Can you make internet explorer more secure?


Recommended Posts

Why not just be logged in as a NON admin user account?  And only auth as an admin when needed..

586266544[/snapback]

I understand that. Its what I preach is the leading problem of modern Windows security.

But there are some users that really do need to run as Admin for certain things. Just because they have to run as Admin, doesn't mean they have to run everything as Admin either. And people that want to just do it because they are lazy and argue "But I have to log out and login as the Admin or Switch User" or whatever, when they don't.

Link to comment
Share on other sites

you didn't really read #2 did you?  :sleep:

i pity you because I'm in Canada. ;)

586263872[/snapback]

Wait a minute. If you're from canada, then shouldnt I pity you.

you know...because you're canadian.

STV

Link to comment
Share on other sites

I understand that. Its what I preach is the leading problem of modern Windows security.

But there are some users that really do need to run as Admin for certain things. Just because they have to run as Admin, doesn't mean they have to run everything as Admin either. And people that want to just do it because they are lazy and argue "But I have to log out and login as the Admin or Switch User" or whatever, when they don't.

586268634[/snapback]

Name one reason a "USER" would have to have admin rights? If they are running some software that requires permissions that go beyond the normal power user settings. Then these "specific" rights can be given - ie if they need permissions to some reg key, or directory or files.. then they can be given these rights..

From a security standpoint you should always use the min required permissions to accomplish the task..

If a user needs permission to \\someshare you don't give them admin rights to server sharing it, etc..

If you have some software the user is running that does not work unless they are admin, I would suggest you grab regmon and filemon from sysinternals and figure out what the software is trying to access.. then give the user the right to do what the software needs.. not admin rights to the whole box.. ;)

Link to comment
Share on other sites

Wait a minute.  If you're from canada, then shouldnt I pity you.

you know...because you're canadian.

STV

586269080[/snapback]

Do you have a problem with Canafians? Because if you do, you should realise that that's not what this is about, you aren't funny, and it doesn't matter what country you're from, we're on the saame side here, even though I prefer Canada, that's just because I live here. Steer away from that topic.

And if you were trying to be funny, no offense, but you sorta killed the joke.

Edited by simeandrews
Link to comment
Share on other sites

Name one reason a "USER" would have to have admin rights?

I'm not sure why you are argueing with me. I'm not the one that says "You need to run as Admin."

All I said is that people do anyway.

Link to comment
Share on other sites

So anyway, I was wondering, since internet explorer is more compatable than firefox most of the time, I want to feel safe using it.

Everytime someone says that I have to cringe. IE more compatible than Firefox? Using what yardstick? Certainly not when the reference point are the w3c standards.

As a web developer, I pray for the day that IE either goes away or MS finally fixes it and follow the standards. Would make my job much easier. Imagine not having to write ugly CSS hacks just to support IE. Or is that too much to wish for?

Link to comment
Share on other sites

^ ie is the standard :p

586280630[/snapback]

No. It does not work that way. You can't code for IE exclusively and ignore standards. IE in its current incarnation won't be here forever and you'd be shooting yourself in the foot if you use it as _the_ standard. IE 7 will hopefully follow standards and that means that something you wrote for IE 6 exclusively may even break in IE 7. Standards outlive products.

Link to comment
Share on other sites

IE sux, just get firefox, because firefox has in built javascript and activx enabled , making browsing more secure

586274896[/snapback]

Gosh, Firefox tards are getting dumber everyday :rolleyes:

And IE is THE standard, so why the hell does W3C crap matter anyways?

------------------------------------------

BudMan is right on the ball - RUN AS RESTRICTED USER

You will prevent like 50% of all spyware

Get SpywareBlaster and a couple of scanners and you are good to go

If the program doesn't run under restricted accounts, maybe you need to ditch it and get an alternative app because only crappy programs require admin privileges.

