www.winhelp.us

Content

Tip: keyboard shortcut Ctrl+F searches in the page contents

Securing Internet Explorer

Last modified: 2012-01-19 21:31:06 EET

Open Tools menu (Alt+T in Internet Explorer 8 and Alt+X in Internet Explorer 9) and choose Internet Options. If Menu or Command bars are not visible, press ALT key on keyboard once to make menus visible.
 

Open Security tab and click Reset all zones to default level, if the button is not grayed out (the latter means that all zones are already at default level).
Windows Vista and Windows 7 users should also make sure that Enable Protected Mode (requires restarting Internet Explorer) is on for Internet and Restricted sites zones - this defends your computer from malicious software and drive-by attacks on the Internet. This options is not available in Windows XP.

Click Privacy tab. Make sure that the Settings slider is set to Medium. If not, click the Default button. This sets a reasonable policy for allowing and disallowing cookies.

For Internet Explorer 9 users, there is a new option here - Never allow websites to request your physical location. Most privacy-aware people should click to check this box.
I strongly recommend using this settings, because geolocation security and privacy are still developing and you should prevent malicious sites from tracking your physical location.

Open Content tab and click the Settings button in AutoComplete section.

Here in AutoComplete Settings window you can leave everything on except for the Ask me before saving passwords. This is very important because malware can easily steal all user names and passwords for sites you have visited (including your bank!). Use Password Safe for remembering passwords instead.

If you have already saved some passwords or you want to be sure that no passwords are stored in Internet Explorer, click the Delete AutoComplete history... button.
Clear everything except Passwords and click Delete. This will clear saved passwords and close the Delete Browsing History window.

Click OK to close AutoComplete Settings window.

Next, open Advanced tab. This is a long list of advanced settings, try to configure settings like on pictures. We will cover security-related settings here.

In Browsing section, always turn on both Disable script debugging settings. Then check Enable automatic crash recovery and Enable third-party browser extensions.
If your Internet Explorer crashes or will not start after enabling third-party extensions, turn Enable third-party browser extensions off again (open Control Panel and double-click Internet Options) and start disabling extensions one by one.

Security section is certainly the most important part.
Never turn on settings named Allow active content from CDs to run on My Computer, Allow active content to run in files on My Computer and Allow software to run or install even if the signature is invalid! Enabling these options gives a hearty welcome to viruses and malware.
Check for server certificate revocation should be enabled.

Always enable Check for signatures on downloaded programs and Do not save encrypted pages to disk. First one helps to identify malware that disguises as legal software; the latter one keeps your sensitive personal information in online banks or other services away from your computer's hard drive and avoids private data disclosures.
Never turn on the Enable Integrated Windows Authentication. This one is useful only for business computers in local domain networks. You are on the Internet and you must not send your username and password automatically to any server asking for them,
Always activate new protection methods Enable memory protection to help mitigate online attacks and Enable SmartScreen Filter. The first one turns on DEP (Data Execution Prevention) system that blocks possible attacks through infected web pages. The second one warns you about malicious websites and downloads. These settings do a lot to keep you safe.
Leave only Use SSL 3.0 and Use TLS 1.0 checked to speed up secure web traffic (HTTPS protocol). Clear Use SSL 2.0, Use TLS 1.1 and Use TLS 1.2 boxes.
Turn on Warn about certificate address mismatch, too. It helps to identify malicious web sites that pretend to be perfectly legal.

Scroll all the way down and clear the Warn if changing between secure and not secure mode box. Then make sure that the Warn if POST submittal is redirected to a zone that does not permit posts box is checked.

Click OK to close the Internet Options dialog. You might have to restart Internet Explorer for all settings to take effect.

 Comments? Suggestions? Ideas? Let me know! 

Your name (public):

Your e-mail (will not be displayed):

Title:

Notify me of new comments to this page:

Your comments/suggestions/ideas (no HTML code!)
winhelp.us owners reserve the right to remove or not publish comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
winhelp.us Privacy Policy