尽管保护您的计算机的方法有点激进,但Microsoft可以禁用Internet Explorer中的所有下载。
在几种情况下,禁用 IE 中的下载可提供临时或永久修复以保护您的 PC 免受病毒、蠕虫、特洛伊木马(Trojan)和其他恶意软件的侵害。继续阅读以了解为什么以及如何阻止您的计算机用户下载文件。
为什么禁用下载?
一些下载的文件比其他文件对您的计算机安全构成更大的威胁。带有 *.exe 文件扩展名的可执行文件特别危险,因为这些文件,顾名思义,具有可执行代码。除非您绝对确定下载的可执行文件来自可信赖的来源,否则切勿单击此类文件。
询问(Ask)任何有经验的计算机管理员,他/她会告诉您,随着越来越多的人可以访问和使用 PC,来自病毒和其他恶意软件的威胁呈指数级上升。即使在家庭环境中,不耐烦的孩子或没有经验的用户也更有可能点击任何看起来诱人的东西。禁用下载文件的功能是您可以做的一件事,以保护您的计算机免受这些用户的操作。
最后,如果您的计算机上有一个任何人都可以使用的访客帐户,您需要一种保护您的 PC 免受恶意下载的方法。最安全的选择是完全禁止任何下载。毕竟,如果一个人在计算机上没有他/她自己的帐户并且必须使用访客帐户,那么您就有强烈的动机来保护自己免受这个临时用户的行为。
显然,这种方法的最大漏洞是有人可以下载Chrome或Firefox并下载他们想要的所有内容,对吧?是的,从技术上讲,您必须以某种方式设置您的计算机,使其只能运行 IE 或阻止Firefox和其他浏览器运行。您可以阅读我之前关于在 Windows 10 中为帐户设置信息亭模式的(setting up kiosk mode for an account in Windows 10)帖子,这是第一种方法。
为了防止其他应用程序运行,您需要配置AppLocker 之(AppLocker)类的东西。但是,如果您拥有Windows的(Windows)家庭(Home)版,这将不起作用。设置有点复杂,所以如果您只是想防止孩子弄乱您的计算机,信息亭模式可能是一个更好的选择。
如何在 IE 中阻止下载
幸运的是,只需单击几下即可在 IE 中禁用下载。首先打开 IE 并单击菜单栏上的工具。(Tools)然后单击Internet 选项(Internet Options)以打开Internet 选项(Options)窗口。
在Internet 选项(Options)窗口中,单击安全(Security)选项卡,然后单击位于此区域的(Zone)安全级别部分的(Security Level)自定义级别(Custom Level)按钮。
您现在应该查看“安全设置 - Internet 区域”(Security Settings – Internet Zone)窗口。在“设置”(Settings)框中,向下滚动到“下载(Downloads)”部分并找到标题为“文件下载(File Download)”的选项。将此选项从Enabled更改为Disabled。单击确定(OK)按钮。
IE 现在询问您是否要更改此区域的设置。单击(Click) 确定(OK)。
为了使此更改生效,您必须重新启动 IE。关闭 IE(Close IE)并重新打开它。
如果您想测试设置,请访问任何有信誉的站点并尝试下载文件。例如,您可以访问 www.adobe.com 并尝试下载Adobe Reader。请注意(Notice),当您单击下载文件时,IE 会向您发出安全警报并通知您您的安全设置不允许下载此文件。
为了最终防止恶意下载,请考虑完全禁用 IE 中的下载。虽然是一种极端的计算机安全方法,但当许多人使用您的计算机或您的 PC 上有访客帐户时,这可能是您抵御恶意软件的最有力武器。
在组策略中禁用下载
如果您运行的是专业版(Pro)或更高版本的Windows,您还可以在组策略(Group Policy)中设置此选项。为此,请单击开始(Start),然后键入组策略。
这将打开本地组策略编辑器。现在导航到以下部分:
Computer Configuration - Administrative Templates - Windows Components - Internet Explorer - Internet Control Panel - Security Page - Internet Zone
到达那里后,您应该会在右侧看到一个名为Allow file downloads的选项。
双击(Double-click)该项目并确保选择禁用(Disabled)单选按钮。
同样,您需要做一些额外的工作才能真正防止精通技术的用户想出其他方法来绕过此限制。禁用对命令提示符的访问总是一个好主意,因为文件可以通过这种方式轻松下载。享受!
