Images: How to run Internet Explorer securely

Images: How to run Internet Explorer securely

Summary: Here are the key configuration changes you can make to disable various features and reduce the attack surface in Microsoft's Internet Explorer. This guide provides a walk-through of IE 6.0 but applies to the latest IE 7.0 as well. (This guidance was prepared and distributed by Will Dorman, vulnerability analyst at Carnegie Mellon Software Engineering Institute CERT Cordination Center).

SHARE:

 |  Image 10 of 10

  • In the Advanced tab, you can find default settings used by all zones.

    The settings contained in the Multimedia section have features that you can adjust to protect against some potential vulnerabilities. For instance, attackers may be able to track your usage or exploit the software you use to play multimedia data.

    CERT/CC recommends disabling the options to play sounds and videos by unchecking these boxes.

  • Under the Programs tab, you can specify your default applications for viewing Web sites, e-mails, and other network related tasks.

    You can also prevent Internet Explorer from showing you a message asking to be your default Web browser.

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10

Topics: Software, Browser, Collaboration, Hardware, Legal, Microsoft, Networking, Open Source, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

159 comments
Log in or register to join the discussion
  • How to run Internet Explorer securely...

    How to run Internet Explorer securely:

    1: Un-install it (the uninstaller only has a few known security holes)

    2: Optionally, install FireFox - or better yet, install a real OS...
    gusosborne@...
    • Exactly

      I haven't used IE (not even once) for over six years - and I sure as hell don't miss the constant, daily, never-ending barrage of trojans and other nasties. If you [b]must[/b] run Windoze; for God's sake, install Firefox. You won't even lose any of your favorites. And also, for God's sake - don't pay good money for an AV program. Download AVG Free Edition instead. It updates VERY regularly, and its virus detection rate puts ALL of the "paid-for" AV programs to shame.

      Another good idea, if you just can't get away from Windoze, and you have at least a little "techie" in your blood... is to download a free program called "nLite", and use your original Windoze CD to make your own IE-free version of Windoze... and don't forget to also get rid of Outlook Express while you're at it: it's as full of holes as a chainlink fence, too. The best way to use nLite is to [b]leave[/b] the "core" of IE, though, because "Help" and some other Windoze features require it to function.

      NOTE: Better yet - "man up" a little, and just run Freespire OS. It's 100% free, and it makes the transition to a Linux-based OS [b]so much[/b] easier for just about any Windows user. Plus, you can do anything with it that you can do with Windows, and it comes out-of-the-box with a full office suite that is fully compatible with MS Office; photo and graphics software; and it will play any media files you can play with Windows... it's definitely worth checking out. I run it, and I can tell you that it sure ain't the "super-geekazoid" Linux you're so afraid of.
      geohuck@...
      • GAMES

        What alot of you linux users fail to realize. We use windows for GAMES there hasnt been an os out that can rival the games you can play with windows versus Linx, Open BSD, or OSX. Oh yes and drivers while most distros of linux are pretty good about finiding your hardware. alot of the features that are in the devices cant be used because you only have the base drivers. I know three is WINE but it still has bugs and doesnt run all the games that are out there. With a little common sense and some time, you can make windows secure. The only reason you hear about al this malware is beacause windows is so popular. I think you linux geeks are just jealous and wanna "fit in" :inux isnt a cure all for all your security issues And even MACs now are going to get malware. If linux does become more popular we will be seeing the same thing happening to it. The only secure system is one with no internet and locked in a concrete room with 6 foot walls.
        campbellj78@...
        • Games

          I've made my Winder$ secure. I disabled the internet under XP. Play any game you want.....just not online.
          Dual boot under Ubuntu. I go anywhere I want on the internet without a virus scanner and any firewall. Never had a problem.
          rMatey
        • Unless you need to play while you work...

          you can dual boot or get a gaming console. What's
          so hard about having Linux side by side with
          Windows?
          Saurondor.
      • If you are truly expecting to reach someone to

        take your advice, you might try sounding a less less smug and condescending. Well maybe I don't have balls enough - that's okay since I am female. Insults do not work too well either. Can't you understand that I may choose not to try your linux for other reasons than that I am afraid to do so.I doubt that you could show me anything that I would not be capable of grasping.You make me feel like just telling you where to shove it rather than having any sort of dialog.
        sjbinaz
    • The only TRULY safe computer is...

      ...one that is NOT on the Internet, not on a LAN, not connected, hard drive wiped, and powered off.

