Securing IE

Hi,
Anyone got the link to the site that tests IE vulnerabilities and advises settings please ?. I saw it a while ago via a link on the Forums but cannot remember the address . I have a new Pc I want to secure IE....not interested in other browsers on this machine so please no hijacking

 

Any other clues to possible Thread title

Perhaps it's still listed in IE's History under Wilders URL

 

Not this thread? Jan 2003?
https://www.wilderssecurity.com/archive/index.php/t-6238.html

 

I'd seen this one mentioned a few times on WSF....
http://www.jasons-toolbox.com/BrowserSecurity/

 

That second link was very similar to the one I was after. The post was sometime last year, no idea on the title. Thansk for the help both

 

Hi Huwge,

If you're still interested, this is what I do to lockdown IE. These are just my opinions and my settings. I feel very safe running IE6. One other thing, it seems quite a few people on this forum use the administrator account exclusively. While this is necessary when testing different programs, it is thought best to run in a user account. You'll have to make these changes to every account.

If you have IE running click TOOLS > INTERNET OPTION otherwise go through control panel.

GENERAL tab:

Click DELETE COOKIES... (after you set up IE, don't click Delete Cookies or you'll remove even cookies you want from trusted sites) and DELETE FILES...(you'll have to do this only once because there is a setting under ADVANCED tab to empty temp files folder).

SETTINGS... set Check for newer version of stored pages to > Every time you start IE. Under Temp IE files folder I, MOVE FOLDER... to the D:\TEMP\ partition of my HD and lower Amount of disk space to use: to 2MB for admin. account and 5 MB for my regular account. The History potion you can set to your liking. I usually limit to 3 days to keep pages in history.

SECURITY tab:

INTERNET ZONE > CUSTOM LEVEL... Disable everything except: SUBMIT NONENCRYPTED FORM DATA (set to PROMP) and USER AUTHENTICATION (set to PROMP FOR USER NAME & PASSWORD). LOCAL INTRANET > If you're on a stand alone PC use the same setting as Internet Zone. RESTRICTED SITES same thing, disable everything.

TRUSTED SITES > move slider up to MEDIUM click APPLY then click on CUSTOM LEVEL... scroll down to SCRIPTING > ALLOW PASTE OPERATIONS VIA SCRIPT and set to DISABLE. Click OK then YES then APPLY.

IE6 only: PRIVACY:

set to block all cookies. Cookies will be saved for your Trusted Sites only.

Under CONTENT > AUTOCOMPLETE... I remove checks in all boxes.

ADVANCED Tab: These are the only items that I DO have a CHECK in the BOX.

BROWSING:
Always send URLs as UTF-8
Close unused folders in History and Favorites
Disable script debugging
Reuse windows for launching shortcuts
Show friendly HTTP error messages
Show go button in address bar
Use smooth scrolling

HTTP 1.1 SETTINGS:
Use HTTP 1.1

MICROSOFT VM:
JIT compiler for virtual machine enable

MULTIMEDIA:
Show pictures
Smart image dithering

SEARCH FROM ADDRESS BAR:
Display results, go to the most likely site

SECURITY:
Check for publisher's certificate revocation
Do not save encrypted pages to disk
Empty temporary internet files folder when browser is closed
Use SSL 2.0
Use SSL 3.0
Warn about invalid site certificates
Warn if changing between secure and not secure mode
Warn if forms submittal is being redirected

When setting sites to the TRUSTED zone, right click in address bar on the page you're on and select COPY, then go to TRUSTED zone, click on SITES and right click again (in area to add address) and select PASTE then click ADD. If there's a page you want to add via a link, you'll have to right click the link and select COPY SHORTCUT and then add to trusted sites by again right clicking in the area to add the name and select PASTE then ADD.

Try not to bypass the trusted zone by changing internet zone settings. But if you do remember to reset internet settings back to disable.

Since you will NOT automatically check for IE updates (because you did not check the box to Automatically check for updates under ADVANCED > Browsing) you MUST go to windows update manually. In fact, you should go to windows update at least once a week to check for security updates. It is imperative that you do this!

Think carefully about the sites you put into trusted sites. Just because you get a warning about a page not displaying properly (usually active X) doesn't mean you have to put in trusted zone. HTH.

Regards,

Jaws

 

Jaws, you may want to re-consider these:


By Jaws:

ADVANCED Tab: These are the only items that I DO have a CHECK in the BOX.


Enable folder view for FTP sites (not good......un-check this)


MICROSOFT VM:
JIT compiler for virtual machine enable (install Sun Java instead


Enable profile assistant (why enable this? some consider it a privacy issue)

 

Thank you. Alway learning something new.

A while back, IIRC, used to get viruses in java cache. Don't anymore. Besides, java is disabled in all except trusted zone.

Yes, your right, but I don't keep profiles and I'm never prompted.

Regards,

Jaws

 

I think this test site helps users who are new to the computer and the internet. Thank You. Jaws I dont know much about computers, but I keep reading over your thread about the settings for IE. I'm just waiting for more approvals for your suggested settings, before I change mine. I don't know what the settings should be set to, as far as 'security' 'privacy' 'intranet' and 'restricted' So I'll just keep checking back to check updates on this post and IE settings...Thanks in advance.

Thanks btw bigbuck for that^^ I passed except for javascripting...(i play java applet games) so I haven't disabled as it reccommended. Cookies didn't get straightened out either lol but I'm not that concerned with it, everything else passed lol thanks

 

I have this ticked, why is it not good?

I also have this ticked even though I'm using SUN Java JRE 1.5. So where's the problem?

I have this unticked.

For what it is worth, I also have 'Use TLS 1.0' ticked, because I cannot find any reason not to!

 

See post by Notok on 5-8-05 for link to hardening procedures that appear to be very comprehensive (at least to someone of my inexperience) -

https://www.wilderssecurity.com/showpost.php?p=452842&postcount=5

In case I didn't reference his post correctly, the site is

http://www.markusjansson.net/exp.html

 

that's a very nice link Robzee

this is another one: made by a friend, regular visitor here and always ready to help out! And he's still working on a few details regarding some topics inside...

http://spyblocker-software.com/IPB/index.php?showtopic=1909

 

Thanks for the comment Infinity.

When I first discovered WSF in Aug.2004, all I knew about AV's & FW's were the names Symantec & McAfee. Now I browse WSF regularly and find so much info and helpfulness compared to limited exposure to other forums.

 

True, Wilders is very userfriendly with the right gents on the right place.

I know how it felt when I discovered there were other av's besides norton & mcafee...it was a very nice day and the beginning of something that is probably one of the best things till now...