A commentor named Jason left the following message today:
Try this. MS states that it only works in IE 5.x, but I have IE 6.0 and it works fine. Should at least allow you to manage zones easier.
http://www.microsoft.com/windows/ie/previous/webaccess/pwrtwks.mspx
Fantastic. It does work on IE 6.0 (on Server 2003 SP1, so I'm guessing it'll work on any 32-bit version of IE). Unfortunately, I can't use it with Maxthon. However, it is very close to what I've wanted.
Installing this tool gives you some new options under the “Tools” menu in IE. One is “Add to trusted zone,” and the other is “Add to restricted zone.” Why this isn't included in IE boggles my mind. The best way to secure IE in my mind (aside from not running as an admin) is to turn up the security settings for the Internet zone. At the very least, disable Active Scripting.
For IE 7.0, this should be their first priority. Give me a workable set of default security zones, and an EASY way to assign sites to diffrent ones. Also, In addition to the current Internet Zone and Trusted Zone, I'd like something in between.
Here's the real problem though... IE can't decide whether security restrictions have affected the useability of the page. So if I set “Active Scripting” to “prompt” it gives me a warning on virtually every page ever. But most of the time the page serves its purpose just fine. In those cases where it doesn't (message boards, comment submissions, etc.) I want to add it to my trusted zone (or more-trusted-than-not zone).
If IE were smarter, it would be able to figure out “this page isn't going to look right with the current zone settings, I should ask if it should be promoted to the Trusted zone.”
Also... how about a Spynet for the web browser? Let's make a centralized database of whether a site is deemed trustworthy or not by others. Then IE could warn me that most people found the link I just clicked on to be evil, and so I should proceed with caution (or not at all).
Any thoughts?