Link to comment
Share on other sites

In terms of Internet Explorer and security, I try to tighten it up while still allowing for core functionality. But I do turn off interactive scripting and a few things in the default Internet Zone to protect from spyware, and malware and stuff like that. Here's some of the config options I use in the INTERNET ZONE:

  • ActiveX Controls and Plug-Ins
    Download Signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disable
    Initialize and script ActiveX controls not marked as safe: Disable
    Run ActiveX controls and plug-ins: Enable
    Script ActiveX controls marked safe for scripting: Enable
    Downloads
    File download: Enable
    Font download: Disable
    Microsoft VM
    Java permissions: Disable Java
    Miscellaneous
    Access data sources across domains: Disable
    Allow META REFRESH: Enable
    Display mixed content: Prompt
    Don't prompt for client cert selection when no certs or only one cert exists: Disable
    Drag and drop or copy and paste files: Enable
    Installation of desktop items: Disable
    Launching programs and files in an IFRAME: Prompt
    Navigate sub-frames across different domains: Enable
    Software channel permissions: High safety
    Submit nonencrypted form data: Enable
    Userdata persistence: Disable
    Scripting
    Active scripting: Disable
    Allow paste operations via script: Disable
    Scripting of Java applets: Disable
    User Authentication
    Logon: Anonymous logon

Under PRIVACY SETTINGS, I select ADVANCED and have the following options checked - no others:

  • Override automatic cookie handling: CHECKED
    First-party Cookies: BLOCK
    Third-party Cookies: BLOCK

Then under the Web Sites section on that same tab, I add the sites I want to allow, like:

  • sharkyforums.com = Always Allow
    google.com = Always Allow

Under the ADVANCED tab, I will list only those items I have checked or specifically set. If it is not listed below, it is not checked in my config:

  • Browsing
    Always send URL's as UTF-8: CHECKED
    Close unused folders in History and Favorites: CHECKED
    Disable script debugging: CHECKED
    Enable folder view for FTP sites: CHECKED
    Enable third-party browser extensions: CHECKED
    Reuse windows for launching shorcuts: CHECKED
    Show friendly HTTP error messages: CHECKED
    Underline links: ALWAYS
    Use inline AutoComplete: CHECKED
    HTTP 1.1 settings
    Use HTTP 1.1: CHECKED
    Microsoft VM
    JIT compiler for virtual machine enabled: CHECKED
    Multimedia
    Don't display online media content in the media bar: CHECKED
    Show image download placeholders: CHECKED
    Show pictures: CHECKED
    Smart image dithering: CHECKED
    Search from the Address bar
    Do not search from the address bar: CHECKED
    Security
    Check for publisher's certificate revocation: CHECKED
    Empty Temporary Internet Files folder when browser is closed: CHECKED
    Enable Integrated Windows Authentification: CHECKED
    Use SSL 2.0: CHECKED
    Use SSL 3.0: CHECKED
    Warn about invalid site certificates: CHECKED
    Warn if forms submittal is being redirected: CHECKED

That should about do it for those settings. At least the ones I have on my system that seem to work for me.

That other zone, the Restricted Zone, I pretty much leave alone and just tie Outlook Express 6 to it so that no funny HTML stuff goes on in my email. I also view PLAIN TEXT ONLY in Outlook Express 6 too. That seems to help against those nasty image tricks as well.

Link to comment
Share on other sites

Another helpful way to secure IE 6 is to use the Maxthon add-in.

Maxthon is the updated and modernized version of the MyIE 2 application. Basically, it is an add-on that runs on top of the Internet Explorer engine and provides the user with a wide variety of improvements, including tabbed browsing, page grouping, flash display toggle, ad and pop-up blocking, mouse gestures, support for the Google Toobar plug-in, skins, privacy protection, an RSS feed and a whole lot more. It is to me what Internet Explorer should have and could have been all along. It is really just that good and I could not imagine running IE without it.

The home page for the Maxthon program is listed below:

http://www.maxthon.com/

If you want to skip right to the Download page, here it is:

http://www.maxthon.com/download.htm

There are two main packages - the Standard version and the Combo version. I like to use the Standard version because it is a nice minimalistic setup, but if you want the extra plug-ins and skins, you could grab the Combo.

MAXTHON OPTIONS SETTINGS

One benefit of Maxthon over MyIE 2 is that all of the configuration screens have been merged into a single dialog. MyIE 2 had separate configuration panels that could be somewhat confusiong. Once you open the Maxthon Options screen, you will see a series of categories on the left and the tabbed dialog interface for settings on the right.

What I will try to do in the remainder of this section is outline the settings that I find to be most helpful. I'll go through each category and corresponding tabbed dialog, specifying the settings in each. They may not be the exact same settings everyone else finds the most useful, but once they are configured, you can backup the settings and then tinker with them to find just the right balance of form and function for your needs.

