Most people will tell you not to worry about securing Internet Explorer and to just switch to Firefox. Unfortunately it’s not always that easy. In my case, I have users that must use Internet Explorer to access web sites that will not work in Firefox. Since they must use Internet Explorer for these sites, they also use it for the other sites they browse as well. Since some people cannot afford to give up IE, here are some easy steps you can take to make it more secure.
Step 1: This should be a given but this is a must before you do anything else. Make sure you have all of the latest Windows updates including Windows XP Service Pack 2. If you don’t have these, you will not have the latest security fixes from Microsoft and some of the settings that we need to change might not work correctly.
Step 2: One way to make IE more secure is to block known malicious web sites. To do this, we need to update the “Restricted Sites” in Internet Explorer so it will know which sites to block. Since there are thousands of known malicious sites, it would take too much time of time to enter all of them in manually. ZonedOut makes a great standalone freeware app that allows you to import site lists into Internet Explorer. Once you have downloaded ZonedOut you can download IE-SPYAD for ZonedOut, which consists of importable lists of known malicious web sites. To import these sites, open ZonedOut and click the menu button. From the menu, select Import/Export Sites and Import from File. Choose the ie-ads.txt file that you downloaded from IE-SPYAD and click open. You can also block known malicious adult sites by importing the adult.txt file from within the Adult folder.
Step 3: Now we want to change some settings in Internet Explorer to prevent the infection of spyware and other malicious software from sites that aren’t in our restricted sites list. Open Internet Explorer and open the “Tools” menu and click “Internet Options”. Click on the “Security” tab. Click the “Default Level” button and make sure the slider is at least set to medium. You can go higher as long as it doesn’t affect the sites that you must visit. You can also click the “Custom Level” button to make more specific changes. I would recommend disabling all ActiveX control settings if the sites that you need to use do not require it. Click “OK” and “Apply” to apply the settings. If you are setting this up on a user’s computer, you can prevent users from changing these settings by enabling the “Disable the Security page” policy in the group policy editor. To do so, open the Start menu and click “Run”. Type gpedit.msc and hit enter. Go to Computer Configuration – Administrative Templates – Windows Components – Internet Explorer – Internet Control Panel. Double click the policy and select “Enable”.
Step 4: While in the “Internet Options” configuration in Internet Explorer, we also want to make changes under the “Privacy” tab. Move the slider up to the “High” position. If this causes problems, you can always move the slider down to a level that works. Click “Apply” to apply the settings. To prevent users from changing these settings, you can enable the “Disable the Privacy page” policy in the group policy editor. This policy is located in the same place as the previous one.
Step 5: While still in the “Internet Options” configuration click on the “Advanced” tab. Scroll down to the multimedia section and uncheck “Play sounds on web pages” and “Play videos on web pages”. This will help to prevent spyware and other malicious software from taking advantage of possible vulnerabilities within the software you use to play sounds or videos within Internet Explorer. Click “Apply” to apply the settings. To prevent users from changing these settings, you can enable the “Disable the Advanced page” policy, which is located in the same place as the previous two.
No browser is completely secure, but this is a good start. Since everyone goes to different sites, these settings might not be the same for everyone. Feel free to experiment around with them until you get them just like you want them. If you have any suggestions about other settings to change or apps that help make IE more secure, feel free to share them.