Images: How to run Internet Explorer securely

by Ryan Naraine  |  June 12, 2007 12:16pm PDT  |  Image 1 of 10

Previous  |  Next

1.png

Getting started

Here are the key configuration changes you can make to disable various features and reduce the attack surface in Microsoft's Internet Explorer. This guide provides a walk-through of IE 6.0 but applies to the latest IE 7.0 as well.

(This guidance was prepared and distributed by Will Dorman, vulnerability analyst at Carnegie Mellon Software Engineering Institute CERT Cordination Center).

To get started, to Tools > Internet Options. Please note that these options may vary slightly depending on your browser version.

159
Comments

Join the conversation!

Just In

I have *NEVER* been uknowanly infected with malware/virus/trojen/anyting
dinosoft@... 25th Jan 2010
With that being said however, I am an old school computer tech from way back in main frame days in 1972; but even then while in the military we had classified green screen monitors and keyboards hooked up to a main frame while the rest of the world were still using keypunch machines.
I sill boot up my old Commodore 64 every once in a while and play with it; btw it was the *ONLY* 100% virus immune system; because it's OS was on a ROM chip and had no HD; but it was slow compared to today?s systems operating at a whopping 1Mhz
But now to my point, any system and yes I do say *EVERY* system is prone to getting attacked unless the user is vigilant and keeps their system up to days. Personally I have NEVER been unknowingly infected with *anything* I have knowingly infected my test machine in order to find fixes/work a rounds and such.
If a user could learn to not be *click happy* and refuse to click on every link, and disable java and java script, vba, and the like as well as viewing their email in text mode only as well as stay away from porn sites (which are responsible for a over whelming) percentage of infections, one can traverse the internet with a reasonable amount of safety.
0 Votes
+ -
How to run Internet Explorer securely...
gusosborne@... 12th Jun 2007
How to run Internet Explorer securely:

1: Un-install it (the uninstaller only has a few known security holes)

2: Optionally, install FireFox - or better yet, install a real OS...
0 Votes
+ -
Exactly
geohuck@... 12th Oct 2007
I haven't used IE (not even once) for over six years - and I sure as hell don't miss the constant, daily, never-ending barrage of trojans and other nasties. If you must run Windoze; for God's sake, install Firefox. You won't even lose any of your favorites. And also, for God's sake - don't pay good money for an AV program. Download AVG Free Edition instead. It updates VERY regularly, and its virus detection rate puts ALL of the "paid-for" AV programs to shame.

Another good idea, if you just can't get away from Windoze, and you have at least a little "techie" in your blood... is to download a free program called "nLite", and use your original Windoze CD to make your own IE-free version of Windoze... and don't forget to also get rid of Outlook Express while you're at it: it's as full of holes as a chainlink fence, too. The best way to use nLite is to leave the "core" of IE, though, because "Help" and some other Windoze features require it to function.

NOTE: Better yet - "man up" a little, and just run Freespire OS. It's 100% free, and it makes the transition to a Linux-based OS so much easier for just about any Windows user. Plus, you can do anything with it that you can do with Windows, and it comes out-of-the-box with a full office suite that is fully compatible with MS Office; photo and graphics software; and it will play any media files you can play with Windows... it's definitely worth checking out. I run it, and I can tell you that it sure ain't the "super-geekazoid" Linux you're so afraid of.
0 Votes
+ -
GAMES
campbellj78@... 18th Dec 2008
What alot of you linux users fail to realize. We use windows for GAMES there hasnt been an os out that can rival the games you can play with windows versus Linx, Open BSD, or OSX. Oh yes and drivers while most distros of linux are pretty good about finiding your hardware. alot of the features that are in the devices cant be used because you only have the base drivers. I know three is WINE but it still has bugs and doesnt run all the games that are out there. With a little common sense and some time, you can make windows secure. The only reason you hear about al this malware is beacause windows is so popular. I think you linux geeks are just jealous and wanna "fit in" :inux isnt a cure all for all your security issues And even MACs now are going to get malware. If linux does become more popular we will be seeing the same thing happening to it. The only secure system is one with no internet and locked in a concrete room with 6 foot walls.
0 Votes
+ -
Games
rMatey 11th Feb 2009
I've made my Winder$ secure. I disabled the internet under XP. Play any game you want.....just not online.
Dual boot under Ubuntu. I go anywhere I want on the internet without a virus scanner and any firewall. Never had a problem.
0 Votes
+ -
you can dual boot or get a gaming console. What's
so hard about having Linux side by side with
Windows?
0 Votes
+ -
If you are truly expecting to reach someone to
sjbinaz Updated - 6th Feb 2009
take your advice, you might try sounding a less less smug and condescending. Well maybe I don't have balls enough - that's okay since I am female. Insults do not work too well either. Can't you understand that I may choose not to try your linux for other reasons than that I am afraid to do so.I doubt that you could show me anything that I would not be capable of grasping.You make me feel like just telling you where to shove it rather than having any sort of dialog.
0 Votes
+ -
The only TRULY safe computer is...
Roc Riz 17th Dec 2008
...one that is NOT on the Internet, not on a LAN, not connected, hard drive wiped, and powered off.

