It's not theory, none of the computer systems I mentioned or any of my own have any special settings other than the Windows XP/Vista and/or IE 7/8 defaults and they've protected both myself and my nephews very well. Any of the products you mentioned are add-ons not included with Windows and require special additonal operations by the user to use them, so they are actually more difficult for a non-technical user to manage.
Actually, making use of Spybot's and SpywareBlaster's immunizations, is a lot easier than actually having to tweak IE, to offer, by itself, a better protection.
It's a two step process. Update and re-immunize. Simple.
The only advertised reason that Restricted sites exist is to allow a user to add an entry manually one at a time within Internet Options, Security tab, Sites button. Automated 'stuffing' of these registry entries has never been addressed in any Microsoft Technical literature and thus is not officially supported. It is products such as Spybot S&D and SpywareBlaster that have implied that this is the reason they exist, not Microsoft.
Then, why not just take the Restricted Sites Zone option, since, what you mention, would be better to place at the HOSTS file, which would prevent anything in the system to connect to that domain.
But, what the Restricted Sites Zone offers, that the HOSTS file lacks, is the capability of adding domains like *.bad-domain. com. By placing a *, the user would be blocking access to any domain within the domain .bad-domain. com, and not just to the main one.
So, such feature and such entries, are, in my most opinion, useful, and waste no resources. Most important, provide an extra layer of security.
This info my be useful to some person, digging through this thread. Not to me, though. But, thanks.
Please note that I did not include UAC in my discussion, since that's not really a security feature, it's a nag box designed purposefully to annoy users of badly written software in hopes they'll complain to the real offenders, the vendors of the software that are unnecessarily requiring Administrative priviledge for their programs to operate. Otherwise, the only prompts you should see are those that would actually require Administrative access, such as program installation.
Actually, it is a security mechanism. When UAC is enabled, it will also enable the Protected Mode in IE7 and IE8, in Windows Vista and Windows 7. This will decrease what IE can do in the system.
UAC is also a good way to know when something is requiring elevated rights to do important changes in the system.
Let's imagine that some user would open an e-mail, and, UAC alert for something. "Houston, we have problem.".
So, UAC is much more than just an annoyance.
And note that I never stated the 'bug' shouldn't be fixed, though I personally don't care if it ever is for the reasons I've already stated.
Fair enough.
If there's one thing I've learned by observing these and other forums it's that many people will only feel protected if they've installed and updated a half dozen often conflicting and questionable products every week, even if the aggregate protection provided by these products is no better than what one good product might provide. It's also quite obvious that many of these same users will avoid or ignore updating either thrid-party software products or even Windows itself, even though these are the most proven methods of providing actual protection.
Unfortunately, it happens. But, this are people, who get, perhaps, their first system. Are not even aware of the existing dangers.
But, the main problem here, are the IT professionals. They don't alert the costumers for that very same fact. They just install a free and crippled antivirus, and that's it, pretty much.
Last year, a relative of mine, bought a computer (New computer user), and the folks where this computer was bought, only installed a free and crippled antivirus. They didn't care to explain how to update it. They haven't enabled UAC. They also didn't explain how to work with it, obvisiouly.
To make things a lot worse, they didn't create a normal user account.
True security is actually very simple, repetitive and mundane. The more complex the process is made the more likely it will fail.
Bitman
Yes, I agree. That security should be simple, that is. But, just because one makes use of a layered security, that doesn't mean it isn't simple.
One can just make use of a very complex Intrusion Prevention System. But, would it be simple, then?
Best regards