      These kinds of things have been happening all along, and will continue to occur. Welcome to Planet Earth, where there is no such thing as TRULY safe computing! You have to learn, and become aware of the threats, and how to avoid them. Sooner or later, you WILL be compromised, everyone is. To think that you will NEVER be compromised is out and out foolish.
      Roc Riz
      • I have *NEVER* been uknowanly infected with malware/virus/trojen/anyting

        With that being said however, I am an old school computer tech from way back in main frame days in 1972; but even then while in the military we had classified green screen monitors and keyboards hooked up to a main frame while the rest of the world were still using keypunch machines.
        I sill boot up my old Commodore 64 every once in a while and play with it; btw it was the *ONLY* 100% virus immune system; because it's OS was on a ROM chip and had no HD; but it was slow compared to today?s systems operating at a whopping 1Mhz
        But now to my point, any system and yes I do say *EVERY* system is prone to getting attacked unless the user is vigilant and keeps their system up to days. Personally I have NEVER been unknowingly infected with *anything* I have knowingly infected my test machine in order to find fixes/work a rounds and such.
        If a user could learn to not be *click happy* and refuse to click on every link, and disable java and java script, vba, and the like as well as viewing their email in text mode only as well as stay away from porn sites (which are responsible for a over whelming) percentage of infections, one can traverse the internet with a reasonable amount of safety.
        dinosoft@...
    • HAHA

      "2: Optionally, install FireFox - or better yet, install a real OS... "

      I had to laugh at that one, real OS... you're probably trying to convince us that Linux is this "real OS".

      Real tOSs more like. You stick with your amateur, freebie garbage, I'll stick with a proper OS that lets me do my work properly thanks.

      I wouldn't touch that shareware quality OS again if it was the only OS available. I had more system problems in 2 weeks of Linux than I have in 6 years of Windows... but then again, I don't use simple things like Gimp (appropriately named) or the other shovelware that runs on it. Perhaps you have to find apps that suit the people that use linux, like "Simple Office" or "HexPaint for Geeks"... or something similar.

      try "sudo makemeintoamodernOS" in that command shell you spend most of the time in, see if it works.
      LeeC
  • What a strange game...

    It is not possible to run Internet Explorer securely without making it too inconvenient to use. The API that the HTML control prsents is inherently impossible to secure, because it requires that the HTML control decide on whether to trust an object it is displaying without having enough information to make that decision.

    I can only echo WOPR... "What a strange game, the only way to win is not to play".
    Resuna
  • How to run IE7 securely

    One word: Firefox!
    another voice
    • How to run IE Securely

      Better word: Opera!
      duduvoicenews
    • Two words for Two Dangerous Products...

      Haute Secure

      www.hautesecure.com

      No browser is safe guys and disabling the stuff that makes the web work for you is a joke. By the time you make Firefox work like IE you are in the danger zone again. These settings just make IE work like barebones Firefox.

      If you take these suggestions you might as well as cancel your internet service and get rid of your computer. Sheesh!
      Uncle Buck
  • interesting

    I looked at the "How to secure IE 7" series and had to chuckle, I have been using that
    kind of a "highly" restrictive setup with IE 5.x for years.... I only keep a Wintel
    machine around to check out the web pages I created on Mackintel. I will probably
    have to start writing "kapteeni kwerk" versions for IE now.
    reggers,v
    vilppuu@...
  • I agree...

    Use Firefox...it's free, more secure, and altogether a better browser.
    angela_6uk
  • What garbage...

    Well MS has done it again. They've come out with more "fixes" for their already bug laden OS. The last batch of fixes required me to selectively remove them until I found the one that wouldn't allow me to run IE. We'll guess what? Last night after installing the latest batch on one machine problems arose. I went through the list and removed the IE fix, problem solved. What insanity !!! We all paid good money for a product that is so dependent on fixes and upgrades resulting in a constant state of question.... That is... Will it work after I install these patches. I'VE HAD ENOUGH !!! It's time to look at an Apple !!!
    finalquest@...
    • What nonsence

      Seriously. For update related issues, there is free tech support.
      Have you even tried that? Or is it easier just to mindlessly rant.

      And if your too lazy to request free support, good luck with any OS. All have their issues
      mdemuth
      • Free support

        whew! i tried the free IE7 support for a simple question, why is IE7 disconnecting when i surf, and lordy lordy lordy it was an exasperting experience with "jason" and the like in bangalore . . .
        cavanaughtom@...
        • Been there done that... from the other end.

          Did he ask you what you were running in the background? Did you tell him "nothing"? Thats the usual path... and yes, it is exasperating. But so is reading rants from people that don't know how loaded down with trojans and filesharing etc. their computer is that complain about a "buggy update".
          I'm not saying this applies to you. I wouldn't consider you a ranter... but there are lots here.
          Chippolus
        • free support

          Solution:I also have been in this situation (People with thick Indian accents using American names and providing moronic answers off a script and otherwise clueless) I tell the person on the other end of the phone I want to the call escalated. I keep demanding escalation until I get someone in this country or at least someone who knows what they are talking about.
          char-sebastian@...