Securing IE

Discussion in 'other security issues & news' started by Huwge, May 5, 2005.

Thread Status:
Not open for further replies.
  1. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Hi,
    Anyone got the link to the site that tests IE vulnerabilities and advises settings please ?. I saw it a while ago via a link on the Forums but cannot remember the address :doubt: . I have a new Pc I want to secure IE....not interested in other browsers on this machine so please no hijacking :p
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Any other clues to possible Thread title o_O

    Perhaps it's still listed in IE's History under Wilders URL :doubt:
     
  3. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
  4. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
  5. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    That second link was very similar to the one I was after. The post was sometime last year, no idea on the title. Thansk for the help both :)
     
  6. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Hi Huwge,

    If you're still interested, this is what I do to lockdown IE. These are just my opinions and my settings. I feel very safe running IE6. One other thing, it seems quite a few people on this forum use the administrator account exclusively. While this is necessary when testing different programs, it is thought best to run in a user account. You'll have to make these changes to every account.

    If you have IE running click TOOLS > INTERNET OPTION otherwise go through control panel.

    GENERAL tab:

    Click DELETE COOKIES... (after you set up IE, don't click Delete Cookies or you'll remove even cookies you want from trusted sites) and DELETE FILES...(you'll have to do this only once because there is a setting under ADVANCED tab to empty temp files folder).

    SETTINGS... set Check for newer version of stored pages to > Every time you start IE. Under Temp IE files folder I, MOVE FOLDER... to the D:\TEMP\ partition of my HD and lower Amount of disk space to use: to 2MB for admin. account and 5 MB for my regular account. The History potion you can set to your liking. I usually limit to 3 days to keep pages in history.

    SECURITY tab:

    INTERNET ZONE > CUSTOM LEVEL... Disable everything except: SUBMIT NONENCRYPTED FORM DATA (set to PROMP) and USER AUTHENTICATION (set to PROMP FOR USER NAME & PASSWORD). LOCAL INTRANET > If you're on a stand alone PC use the same setting as Internet Zone. RESTRICTED SITES same thing, disable everything.

    TRUSTED SITES > move slider up to MEDIUM click APPLY then click on CUSTOM LEVEL... scroll down to SCRIPTING > ALLOW PASTE OPERATIONS VIA SCRIPT and set to DISABLE. Click OK then YES then APPLY.

    IE6 only: PRIVACY:

    set to block all cookies. Cookies will be saved for your Trusted Sites only.

    Under CONTENT > AUTOCOMPLETE... I remove checks in all boxes.

    ADVANCED Tab: These are the only items that I DO have a CHECK in the BOX.

    BROWSING:
    Always send URLs as UTF-8
    Close unused folders in History and Favorites
    Disable script debugging
    Reuse windows for launching shortcuts
    Show friendly HTTP error messages
    Show go button in address bar
    Use smooth scrolling

    HTTP 1.1 SETTINGS:
    Use HTTP 1.1

    MICROSOFT VM:
    JIT compiler for virtual machine enable

    MULTIMEDIA:
    Show pictures
    Smart image dithering

    SEARCH FROM ADDRESS BAR:
    Display results, go to the most likely site

    SECURITY:
    Check for publisher's certificate revocation
    Do not save encrypted pages to disk
    Empty temporary internet files folder when browser is closed
    Use SSL 2.0
    Use SSL 3.0
    Warn about invalid site certificates
    Warn if changing between secure and not secure mode
    Warn if forms submittal is being redirected

    When setting sites to the TRUSTED zone, right click in address bar on the page you're on and select COPY, then go to TRUSTED zone, click on SITES and right click again (in area to add address) and select PASTE then click ADD. If there's a page you want to add via a link, you'll have to right click the link and select COPY SHORTCUT and then add to trusted sites by again right clicking in the area to add the name and select PASTE then ADD.

    Try not to bypass the trusted zone by changing internet zone settings. But if you do remember to reset internet settings back to disable.

    Since you will NOT automatically check for IE updates (because you did not check the box to Automatically check for updates under ADVANCED > Browsing) you MUST go to windows update manually. In fact, you should go to windows update at least once a week to check for security updates. It is imperative that you do this!

    Think carefully about the sites you put into trusted sites. Just because you get a warning about a page not displaying properly (usually active X) doesn't mean you have to put in trusted zone. HTH.

    Regards,

    Jaws
     
    Last edited: May 7, 2005
  7. droping-in

    droping-in Guest

    Jaws, you may want to re-consider these:


    By Jaws:

    ADVANCED Tab: These are the only items that I DO have a CHECK in the BOX.


    Enable folder view for FTP sites (not good......un-check this)


    MICROSOFT VM:
    JIT compiler for virtual machine enable (install Sun Java instead


    Enable profile assistant (why enable this? some consider it a privacy issue)
     
  8. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Thank you. Alway learning something new.


    A while back, IIRC, used to get viruses in java cache. Don't anymore. Besides, java is disabled in all except trusted zone.


    Yes, your right, but I don't keep profiles and I'm never prompted.

    Regards,

    Jaws
     
    Last edited: May 7, 2005
  9. smokie420

    smokie420 Registered Member

    Joined:
    May 10, 2005
    Posts:
    64
    Location:
    Louisiana
    I think this test site helps users who are new to the computer and the internet. Thank You. Jaws I dont know much about computers, but I keep reading over your thread about the settings for IE. I'm just waiting for more approvals for your suggested settings, before I change mine. I don't know what the settings should be set to, as far as 'security' 'privacy' 'intranet' and 'restricted' So I'll just keep checking back to check updates on this post and IE settings...Thanks in advance.
    Thanks btw bigbuck for that^^ I passed except for javascripting...(i play java applet games) so I haven't disabled as it reccommended. Cookies didn't get straightened out either lol but I'm not that concerned with it, everything else passed lol thanks
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I have this ticked, why is it not good?

    I also have this ticked even though I'm using SUN Java JRE 1.5. So where's the problem?

    I have this unticked.

    For what it is worth, I also have 'Use TLS 1.0' ticked, because I cannot find any reason not to!
     
  11. RobZee

    RobZee Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    290
    Location:
    Texas
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
  13. RobZee

    RobZee Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    290
    Location:
    Texas
    Thanks for the comment Infinity.

    When I first discovered WSF in Aug.2004, all I knew about AV's & FW's were the names Symantec & McAfee. Now I browse WSF regularly and find so much info and helpfulness compared to limited exposure to other forums.
     
  14. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    True, Wilders is very userfriendly with the right gents on the right place.

    I know how it felt when I discovered there were other av's besides norton & mcafee...it was a very nice day ;) and the beginning of something that is probably one of the best things till now...
     
Loading...
Thread Status:
Not open for further replies.