These kinds of things have been happening all along, and will continue to occur. Welcome to Planet Earth, where there is no such thing as TRULY safe computing! You have to learn, and become aware of the threats, and how to avoid them. Sooner or later, you WILL be compromised, everyone is. To think that you will NEVER be compromised is out and out foolish.
With that being said however, I am an old school computer tech from way back in main frame days in 1972; but even then while in the military we had classified green screen monitors and keyboards hooked up to a main frame while the rest of the world were still using keypunch machines.
I sill boot up my old Commodore 64 every once in a while and play with it; btw it was the *ONLY* 100% virus immune system; because it's OS was on a ROM chip and had no HD; but it was slow compared to today?s systems operating at a whopping 1Mhz
But now to my point, any system and yes I do say *EVERY* system is prone to getting attacked unless the user is vigilant and keeps their system up to days. Personally I have NEVER been unknowingly infected with *anything* I have knowingly infected my test machine in order to find fixes/work a rounds and such.
If a user could learn to not be *click happy* and refuse to click on every link, and disable java and java script, vba, and the like as well as viewing their email in text mode only as well as stay away from porn sites (which are responsible for a over whelming) percentage of infections, one can traverse the internet with a reasonable amount of safety.
0 Votes
+ -
HAHA
LeeC 10th Feb 2009
"2: Optionally, install FireFox - or better yet, install a real OS... "

I had to laugh at that one, real OS... you're probably trying to convince us that Linux is this "real OS".

Real tOSs more like. You stick with your amateur, freebie garbage, I'll stick with a proper OS that lets me do my work properly thanks.

I wouldn't touch that shareware quality OS again if it was the only OS available. I had more system problems in 2 weeks of Linux than I have in 6 years of Windows... but then again, I don't use simple things like Gimp (appropriately named) or the other shovelware that runs on it. Perhaps you have to find apps that suit the people that use linux, like "Simple Office" or "HexPaint for Geeks"... or something similar.

try "sudo makemeintoamodernOS" in that command shell you spend most of the time in, see if it works.
0 Votes
+ -
What a strange game...
Resuna 12th Jun 2007
It is not possible to run Internet Explorer securely without making it too inconvenient to use. The API that the HTML control prsents is inherently impossible to secure, because it requires that the HTML control decide on whether to trust an object it is displaying without having enough information to make that decision.

I can only echo WOPR... "What a strange game, the only way to win is not to play".
0 Votes
+ -
How to run IE7 securely
another voice 12th Jun 2007
One word: Firefox!
0 Votes
+ -
How to run IE Securely
duduvoicenews 16th Jun 2007
Better word: Opera!
0 Votes
+ -
Two words for Two Dangerous Products...
Uncle Buck 11th Dec 2007
Haute Secure

www.hautesecure.com

No browser is safe guys and disabling the stuff that makes the web work for you is a joke. By the time you make Firefox work like IE you are in the danger zone again. These settings just make IE work like barebones Firefox.

