Managing Software Downloaded to the Corporate Network

February 19, 1997

With anonymous executables that are being downloaded in increasing numbers from the Internet, administrators face greater risks of viruses or malicious activity on their networks. Microsoft is working to provide administrators with the tools they need to manage these risks.

(Please note that the links indicated by the symbol below point to servers that are not under Microsoft's control. Please read Microsoft's official statement regarding other servers.)

Microsoft Internet Explorer Administrator's Kit (IEAK). The IEAK allows administrators to enforce security settings on all desktops in their organizations. For instance, administrators can control the types of content downloadable to desktops. Options that administrators can enable or disable include "Allow downloading of active content," "Enable ActiveX controls and plug-ins," "Run ActiveX scripts," and "Enable Java programs." Administrators can also set Internet Explorer's safety level to "High" corporate-wide, preventing either unsigned or tampered code from being downloaded to the corporate network.

Microsoft Proxy Server. Administrators can use the Microsoft Proxy Server in conjunction with InterScan WebProtect™ from Trend Micro Incorporated , to block Java applets, ActiveX objects, unsigned software, and all incoming software except that from commercial publishers. In addition, WebProtect scans HTTP files for computer viruses before they reach the LAN.

Firewall products. Microsoft is working with firewall vendors such as Trusted Information Systems to incorporate support for Authenticode™ technology in products such as the Gauntlet firewall . At a central location, administrators can control the entry of unsigned code onto the corporate network. Additionally, administrators can specify which software publishers are trusted, and whose software executables to allow through the firewall.