CATEGORY: GENERAL

General

Allow only one instance - checked

Display animation icon - unchecked

Enable boss key - unchecked

Show tra icon - unchecked

Show all web pages in predefine zoom facter - 100%

Disable script error - checked

Use flat browser scroll bar - checked

Ignore window ID assignment in frames - unchecked

Lock home page - checked

Add Maxthon User-agent identification - checked

When Starting

Do not load start page when opened by other program - checked

Check for new version - unchecked

Chec for new server messages - unchecked

Automatically download new security enhancement update - unchecked

Check whether Maxthon is the default browser - unchecked

When Closing

Clean undo list - unchecked

Clean address - unchecked

Clean search bar history - unchecked

Clean history - unchecked

Clean cache - checked

Clean cokies - unchecked

Clean form data - checked

CATEGORY: START PAGE

Open home page - checked & set to http://www.google.com/

Resume last visited pages - unchecked

Open favorites folder - unchecked

Open group - unchecked

Don't open any page - unchecked

CATEGORY: FAVORITES

All items listed - unchecked

Max menu width - 50

CATEGORY: ADDRESS BAR

General - all entries at default

Services - empty - all entries removed

URL Alias - empty - all entries removed

CATEGORY: SEARCH - empty - all entries removed

CATEGORY: TAB

General

After a tab is closed activate: Left Tab

Tab bar position: Tab at Top

Max number of tabs - 20

Max characters allowed on tabs - 50

Interval between tabs open - 0 seconds

Use CTRL-ARROW to browse tabs - checked

Use middle mouse scroll button to browse tabs - unchecked

Tab Actions - Close Window - Double Left Click

Tab Actions - None - Middle Click

Tab Actions - None - Right Click and Hold CTRL

Show quick close button on tabs - unchecked

New Tab

Open new tab from - New Address - unchecked

Open new tab from - Local Files - unchecked

Open new tab from - History - unchecked

Open new tab from - Favorites & Links - unchecked

Open new tab from - Links in page - unchecked

Open new tab from - Home - unchecked

Open new tab from - Middle mouse button click on links - checked

Open new tab from - Search bar result - unchecked

New tab options - CTRL-N - Current tab - checked

New tab options - Activate New Tab - checked

New tab options - Display New Tab Next to Current

Appearance

Bold active Tab title - unchecked

Use flat button Tab - unchecked

Allow Tabs on multiple lines - unchecked

Auto adjusting Tab - checked

Max Tab width: 107

Min tab width: 106

CATEGORY: POPUPS

Show popups in sized tab - unchecked

Show popups at fixed position and size - unchecked

Activate popups - unchecked

Show popups in front of its parent tab - checked

Show block bar in popups tab - checked

Show notification bar when popups are blocked - unchecked

CATEGORY: DOWNLOAD

Load Images - checked

Load Sounds - unchecked

Load Video - unchecked

Play Animation - unchecked

Allow Scripts - checked

Allow Java Applet - checked

Allow ActiveX - checked

Download Manager - Do Not Use Download Manager

Monitor Below Types For Downlaod managers - default (zip, exe, etc.)

CATEGORY: SAVE

Save Path - Default Save Path - default

Save Path - Image Save Path - default

Auto Save - Auto Save As - Whole Web Page (.htm, .html)

Auto Save - Categorize Pages by Site - unchecked

CATEGORY: AD HUNTER

General

Add Ad Hunter to browser right click menu

Enable Web AD Blocker - checked

Replace blocked Ad with - unchecked

Filter duplicated URL - checked

Enable auto popup blocker - checked

Enable popup blocker - checked

Enable floating Ad blocker - checked

Enable unwanted web dialog blocker - checked

Play sound when a popup window is blocked - unchecked

Popup Filter - Black List and Exceptions List - defaults

Content Filter - Black List and Exceptions List - defaults

ActiveX Filter - all items left blank

CATEGORY: RSS FEED

Always open news in new tab - unchecked

Automatically update the feed when category changes - unchecked

Auto-discover feeds on web pages - unchecked

Use tooltip to display feed descriptions - unchecked

Notify me when RSS feed is found on web pages - unchecked

CATEGORY: MOUSE ACTION

General

Use mouse gestures - unchecked

Show recognized gesture on status bar - unchecked

Use Super Drag Drop (only effective on new opened tab) - unchecked

Mouse Action

Double Click on Tab Bar - File -> New Tab -> Home

Double Left Click on Page - blank

Gesture - ALL SETTINGS DEFAULT

Hold Left Button, Click Right Button - blank

Hold Right Button, Click Left Button - blank

CATEGORY: KEYBOARD

URL Key - ALL SETTINGS DEFAULT

CATEGORY: PROXY

All Items Removed From List

CATEGORY: SKIN

Active Skin: No Skin (provides best true tab appearance)