If you take these suggestions you might as well as cancel your internet service and get rid of your computer. Sheesh!
0 Votes
+ -
interesting
vilppuu@... 12th Jun 2007
I looked at the "How to secure IE 7" series and had to chuckle, I have been using that
kind of a "highly" restrictive setup with IE 5.x for years.... I only keep a Wintel
machine around to check out the web pages I created on Mackintel. I will probably
have to start writing "kapteeni kwerk" versions for IE now.
reggers,v
0 Votes
+ -
I agree...
angela_6uk 12th Jun 2007
Use Firefox...it's free, more secure, and altogether a better browser.
0 Votes
+ -
What garbage...
finalquest@... 13th Jun 2007
Well MS has done it again. They've come out with more "fixes" for their already bug laden OS. The last batch of fixes required me to selectively remove them until I found the one that wouldn't allow me to run IE. We'll guess what? Last night after installing the latest batch on one machine problems arose. I went through the list and removed the IE fix, problem solved. What insanity !!! We all paid good money for a product that is so dependent on fixes and upgrades resulting in a constant state of question.... That is... Will it work after I install these patches. I'VE HAD ENOUGH !!! It's time to look at an Apple !!!
0 Votes
+ -
What nonsence
mdemuth 13th Jun 2007
Seriously. For update related issues, there is free tech support.
Have you even tried that? Or is it easier just to mindlessly rant.

And if your too lazy to request free support, good luck with any OS. All have their issues
0 Votes
+ -
Free support
cavanaughtom@... 13th Jun 2007
whew! i tried the free IE7 support for a simple question, why is IE7 disconnecting when i surf, and lordy lordy lordy it was an exasperting experience with "jason" and the like in bangalore . . .
0 Votes
+ -
Did he ask you what you were running in the background? Did you tell him "nothing"? Thats the usual path... and yes, it is exasperating. But so is reading rants from people that don't know how loaded down with trojans and filesharing etc. their computer is that complain about a "buggy update".
I'm not saying this applies to you. I wouldn't consider you a ranter... but there are lots here.
0 Votes
+ -
free support
char-sebastian@... 22nd Oct 2007
Solution:I also have been in this situation (People with thick Indian accents using American names and providing moronic answers off a script and otherwise clueless) I tell the person on the other end of the phone I want to the call escalated. I keep demanding escalation until I get someone in this country or at least someone who knows what they are talking about.
0 Votes
+ -
RE: Free support
HappyHeathen 23rd Oct 2007
Yep...been there. I explained a problem to the CSR and "Bob" kept running thru his script forcing me to repeat information already given to him. I finally (forcefully) told him I wanted to speak to an engineer. When he asked "Why?" I told him he wasn't paying attention to what I was saying, forcing me to repeat information I had already given to him, and of no help. When I finally got to the engineer, the problem was solved in 3 minutes.
0 Votes
+ -
RE: Free Support
rMatey 11th Feb 2009
Jason has moved to Bangalore????? The last I heard he was in Jaipur. Sounds like he's out of the "Free"support game now, and doing well working for Micro$oft.
0 Votes
+ -
Interesting free support.
maldain 21st Jun 2007
I had a similar problem with IE and he's following the advice that I got from the "free" support. Well, like most Microsoft offerings it was worth less than I paid for it.
0 Votes
+ -
What nonsense, indeed!
dorrposter1 29th Aug 2007
Thank you. That needed to be said. I'm tired of idiots spewing forth with anti-microsoft rants. Just because something is not Microsoft does not mean it's better! FireFox is a good browser, but it has security issues, too!
0 Votes
+ -
For the most part.....
todbran@... 16th Dec 2008
a browser, such as Firefox, is only as secure as the OS in which it resides in. Firefox (and any other software) on Linux is 100 times more secure than it is on Windows.
0 Votes
+ -
zzzz
Azathothh 19th Mar 2009
zzzz
0 Votes
+ -
Shhh... let him go...
Chippolus 11th Oct 2007
Mindless ranters are perfect cult of Apple members.
0 Votes
+ -
Not So Fast
mollenhourb@... 4th Dec 2007
Finalquest makes a good point. Bill Gates used to run around saying that someday
PCs would be ubiquitous as toasters and they would all run Windows. Well, until
they are as easy to use as toasters, they will not be ubiquitous. 70-80% of
Americans still don't have a computer in their home (remember, you probably hang
with a mostly college educated crowd, which is only about 5% of the population). If
he (or we) wants computers to be that common, they need to be that user friendly.
You don't have to be a mechanic to drive a car.

True, all OSs have their problems, and OS X is not without its flaws. I do know
however that I use Win XP at work, and OS X at home, and OS X takes up a LOT less
of my time to keep it running. I've had my iMac for over three years now and the
two times I've had to call tech support, nobody asked me "when was the last time
you wiped the hard drive and re-installed everything?... Oh, you should do that at
least every six months". No thank you.