Block File Downloads in Internet Explorer
Although a somewhat drastic method of protecting your computer, Microsoft makеs it рossible to disable all downloads in Internet Explorer.
There are several situations when disabling downloads in IE provides a temporary or permanent fix to guard your PC against viruses, worms, Trojan horses, and other malware. Read on to learn why and how to stop users of your computer from downloading files.
Why Disable Downloads?
Some downloaded files carry with them more of a threat to your computer’s security than others. Executable files with an *.exe file extension are particularly dangerous because those files, as their name implies, have executable code. Unless you are absolutely sure that a downloaded executable file is from a trustworthy source, you should never click on this type of file.
Ask any experienced computer administrator and he/she will tell you that the threat from viruses and other malware goes up exponentially as more people have access to and use a PC. Even in a home environment, impatient kids or inexperienced users are more likely to click away on anything that looks enticing. Disabling the ability to download files is one thing you can do to protect your computer from these users’ actions.
Finally, if you have a guest account on your computer that anyone can use, you need a method of protecting your PC from malicious downloads. The safest alternative is to disallow any downloads at all. After all, if a person doesn’t have his/her own account on a computer and must use the guest account, you have a strong incentive to protect yourself against the actions of this casual user.
Obviously, the biggest loophole in this method is that someone could just download Chrome or Firefox and download all they want, right? Yes, so technically, you have to setup your computer in a way so that it can either only run IE or will block Firefox and other browsers from running. You can read my previous post on setting up kiosk mode for an account in Windows 10, which is the first method.
To prevent other applications from running, you would need to configure something like AppLocker. This won’t work if you have the Home version of Windows though. It’s a bit complicated to setup, so kiosk mode might be a better option if you’re just trying to prevent your kids from messing up your computer.
How to Block Downloads in IE
Luckily, disabling downloads in IE is just a few clicks away. Begin by opening up IE and clicking on Tools on the menu bar. Then click on Internet Options to open the Internet Options window.
On the Internet Options window, click on the Security tab and then click on the Custom Level button located in the Security Level for this Zone section.
You should now be looking at the Security Settings – Internet Zone window. In the Settings box, scroll down to the Downloads section and locate an option titled File Download. Change this option from Enabled to Disabled. Click the OK button.
IE now asks if you want to change the settings for this zone. Click OK.
In order for this change to take effect, you must restart IE. Close IE and reopen it.
If you want to test the setting, go to any reputable site and try to download a file. As an example, you could go to www.adobe.com and try to download Adobe Reader. Notice that when you click to download the file, IE gives you a security alert and informs you that your security settings do not allow this file to be downloaded.
For the ultimate protection from malicious downloads, consider disabling downloads in IE altogether. Although a drastic approach to computer security, this may be your most powerful weapon against malware when many people use your computer or if you have a guest account on your PC.
Disable Downloads in Group Policy
If you are running the Pro or higher version of Windows, you can also set this option in Group Policy. To do this, click on Start and then type in group policy.
This will open the local group policy editor. Now navigate to the following section:
Computer Configuration - Administrative Templates - Windows Components - Internet Explorer - Internet Control Panel - Security Page - Internet Zone
Once you are there, you should see an option on the right-hand side called Allow file downloads.
Double-click on that item and make sure to select the Disabled radio button.
Again, you’ll need to do some additional work to really prevent tech-savvy users from figuring out other ways to bypass this restriction. It’s always a good idea to disable access to the command prompt too as files can be downloaded that way easily. Enjoy!