CATEGORY: PLUGIN

Maxthon Plugin - All Items Removed From List

IE Plugin - Enable IE Plugin Support Checked

IE Plugin - All Items Removed From List

CATEGORY: EXTERNAL TOOL

All Items Removed From List

CATEGORY: ADVANCED

Language - English

Browsing - Show Site Favorites Icon on Tab - unchecked

Browsing - Close Other Tabs When Launching Groups - checked

Browsing - Reload Missing Pictures - unchecked

Browsing - Open all links when drop a selection - unchecked

Browsing - Custom highlight style in search result - blank

Java Virtual Machine - Microsoft Java Virtual Machine - selected

Java Virtual Machine - Other Virtual Machine Installed - unselected

Show confirmation dialog when - Program Exit - unchecked

Show confirmation dialog when - Close All Tabs - unchecked

Misc - Add system menu in favorite context menu - unchecked

Misc - Show toolbar label - checked

Misc - Show side bar button in autho hide mode - unchecked

Misc - Show Custom menu items on browser context menu - unchecked

Misc - Do not auto-refresh current tab - unchecked

Handle other progra's DDE call when Maxthon is running - checked

Link to comment
Share on other sites

And IE is THE standard, so why the hell does W3C crap matter anyways?

Because the w3c standards show how browsers should behave and how developers should code to achieve desired results. Imagine writing something when no one has defined what different combinations of letters should mean. Reading the words would make no sense to the next person, would it? Without such a standard, one will have no way of telling browsers to behave consistently.

Most web developers I know use Firefox/Safari as their prefered browser. They make the site layout with a standards compliant browser first, because that way they see how the site should be looking. Then they test on IE and add CSS hacks to get IE to show the site properly. The end result is that the site should look resonably the same in all browsers. You as a user don't know about the IE's CSS quirks because a developer has sweated over his/her code to cater for IE.

IE is _not_ a standard. It is a www browser. It does not attempt to define how things should look. It tries to render content based on the guidelines of the w3c. And it could do a much better job of it.

Edited by vhane
Link to comment
Share on other sites

Unlike the IE fanboys, Microsoft admits that IE should support the w3c standards more.

From http://www.microsoft.com/windows/IE/ie7/default.mspx:

"Internet Explorer 7 will offer customers including: [...] Platform enhancements for developers to improve compatibility and manageability, including improved support for Cascading Style Sheets (CSS) as well as transparent PNG support."

The IE 7 Beta 1 technical overview says:

"Web developers have expressed some frustration with certain peculiarities in the behavior of Internet Explorer 6, especially in the areas of standards support. [...] In Internet Explorer 7 beta 1, the browser architecture has been reengineered to address compatibility and will offer additional support for popular standards. [...] Internet Explorer 7 is prioritizing compliance to CSS standards by first implementing the features that developers have said are most important to them. [...] The work Microsoft has done includes fixing some positioning and layout issues related to the way Internet Explorer 6 handles <div> tags. The final release of Internet Explorer 7 will focus on improving the developer experience by reducing the time needed for developing and testing on different browsers."

Luckily Microsoft is not adopting the head-in-the-sand attitude displayed by some fanboys. They know that developers are frustrated with IE's quirks with regards to CSS handling, and will hopefully fix that once and for all.

Link to comment
Share on other sites

Even after securing IE, I got a virus from it today. It might have happened in Firefox too, but I still don't feel safe anymore, boot.ini was an important file...

Don't worry, I'm already getting support.

Link to comment
Share on other sites

I don't know if it really has anything to do with being a fanboy. For a lot of us, we simply have to have IE working for sites that don't work as well or properly without it. Windows Update does not work right for me with Mozilla or Firefox, for example. My online banking sites go wiggy if I don't use IE too.

I use it because it's easier than not using it, not because I think it is better. That said, Maxthon does make IE 6 into a much better product, imo, and also imo, holds up well against Firefox and Mozilla.

