s always a good idea to have a second browser (such as Firefox) available to try on the uncooperative site.

Whichever method you choose to protect your Internet browsing experience, keep in mind that a good antivirus product is your first line of defense, that no browser and no solution is 100% secure, and that you’ve got to be constantly vigilant when it comes to online activities.

Dan Frederick

Dan Frederick

Dan Frederick, BSc Eng, MBA, is the president of Claritech Solutions. He's passionate about Data Protection and IT Security.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.