************************************* SurfinShield Xtra 2.7, Release Notes ************************************* SurfinShield Xtra is a security solution that enhances the system security in regards to Java applets and ActiveX controls that are downloaded over the Web routinely (often without the user's knowledge). After installation, SurfinShield Xtra will be invoked automatically every time you boot up your system and will continuously monitor both Java and ActiveX environments of the browser. Whenever the browser is invoked, SurfinShield Xtra enforces the security policy as defined in the product settings, by monitoring and controlling the browser activities. Whenever the browser detects it is not monitored by SurfinShield Xtra, it informs the user of this situation. New Features in This New Release of SurfinShield Xtra: ------------------------------------------------------ 1. The same executable supports the Internet Explorer, Netscape Navigator, and Netscape Communicator browsers. 2. SurfinShield Xtra supports monitoring and control of ActiveX controls in addition to Java applets, including: - Detection and display of all ActiveX controls in the system; - Display of all relevant properties of the ActiveX control (URL, Name, ID, Certificate details, Security danger level); - A security manager functionality for ActiveX, maintaining the sandbox model: Continuous run-time monitoring detecting access to the local file system and use of the network system; - Elimination for the run-time environment (killing ActiveX applets) upon detection of a security violation; - Prevention of loading of Suspicious ActiveX controls; - Ability of marking any ActiveX control as suspicious; - A comprehensive log recording all security related events of all ActiveX controls. ActiveX Security Settings: -------------------------- SurfinShield Xtra acts as a security manager for ActiveX controls, by implementing an X-Box, an enhanced version of the sandbox security model available for Java. ActiveX controls are not allowed access to the local file system, except for specific directories. (Additional file access is allowed in order to enable controls to function.) You can configure the access control permission in the setup/permissions menu of SurfinShield Xtra. The security policy for ActiveX controls is set using the same checkboxes used for Java applets. Note however, that in this version of SurfinShield Xtra the following options in the Settings window do not apply to ActiveX controls: 1. Prevent E-mail, Telnet, and Finger 2. Prevent Server Socket Java Security Settings: ----------------------- SurfinShield Xtra is provided with a default Java security policy that is presented to the user during installation in the form of a feature checklist. This default security policy enforces all security features of SurfinShield Xtra, thus protecting your system best. This maximum protection includes preventing undesired applets from penetrating your system, eliminating from the system any applet as it violates the security rules and enforcing the most strict definition of security rules. Each item on the security settings list may be checked or unchecked independently. If you are not sure of the exact meaning of any of the items comprising the security policy, you should leave all items checked as per the default policy. After installation, you can change the security settings of the program from the settings screen. For more information regarding each of the settings please refer to the online help (after installation). Browser Issues: --------------- If you upgrade your browser or your NCompass Netscape ActiveX plug-in AFTER installing SurfinShield Xtra, the browser will no longer be protected. Only the browser [version] identified in the Microsoft registry DURING the installation of SurfinShield Xtra will be monitored. As an example, during installation, SurfinShield Xtra finds the current Netscape browser by reading the Microsoft Windows 95 registry file. SurfinShield Xtra will always attempt to use the most current version of the browser installed on the desktop and will always choose Netscape Communicator over Netscape Navigator. Therefore, users who want to use SurfinShield Xtra with Netscape Navigator should either: 1. Uninstall Communicator before installing SurfinShield Xtra, or 2. Make sure Communicator is installed after SurfinShield Xtra. Four important notes regarding SurfinShield Xtra installation: 1. THIS VERSION OF SURFINSHIELD XTRA CURRENTLY DOES NOT SUPPORT INTERNET EXPLORER 4.0 IF YOU ATTEMPT TO INSTALL SURFINSHIELD XTRA WITH INTERNET EXPLORER 4.0, YOU WILL GET AN ERROR MESSAGE. PLEASE BE SURE TO SEE FINJAN'S HOME PAGE, HTTP://WWW.FINJAN.COM FOR THE EXPECTED RELEASE DATE OF SUPPORT. 2. IF YOU PLAN ON INSTALLING INTERNET EXPLORER 4.0 ON YOUR COMPUTER YOU MUST UNINSTALL SURFINSHIELD XTRA BEFORE DOING SO. 3. YOU MUST REINSTALL SURFINSHIELD XTRA FOLLOWING THE INSTALLATION OF A NEW VERSION OF THE INERNET EXPLORER, NETSCAPE NAVIGATOR, OR NETSCAPE COMMUNICATOR BROWSER. 4. YOU MUST ALSO REINSTALL SURFINSHIELD XTRA FOLLOWING THE INSTALLATION OR UPGRADE OF A PLUG-IN THAT ENABLES ACTIVE-X CONTROLS TO FUNCTION WITH NETSCAPE PRODUCTS. Known limitations of this version: ---------------------------------- 1. This version of SurfinShield Xtra can only be installed under the Windows 95 platform; it will not install under Windows NT. 2. Compatibility with browsers released as beta or preview versions is not guaranteed. This version of SurfinShield Xtra has been tested for compatibility with the following browsers: - Internet Explorer 3.0x - Netscape Navigator 2.02 - Netscape Navigator 3.0x - Netscape Communicator 4.0 - 4.04 3. This version of SurfinShield Xtra can be installed to only one (1) version of the Microsoft browser and one (1) version of the Netscape browser. For example, if you have installed and are using both Internet Explorer 3.01 and Communicator 4.01, you can ask SurfinShield Xtra to install to both browsers. 4. This version of SurfinShield Xtra can be configured to protect the last installed version of the Microsoft browser the AND the most current version of the Netscape browser. For example: - If the last Microsoft browser installed is Internet Explorer 3.01, then even if Internet Explorer 3.02 was previously installed and has not been uninstalled, SurfinShield Xtra will be configured to protect only Internet Explorer 3.01; Internet Explorer 3.02, even if still resident and active, will not be monitored by SurfinShield Xtra. - If both Netscape Communicator 4.01 and Netscape Navigator 3.01 have been installed on the desktop prior to the installation of SurfinShield Xtra, SurfinShield Xtra will be installed to protect ONLY the Communicator 4.01 browser (the most current revision) and not the Navigator 3.01 browser, regardless of order of installation. Both browsers may continue to co-exist and operate in the same desktop but the older revision, Navigator 3.01, will not be monitored by SurfinShield Xtra. 5. If the browser is invoked automatically from the startup folder before SurfinShield Xtra, the browser will not be monitored by SurfinShield Xtra and there will not be any protection available from applets or controls. Consequently, when visiting (loading) a Web page with applets or controls, SurfinShield Xtra will not display the applet or control and will not provide protection to the browser environment. To avoid this problem, simply make sure SurfinShield Xtra is running before accessing a Java or ActiveX enabled Web page for the first time. **** END ****