No, OS X is not perfect, but it paid for itself the first time my wife got an eCard
after replacing our PC with an iMac and the thing actually played without crashing
the OS. I wasn't called away from a good book and a better brandy to come restart
the machine, find the problem, download some obscure driver that should have
been there in the first place, yada, yada, yada.... As they say in the MasterCard ads,
"Priceless".
0 Votes
+ -
RE: "70-80% of
JCitizen Updated - 10th Feb 2009
Americans still don't have a computer in their home (remember, you probably hang with a mostly college educated crowd, which is only about 5% of the population"

I'm curious about the above quote; what golden community are you from? I live in a back woods community, that I bet you think are a bunch of hill billies, and I only know one couple that do not own a computer, and that is my 86+ year old Dad.

And while your nose is up in the air; none of these folks can afford even a used Mac, so your comments are almost completely irrelevant.

I've had limited success converting folks to Linux too, because the type of operations they require are just plain too difficult to parse with the kind of applications that are available with Linux, Unix, and BSD.

As long as they only need email, printing, and word processing, Linux is great! But even out in the sticks people got more things to do and less time to go to the forums to learn how to get FOSS to work with their mission.
0 Votes
+ -
Me too!
kahunals 13th Jun 2007
My IE would not work either after installing the latest fix. Not the first time I had to "de-fix." Have had problems with Firefox compatibility with websites. Maybe Apple's browser version for Windows is the answer. I know, I know, I know--why not just switch to Apple? Because I love all the cheap hardware and free programs available for Windows.
0 Votes
+ -
says it all about the folks that I know also!

If Wally World ever sells a cheap computer with a preloaded distro that matches everyone's fantastic dreams of virtualization without having to be a total computer nerd, so they can run anything they need that actually can do something usefull to them; then I think GPL will come into its own.

I feel this fantasy is close at hand if the FOSS community cares to contribute, but it will take a conserted effort by proprietary companies other than Apple and/or Microsoft to make it really happen.
0 Votes
+ -
Firefox
thecloth 13th Jun 2007
If you use Apple products and IE6 or IE7 you're back to the same spot I believe. Why not just use Firefox as a browser or another?
0 Votes
+ -
Duh what a bunch of whiners
Rndmacts 13th Jun 2007
Yes you can make IE secure and therefore shut out 60% of the content out there. This article should have been posted on April 1st with one more slide, detach any cable from modem that exits through a wall. Firefox is no more secure because it is not necessarily the browser but the Internet that is unsecure. Websites that depend on the idiot assumption to lure people on doing things they should know better than doing. Yeah jump to Apple, it took aproximately 24 hours to identify 16 security holes in their new Safari Browser and four more to show the same exploits worked against OS X. We choose our browsers based on personal likes and dislikes, I dislike Firfox because its interface seems unfinished to me and it doesn't work with all my basic websites, that is my personal prefrence. Others swear up and down that Firefox is more secure, that is the Ostrich approach, then the malware they get they blame on the OS, not their surfing habits. Malware depends on social engineering to spread, does anyone remember Gator and all the havoc it played on computers. More computers got broke because everyone had to have the cute little gator or monkey and such on their desktops. Remember Kazza another program for doing one thing but it loaded your computer with all sorts of crap that it was broke. P.T. Barnum had it right when he said a sucker is born every ten seconds. It is how spam marketers succeed and how malware is spread, not the setting of your browser. All the baddies have to do is lure you to the site, because most people don't have the sense they were born with and will follow the candy trail rather than think about what they are doing.

Browsers insecure no, it's the idiot sitting in front of the screen that is insecure.
0 Votes
+ -
Message has been deleted.
Intellihence Updated - 14th Jun 2007
  • Flagged
0 Votes
+ -
Duh what a bunch of whiners
dhudson_z 20th Jun 2007
finally, the essence of almost all the security problems in the
computerworld.

the user. if the user does something dumb, why s/the browser or any other
piece of software be responsible for changing your diaper.

case in point,,,how many times has it been said that if you dont recognize
an email, dont open it.

would you open a parcel that is described in the post office pix and
literature as being an explosive? of course, no sane person would.

same concept applies...

you all might not like the way he said it but this guy pegged you dead on.