Seems like Maxthon is what IE should have / could have been all along. :)

Link to comment
Share on other sites

only crappy programs require admin privileges

Totally not. In fact, several Windows updates seem to require admin privilages. Many installers for popular apps do as well.

On the IE side, Maxthon > bare IE. Tabs, saved sessions, RSS, etc. make it a good choice for those who insist on using IE :)

Firefox is still less targeted, though :D

As to IE being "the standard," that's completely wrong from my (a webmaster's) point of view. Sure, IE has a ~80% market share, but the W3C is the defining group for just about every web standard. If IE was the standard, we'd all be happily using invalid (X)HTML, <bgsound> tags, ActiveX controls...let's just say it wouldn't be good if Microsoft set the Web standards, hmm?

Link to comment
Share on other sites

Totally not. In fact, several Windows updates seem to require admin privilages. Many installers for popular apps do as well.

On the IE side, Maxthon > bare IE. Tabs, saved sessions, RSS, etc. make it a good choice for those who insist on using IE :)

Plus, the integrated ad-blocker stuff is pretty nice, and I like that I can toggle off Flash, Scripting, etc. via the download control button. Very easy to access.

Link to comment
Share on other sites

Do you have a problem with Canafians? Because if you do, you should realise that that's not what this is about, you aren't funny, and it doesn't matter what country you're from, we're on the saame side here, even though I prefer Canada, that's just because I live here. Steer away from that topic.

And if you were trying to be funny, no offense, but you sorta killed the joke.

586270004[/snapback]

1. I didnt say anything wrong.

2. he didnt have to come in with his elitest attitude.

3. He didnt have to bring up his nationality.

4. My comment was not ill intended, just sarcastic.

As a matter of fact, I dont have a problem with any race, nationality, or ethnicity.

STV

Link to comment
Share on other sites

I don't know if it really has anything to do with being a fanboy.  For a lot of us, we simply have to have IE working for sites that don't work as well or properly without it.  Windows Update does not work right for me with Mozilla or Firefox, for example.  My online banking sites go wiggy if I don't use IE too.

I totally respect that. My issue is with people saying that IE is the standard when they have no idea what they are talking about.

Link to comment
Share on other sites

I totally respect that. My issue is with people saying that IE is the standard when they have no idea what they are talking about.

I guess folks could argue that it's "the standard" because it is simply so dominant in terms of market share. There are a lot of sites still tailored specifically for IE even though they violate normal web standards from groups like W3 and what not.

To me, it's not worth fighting over. There are alternatives and folks can use what they want. I know that I choose to live with IE and all its flaws because the alternative means more hassle than it is worth at the present time. So, by locking it down and using the Maxthon add-on, I can make it liveable. :)

Link to comment
Share on other sites

I guess folks could argue that it's "the standard" because it is simply so dominant in terms of market share.  There are a lot of sites still tailored specifically for IE even though they violate normal web standards from groups like W3 and what not.

From a user's perspective, I can see how people could arrive at this conclusion, based on just marketshare. However, like I said, they have no idea. "Most popular" is not very helpful to developers. We need something that tells us that writing code xxx will affect the rendering in way yyy. The fact the IE sometimes renders zzz ****es off a lot of web developers (those that have made it their business to learn how CSS works for example). We rely on standards and protocols to achieve consistency. That's our bread and butter. In order to work with IE, one sometimes has to find out how/why the rendering differs, then write an IE-only hack to fix the display. And the IE users can go on blissfully unaware and write in forums how IE is the standard...

What we do know about IE's rendering flaws has come from experimentation, not from a standards document written by Microsoft. And hence it cannot be argued that developers should follow IE's way (it's not been defined, we aren't told how to). From our perspective, we should not have to fart around and try to reverse engineer a product to figure out why it is not behaving in the expected manner. The vendor of that product should ensure that it follows the standards. Microsoft will hopefully walk the talk with IE 7 and do just that.

Link to comment
Share on other sites

I'm not about to criticize anyone for programming their pages to fit the defacto standard. If a browser has 80% plus market share, it could be argued that someone would be a fool to not give that some consideration.

I don't make the rules, I just browse and use what I have to use to get things to work. I'm not gonna hold a grudge or judge folks for trying to do what they have to do in order to get by - at least when it comes to something like web browsing. :)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.