Safe Browsing: 13. IE Security Basics

Reader Toolbox   Log in for more tools

13. IE Security Basics

The following screens presume you are using IE8. If there are differences between OSes, that will be noted. Some of the settings already will be set correctly and all you have to do is confirm the setting.

If you are running IE6 and cannot upgrade, perhaps because you have a pre-XP OS or are using a company machine, do as many of these settings as you can. You will not have the best features, which are SmartScreen Filtering, InPrivate browsing and Protected Mode, but you can run sites in a Restricted Zone and you can disable your Flash Player. Regardless, you should not be using IE6 for general web browsing.

SmartScreen Filter

SmartScreen Filter compares the URL of the site you are visiting to a Microsoft list of known phishing web sites. According to the FAQ:

  • It operates in the background as you browse the web, analyzing webpages and determining if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen will display a message giving you an opportunity to provide feedback and advising you to proceed with caution.
  • SmartScreen Filter checks the sites you visit against an up-to-the-hour, dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen Filter will show you a red warning notifying you that the site has been blocked for your safety.
  • SmartScreen Filter also checks files downloaded from the web against the same dynamic list of reported malicious software sites. If it finds a match, SmartScreen Filter will show a red warning notifying you that the download has been blocked for your safety.

To read the full SmartScreen Filter FAQ, open IE, click F1, and search/browse the help files for "SmartScreen".

When you install IE, you're asked if you want to turn this filter on. Say "Yes". If you said "No" the first time, in the browser menu bar, go to Tools/SmartScreen Filter/Turn on SmartScreen Filter. This will show you a dialog box where you turn it on, plus it has more information about the filter itself. The filter and list of questionable sites are maintained by Microsoft with input and reporting from IE users. Your browser always has the most recent list of sites.

Set Browser Options

Go to Tools/Internet Options. In the tabs, from left to right:

General

The General tab is where you set options for temporary files and browsing history, and where you access cookies. IE6 has only a sub-set of these controls.

  • Delete browsing history on exit. Depending on your configuration, this can clear out most of your temporary internet files.
  • Click on "Delete…"
  • To really keep your browser clean, uncheck "Preserve Favorites website data". This will kill any user sessions you have open when you shut down your browser and will wipe out cookies.
  • I empty Temporary Internet Files, Cookies and Form Data upon closing the browser.
  • I keep History, Passwords (though I do not save passwords on any site that handles financial, medical or personal data), and InPrivate Filtering Data.
  • Your choices may vary, but these settings will thwart most hijacking attempts.
  • On the General page, click on "Settings" to get to a detail page.
  • In the temporary Internet files section, I select to automatically check for a newer version of a stored web page
  • I use the minimum recommended disk space for a file cache. Too small or too large, and it will slow performance.
  • Keep history for however long you like.
  • Click on "View Files" to see the cookies and all other temporary internet files on your system. Because the button does not say "cookies", people don't understand that this is where they – and the rest of the downloaded files – are located.

The pop-up window shows you the virtual folder where the temporary files are stored. You will find images, CSS files, XML files, and others, but the ones you are looking for are of type "Text Document" and are all named "Cookie:[username]@[website name].

You can delete files from this window, but it is more effective to use other tools, such as Delete History, Security Zones, and Privacy controls.

Security

IE allows you to adjust your security settings as a group depending on the zone you are browsing in. If you are in a corporate environment, your company may already have set these screens and you may not be able to change them.

Protected mode is available for IE7/IE8 under Vista and Win7. It is not available in XP, which is another reason to upgrade your OS.

Internet Zone
Most web browsing and all your new sites
Medium-high
Enable Protected Mode

Intranet Zone
More for companies, usually set by a company policy.
Medium-low
Do not enable protected mode

Trusted Sites
Sites you have designated as trusted
Medium-high
Enable Protected Mode

Restricted Sites
Sites you have designated as restricted
High security
Enable Protected Mode

Instructions for adding web sites on the fly to the trusted or restricted lists are in the "How I Browse" chapter. IE6 does not have Protected Mode and does not have a "Medium-High" security setting. Use the "High" setting instead. Better yet, upgrade your browser.

Privacy

Privacy primarily controls cookie settings. Use this tab to set your general cookie preferences. It also is where you edit settings for pop-ups and for private browsing sessions.

  • Start by setting your overall Internet security to "Block All Cookies".
  • Turn on the Pop-up Blocker. This turns it on for all sites, but allows you to temporarily allow them as needed.
  • Allow the browser to collect data for InPrivate Filtering, which helps Microsoft keep the filter list up to date.
  • Disable toolbars and extensions when using InPrivate Browsing. This prevents spying on your browsing sessions.

After these settings are selected, click the "Advanced" button in the cookies area.

The Advanced privacy window pops up.

  • Check "Override automatic cookie handling"
  • Prompt for first party cookies – this allows you to decide whose cookies you will accept.
  • Block for third-party cookies – this prevents all cookies from anything but the site you are on.
  • Check "Always allow session cookies". These are the cookies a site needs to allow you to work in it, such as if you've logged in to a banking site.
  • Click "OK".

You now have custom privacy settings.