piranha.
0 Votes
+ -
well said - hear hear
mark@... 10th Jul 2007
/
0 Votes
+ -
whiners
chainstore@... 28th Aug 2007
oh jeez! YOU ARE SO RIGHT!!!!
0 Votes
+ -
Right On!
dorrposter1 29th Aug 2007
Couldn't have said it better!
0 Votes
+ -
People like to rant with their emotions rather than their brains. I work on all types of computers, and I hate something about all of them. I don't like Firefox either. And a point of interest, I never have problems with my IE installations until after I use Firefox for a while. Then they both die at the same time. Wierd. But I compare firefox to windows NT... remember when people used to install it because it was "more secure"? The same people would come in later bitching that it didn't work with all their games and junk.
0 Votes
+ -
I am glad to see you had those problems too.
sjbinaz Updated - 6th Feb 2009
Since installing XP I had never seen a BSOD until I decided to see what they were talking about and look at first Firefox then Chrome. Only once since 2002 had I ever had a virus and all I had to do was go to Microsoft's site and get the fix. Then I tried Firefox. The next day I could not connect. While discussing with my ISP tech support I realized that was the only recent change. I got rid of it and ran system restore. The next time I tried Chrome and saw my first BSOD since Win95. I got rid of it and ran system restore. Now if I were one of these guys, I would be saying " Firefox is junk and just causes problems." But I don't because I am willing to see that others have different experiences. For me, twice was enough. I am not putting that software on my machine again,ever.

And please do not comment with suggestions as to what cleanup, etc that I should have done. I am aware of how to maintain my own computer.
0 Votes
+ -
But some software has more potential for this than other software. The problem with IE and ActiveX is that they are tightly integrated into the underlying operating system, so any exploit in them is a potential compromise of the whole system. With a Firefox exploit you risk exposing your cookies, personal information, and such; with ActiveX you can potentially compromise the whole operating system, leaving trojans, key loggers, spambots and who knows what all on your system.
0 Votes
+ -
Duh what a bunch of whiners
Mashman 10th Jul 2009
I agree 100% you are the best tell it like it is replys i have seen yet .

0 Votes
+ -
What garbage
lucivero@... 20th Jun 2007
Apple is not much better. Maybe a unix based system might be the answer. Some companies are already switching.
0 Votes
+ -
Apple running *nix
aeriform 21st Jun 2007
If you're running apple, you may be running more *nix than you're aware of.

http://www.apple.com/macosx/features/unix/
0 Votes
+ -
Apple not immune
mark@... 10th Jul 2007
...and of course apple engineering is far superior to MS? It's this type of irrational approach that leads to problems. If we all belive that Apple systems are so much more secure, it means that there is so much more value to be gained by hacking the Apple security systems.
0 Votes
+ -
I feel left out.
professordnm 19th Jul 2007
Over the past five years, I've downloaded all of the recommended fixes from MS-Windows and let them auto-istall. I've not suffered any mishaps doing this. None of my applications have misbehaved, and that includes all of the IE versions. So, in view of what I'm reading here, I feel sort of left out. Could my good fortune be because of my daily running of Window Registry Repair and Diskeeper? Could be.
0 Votes
+ -
I'll help you out...
Chippolus 11th Oct 2007
Just to get you converted into a whiner like many here (so you will fit in) Just follow these easy steps;
1. Click every window that you can. Its up to the browser to babysit your options.
2. Don't just ignore security, disable it and complain about it. If it lets you disable it, it's not babysitting you well enough.
3. Don't read names or subject lines. Open all attachments, thats how new friends are made anyway.
4. The best things in life are free. Install every free download available.
5. Avoid learning anything about your computer. You don't want to be able to figure out anything when blind ranting is so easy. Learning takes time anyway.

After a few months of careless usage, you will likely experience problems... Blame the browser, the OS, and Microsoft in general.
Threaten to get an apple. That is like a beacon for idiots. People that know what they are doing just get one system or the other and use it. They don't broadcast and threaten what they will buy. Thats it. You will be a new man.
0 Votes
+ -
LMFAO
rkuhn040172@... 11th Oct 2007
How true it is.

You hit the nail on the head.
0 Votes
+ -
I wish...
Uncle Buck 11th Dec 2007
I wish these whiners would all go out and buy their Apples; Then Windows will finally be safe when they are out of here. All the virus', malware and junk will follow them to the promised land.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity