Your PC. Prepared for Anything.
No Longer Using Internet Explorer? Lock It Down!
Unless you live in the European Union, your Windows computer will have Internet Explorer installed.
Maybe you no longer use Internet Explorer for browsing, and have moved on to a more security-conscious browser like Chrome or Firefox? You’ll still need IE, or rather, Windows needs IE for downloading patches. Also, programs like Microsoft Outlook are closely integrated with IE, so they need access to it as well.
The Problem
IE, by default, allows scripts on web pages you visit to execute. Most of the time, these scripts do something useful, but too often, a malicious script can install spyware or do something else nasty on your computer. Microsoft continues to be fairly diligent in fixing these issues as they’re discovered, but the big problem is when malicious scripts execute on unpatched computers.
The Solution
Steve Gibson, on a recent Security Now! podcast, shows us how to lock down IE so it still does what we need it to do, but essentially turn off scripting. This can protect you from the next IE security vulnerability.
Here’s how to lock down IE: (These steps are for Internet Explorer 8. It’s included with Windows 7, but if you haven’t already upgraded, visit the IE8 homepage to download it.)
1. From the Internet Explorer menu, choose Tools, then Internet Options.
2. Click the Security tab. The Internet Zone will be selected by default. Slide the Security Level slider to High. Like the name suggests, the Internet Zone settings affect your web-browsing experience.
Internet Zone Security Settings
3. Click the Local Intranet icon, then slide its Security Level slider to High. This security setting affects how programs installed on your computer (such as Microsoft Outlook) behave.
Local Intranet Zone Security Settings
4. Click on the Trusted Sites icon, then click the “Add sites” button.
Select "Trusted Sites"
5. First, uncheck “Require server verification (https:) for all sites in this zone.” Then, one at a time, add *.windowsupdate.com and *.microsoft.com. In the image below, we’ve already added *.windowsupdate.com. Click Close when you’re finished.
Add Trusted Sites
6. Finally, click OK on the Internet Options page, and you’re done.
Finished!
At this point, Internet Explorer is locked down. Your computer will still receive software patches through Windows Update, and your applications should continue to work correctly. If these settings changes give you problems, you can always change them by adding additional sites to your Trusted Sites list, or if this is too drastic, simply go back through steps 6 through to reverse the changes.
| Print article | This entry was posted by PreparedPC on March 4, 2010 at 12:51 pm, and is filed under Security and Privacy, Web Browsing. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |