Zone-Spoofing Fixed for IE 7 Home Users

BeanBunny writes "The IE 7 dev team has essentially removed the intranet zone for Home users, resulting in a Web browser that is effectively invulnerable to a zone-spoofing attack. This security feature does not exist, however, on any installation that is part of a managed network. It also does not exist if you manually change the permissions on your Internet zone. However, in Windows Vista, both zones will be run in a 'protected mode,' something that allegedly prevents the invisible installation of code."

Why do we need zones?

I still fail to understand why IE needs zones at all. If the security settings were less complicated and more reasonable, this wouldn't be a problem. Instead of trusted/intranet/internet, etc... why not a 'whitelist' and 'blacklist.' Simple and easy. Zones are complicated and confusing for most users, and many people end up setting the internet zone to low security so they can access their favorite Java/Flash/JS/ActiveX-addled whiz-bang website anyway.

Always Trust Content From This Provider

[Nom+du+Keyboard]

Always trust content from this provider.

Everyone should know that checkbox well -- and leave it alone and unchecked.

But where is the Never trust content from this provider ever again checkbox? The one I want to check every time I go to a site (all seemingly signed by the same certificate provider) that tries to install the 24-hour Time Manager, or You Must Click Yes to View This Site's Content when all trying to do is get out of a site I hadn't wanted in the first place.

That's what I want my browser to offer me -- along with an inability for any web-site to affect my browser's basic functioning, like disabling the right mouse key. When is that patch coming?