Hi, this is Max and Uche from the user experience team. We want to talk to you about what we call the Fix My Settings feature. You will encounter this if you set your security settings to an insecure state whilst in the Internet or Restricted zone. When you choose an insecure setting two things will happen:
- An information bar will appear at the top of the browser with ‘Fix Settings for Me’ as the first menu option.
- In place of your homepage, you will see a warning page on startup of IE.
We want to talk about some of the feedback that we’ve received about this feature. It primarily consists of the following three questions:
- Why does IE continually remind me of my security settings?
- How do I know which settings will leave me in an insecure state?
- Are there any ways to get around the reminders?
Why does IE continually remind me of my security settings?
Our main goal is to give you an easy way to know that something is wrong with your browser security settings. To make it easy for you to fix this, we provide a one click method that restores all the relevant settings to their secure default value. By providing constant reminders, our goal is to encourage you to fix your settings as soon as possible. The sooner you do this, the less opportunity malicious software has to get a foot hold on your machine and the more secure your browsing experience will be.
How do I know which settings will leave me an insecure state?
We decided that when you’re browsing in the Internet or Restricted zone, any settings that would allow arbitrary code to run on your computer without your consent could potentially put your computer at risk. You can identify these settings as the ones with (not secure) or (recommended) appended to the text in the security zone settings.
Are there any ways to get around the reminders?
This feature can be controlled using Group Policy but we do not provide a way in the user interface of turning off this feature. This is because putting your security settings at a non-recommended level has been one of the most common vectors of attack for spy ware in the past. Users of older versions of IE often put their computers at risk temporarily to avoid application compatibility issues with other applications and would then forget to set their security settings back to the recommended level. Spyware would then use this opportunity to effectively take over the computer. Although we want to continue to provide the ability to set your settings to a level that allows you to work with other applications, we also want to prevent you from keeping your settings in an insecure state for a long period of time in order to reduce the attack surface area that spyware has on your computer.
In summary, Fix My Settings is designed for two purposes:
- To inform you when their browser is insecure
- To provide an easy way for you to fix their security settings
Fix My Settings modifies any security setting that could allow arbitrary code to run without your consent. These are identified by (not secure) and (recommended) attached to the settings in both the Internet and the Restricted zone.
This feature can be controlled using Group Policy but we do not provide a way in the user interface for users to turn this feature off in order to maintain as secure a browsing experience as possible.
We hope you find this information useful and as always feedback is welcomed.
- Max and Uche