How can I prevent users from uploading files using IE?

I need to prevent intranet users (Windows 2000 Active Directory Domain) from uploading files via Internet explorer 6 sp1 (IE in general). Basically we have an intranet and we have Internet access, and we wish to monitor web based e-mail attachments made from out network. If we cannot monitor it, then we need to prevent it from happening, solutions and ideas would be helpful. People must be able to browse and download files and documents as normal.

Another issue is how to prevent Web-based downloads of Spyware screen savers and mouse pointers that do not require admin privileges to install.

First you say you want to prevent uploads of files using IE. Then you say you want to monitor Web-based e-mail attachments made from your network (sent by your users?), or prevent it. Then you want to prevent Web-based downloads of spyware and mouse pointers that do not require admin privileges (so it's ok for administrators to download and install them?)

These are very different issues one (prevent malware based on IE uploads) prevents your users from infecting others via I.E. Another (Web-based e-mail from your users) prevents them infecting others via e-mail. A third wants to prevent spy ware downloads for ordinary users. While I think it's laudable to prevent your users form infecting others, I get the sense that that is not really the question. I think the question may be to prevent malware, including spyware on your network. If so, many products exist that filter e-mail at the gateway and remove attachments that are suspicious (rules that you can adjust and define). The benefit here is additional spam filtering, and the ability to examine in a closed, test environment, attachments before they are passed on, if a rejected attachment is then requested by the user. Gateway filtering products often live on the mail server, or firewall.

A useful site is http://www.msexchange.org/. Second, SP2 for XP will help the IE issues, as will hardening of the security and advanced settings of IE (See: http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/iesechelp.asp). There are also products that block all web based downloads, or can scan downloads and reject, or quarantine them. Many of these products may also be used to scan existing products for spy ware and remove them, in addition to blocking their download. This site has a review of spyware removal products -- http://www.anti-spyware-review.toptenreviews.com/.

This was first published in July 2004

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top