  • Clicking the "Sites" button allows you to manually allow or block cookies from specific sites. This is how you can remove a site from being blocked or remove a formerly trusted site's cookies.
  • Clicking "Settings" in the pop-up blocker section allows you to enter sites where you do want them to be able to use pop-ups all the time. You can also add them on the fly as you get to each site.

IE6 has the cookies and pop-settings, but lacks InPrivate controls.

Programs

Skip the next two tabs and go to Programs. This is where you will turn off Flash and other annoying add-ons. Disabling add-ons does several things for you:

  • It prevents questionable software, like Flash, from running unless you explicitly grant it rights.
  • It turns off stupid features, like Research, that aren't very useful and just slow down your browser.
  • It improves browser stability because it turns off poorly designed add-ons.
  • Click "Manage Add-ons".
  • A new window will open where you can manage browser add-ons.
  • Select Toolbars and Extensions in the left-hand panel. Group by Publisher (right-click on any column heading for grouping menu). Disable the following at a minimum:

    • Adobe Flash
    • Adobe PDF – there will be multiple add-ons for PDF
    • Microsoft Research
    • Microsoft Discuss

    Disable anything else that you don't know what it is or can't clearly identify what it is doing.

    The screen looks different in IE6, but you still have the controls for disabling Flash Payer and all of the other obnoxious add-ons.

    Your web pages may have large white space gaps in them (it's amazing what they will stick Flash into) and you may see notices that you have to install Flash player. You don't – you just have to turn it back on.

    Advanced

    This is a tab with a lot of choices, some of which are going to be very specific to your browsing preferences. Here are the settings I think are most important:

    • CHECK – Automatically recover from page layout errors with Compatibility View (Not in IE6)
    • UNCHECK – Display Accelerator button on selection (not a security issue, but really annoying. Not in IE6)
    • UNCHECK – Enable automatic crash recovery (Remember what shell scripts try to do to browser crashes!) (Not in IE6, which is good!)
    • UNCHECK – Enable websites to use the search pane (Not in IE6)
    • UNCHECK – Allow software to run or install even if the signature is invalid.
    • CHECK – Anything about checking for certificate revocation
    • CHECK –Empty Temporary Internet Files folder when browser is closed.
    • CHECK – Enable memory protection to help mitigate online attacks. (Not in IE6)
    • CHECK – Enable SmartScreen filter (Not in IE6)
    • CHECK – Warn about certificate address mismatch (Not in IE6)
    • CHECK – Warn if POST submittal is redirected to a zone that does not permit posts.

    Menu Bar Icons

    Add some icons to your menu bar to make it easier to toggle safety features on and off. You are more likely to use them if they are easy to get to. The icon bar is officially called the "Command Bar".

    1. Right click somewhere on your menu bar for a context menu.
    2. Select "Customize" and from the fly out menu pick "Add or Remove Commands"
    3. The Customize Toolbar dialog opens.
    4. Move buttons from the left box to the right box to have them show in the toolbar. For example, here are the buttons I have:

    • Home - to get to my home page easily (And, yes, my home page is HASA)
    • Print  - I print a lot of things
    • Tools -  I'm always messing with my settings
    • Safety – Make it easy to toggle safety settings
    • Manage Add-ons –  I can turn Flash on and off easily
    • Developer Tools, Fiddler and Send to OneNote are tools I use a lot in my work

    I advise IE users, especially those moving up from IE6 to IE8, to experiment with different buttons and different toolbars. I've ended up with a very plain overall look, with the menu bar turned off and only a few buttons on the tool bar. I use only icons on the buttons, no text.  I can get to several search engines with the search drop-down, and toggle my Favorites panel on and off with the gold star.

    That completes a basic security set-up for IE. After you have tightened down your browser settings, you will have a few days where it will be very annoying to visit sites because you will constantly be prompted to make decisions about cookies, asked if you trust a certain web site, have pages be completely blank because they are 100% flash, and so on. This is a good exercise to go through because it will make you very aware of just how the sites you visit are trying to access your computer and stick stuff onto it that is for their benefit, not yours. Persevere and wade through the messages. In a week's time, you will visit all of your regular sites and you will have worked out just how you want them to interact with your machine.


    This is a work of fan fiction, written because the author has an abiding love for the works of J R R Tolkien. The characters, settings, places, and languages used in this work are the property of the Tolkien Estate, Tolkien Enterprises, and possibly New Line Cinema, except for certain original characters who belong to the author of the said work. The author will not receive any money or other remuneration for presenting the work on this archive site. The work is the intellectual property of the author, is available solely for the enjoyment of Henneth Annûn Story Archive readers, and may not be copied or redistributed by any means without the explicit written consent of the author.

    Story Information

    Author: Anglachel

    Status: General

    Completion: Complete

    Era: Other

    Genre: Research Article

    Rating: General

    Last Updated: 06/19/10

    Original Post: 06/14/10

    Go to Safe Browsing overview

    Comments

    No one has commented on this story yet. Be the first to comment!

    Comments are hidden to prevent spoilers.
    Click header to view comments

    Talk to Anglachel

    If you are a HASA member, you must login to submit a comment.

    We're sorry. Only HASA members may post comments. If you would like to speak with the author, please use the "Email Author" button in the Reader Toolbox. If you would like to join HASA, click here. Membership is free.

    Reader Toolbox   Log in for more tools