Safer Settings for Internet Explorer (Windows XP SP2)
Month after month more vulnerabilities are found in Internet Explorer, so how can you stay ahead of the curve?
Most security breaches are related to ActiveX, Java and Scripting, or the complete abscence of a properly configured firewall.
Internet Explorer offers a good mechanism to customize your security, with the Content zones. You can access the settings by selecting Tools > Internet Options from the Internet Explorer menu, and choosing the Security tab.
You will see that Internet Explorer lets you set different levels of security for four different types of sites: Internet, Local intranet, Trusted sites and Restricted sites.
Without any further action, the default security for sites on the Internet will be the Internet zone. By default, this is set to Medium security. Here are some of the settings which will be in effect:
.NET Framework-reliant components:
Run components not signed with Authenticode: Enable
ActiveX controls and plug-ins:
Binary and script behaviors: Enable
Run ActiveX controls and plug-ins: Enable
Script ActiveX controls marked safe for scripting: Enable
Downloads:
Font Download: Enable
Miscellaneous
Allow META REFRESH: Enable
Allow Web pages to use restricted protocols for active content: Prompt
Display mixed content: Prompt
Drag and drop or copy and paste files: Enable
Installation of desktop items: Prompt
Launching programs and files in an IFRAME: Prompt
Navigate sub-frames across different domains: Enable
Software channel permissions: Medium Safety
Userdata persistence: Enable
Web sites in less privileged web content zone can navigate into this zone: Enable
Scripting:
Active scripting: Enable
Allow paste operations via script: Enable
Scripting of Java applets: Enable
To make the Internet zone more secure press the Custom Level button, and change the following settings:
.NET Framework-reliant components:
Run components not signed with Authenticode: Disable
ActiveX controls and plug-ins
Binary and script behaviors: Disable
Run ActiveX controls and plug-ins: Disable
Script ActiveX controls marked safe for scripting: Disable
Downloads
Font Download: Disable
Miscellaneous
Allow META REFRESH: Disable
Allow Web pages to use restricted protocols for active content: Disable
Display mixed content: Disable
Drag and drop or copy and paste files: Disable
Installation of desktop items: Disable
Launching programs and files in an IFRAME: Disable
Navigate sub-frames across different domains: Disable
Software channel permissions: Maximum Safety
Userdata persistence: Disable
Web sites in less privileged web content zone can navigate into this zone: Disable
Scripting:
Active scripting: Disable
Allow paste operations via script: Disable
Scripting of Java applets: Disable
Now this will have some impact on Web sites you visit. If you want to be able to run ActiveX or Scripting on certain Web sites, just add them to the Trusted sites zone. You can add Web sites by selecting the Trusted sites icon, and pressing the Sites button. Note that by default, you can only add secure sites here (sites using https), just uncheck the Require server verification (https:) for all sites in this zone, and you can add any site.
Microsoft has a handy tool that will add a menu choice Add to Trusted Zone and Add to Restricted Zone to the Tools menu in Internet Explorer. Direct Download of this tool [127 KB]. It is called Internet Explorer 5 Power Tweaks Web Accessory, but it works fine on Internet Explorer 6.
By default, the security setting for Trusted sites is set to Low. Using the most critical settings as mentioned above, these are now set at:
.NET Framework-reliant components:
Run components not signed with Authenticode: Enable
ActiveX controls and plug-ins:
Binary and script behaviors: Enable
Run ActiveX controls and plug-ins: Enable
Script ActiveX controls marked safe for scripting: Enable
Downloads:
Font Download: Enable
Miscellaneous
Allow META REFRESH: Enable
Allow Web pages to use restricted protocols for active content: Prompt
Display mixed content: Prompt
Drag and drop or copy and paste files: Enable
Installation of desktop items: Enable
Launching programs and files in an IFRAME: Enable
Navigate sub-frames across different domains: Enable
Software channel permissions: Low Safety
Userdata persistence: Enable
Web sites in less privileged web content zone can navigate into this zone: Prompt
Scripting:
Active scripting: Enable
Allow paste operations via script: Enable
Scripting of Java applets: Enable
The changes above won't guarantee you will never have a problem, but they will certainly make it a whole lot less likely. Keep your anti-virus software up-to-date, make sure you have all the latest Windows updates, and make it a practice never to open unknown email attachments. Do please ensure that you use at least a software firewall. To protect against hackers, trojans and rootkits, use a router or a hardware firewall as well.
Extra Stuff
Microsoft has a handy tool that will add a menu choice Add to Trusted Zone and Add to Restricted Zone to the Tools menu in Internet Explorer. Direct Download of this tool [127 KB]. It is called Internet Explorer 5 Power Tweaks Web Accessory, but it works fine on Internet Explorer 6.
This post updated 09/16/06.
_________________
Microsoft MVP Consumer Security 2006, 2007 & 2008
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
