Home > Enterprise Desktop Tips > > Tips on hardening and securing IE7
Enterprise Desktop Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Tips on hardening and securing IE7


Jonathan Hassell, Contributor
02.01.2007
Rating: -3.00- (out of 5)


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


The new version of Internet Explorer, version 7, has been available for a while now for Windows XP, but a lot of users will be getting a first taste of it as Windows Vista hits the streets for consumers. Let's take a look at some features and recommendations for keeping IE7 secure and hardened.

The MHTML hole

In late 2006, Secunia, a security firm based in Denmark, discovered a non-critical yet important vulnerability in IE7. Essentially, the vulnerability involves the potential for Web sites with malicious code to steal data from other sites opened in another window of IE7. Its level of seriousness is debatable, and Microsoft claims that the vulnerability exists in Outlook Express rather than IE. Whatever the reason, the vulnerability is demonstrated at this sample site hosted by Secunia.

To work around this, disable the ability for ActiveX content to run automatically. The setting is covered in my checklist, which I explain a bit later in this article.

Protected mode and the phishing filter

Rarely will I advise upgrading to a new operating system just to take advantage of a new feature. But if you are a die-hard Internet Explorer aficionado, then you'll like a new feature, available only in IE in Windows Vista called Protected Mode; it helps create what is arguably the safest browsing environment bar none.

Protected Mode could be described as IE7 running in an extremely limited security context, lower than even that of a Limited User-based account. It removes a lot of capabilities from potentially dangerous applications and effectively limits Web browser-based applications and scripts to writing to the Temporary Internet Files folder only. It's enabled by default on Windows Vista; if you refuse to use Firefox or, for some


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Microsoft Internet Explorer management
Four Internet Explorer 8 group policy security settings
Safe enterprise Web browsing: Five tips in five minutes
Top client security tips of 2006
Phishing filter: Step 2
General security configuration: Step 1
Windows Vista and IE7: Step 5
ActiveX opt-ins, information bar and cross-domain protection: Step 4
Protection against international domain names, URL handling: Step 3
IE8 brings focus to cross-browser compatibility and Web standards
Cross-site Scripting 102: How to defend against cross-site scripting

Windows desktop security tips
How Windows 7 stands up to security tests
Securing sensitive data on Windows-based laptops
Gathering and documenting your Windows desktop security policies
Windows desktop security standards documentation best practices
Desktop security preparation for a new wave of Windows apps
Four Internet Explorer 8 group policy security settings
The state of enterprise security and emerging threats in 2009
Why should Windows shops use Microsoft Baseline Security Analyzer?
A first look at Windows 7 security enhancements
Using Sysinternals tools in security management scenarios

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
ActiveX  (SearchEnterpriseDesktop.com)
ActiveX control  (SearchEnterpriseDesktop.com)
Internet Explorer  (SearchEnterpriseDesktop.com)
Internet Explorer Administration Kit  (SearchEnterpriseDesktop.com)
tabbed browsing  (SearchEnterpriseDesktop.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


reason are unable to do so, then the security is worth the price of admission to Windows Vista.

Another feature available in all versions of Internet Explorer, not just in IE coupled with Windows Vista, is the Phishing Filter. Microsoft has a database of the names of suspect Web sites. It works to notify the user if he or she opens a Web site deemed problematic by Microsoft after running the name through the database. The address bar will turn red and a warning will appear that the Web site is problematic. You can see the status of the phishing filter in the status bar at the bottom of the window; click it to turn it on and off. (Experienced users may find the behavior annoying, and there is a slight lag in loading pages while the URL is checked against Microsoft's phishing site database.)

Settings checklist

Here is a list of my recommended settings for a custom level within IE7. To implement these recommendations, select Options from the Tools menu in IE7. Navigate to the Security tab. Click the Custom Level tab after ensuring that the Internet zone is selected, and then select the following choices from the list (some less important settings can be left alone):

ActiveX controls and plug-ins:

Miscellaneous:

Scripting:

About the author: Jonathan Hassell is author of Hardening Windows (Apress LP) and is a SearchWindowsSecurity.com site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book, RADIUS (O'Reilly & Associates), is a guide to implementing the RADIUS authentication protocol and overall network security.


Rate this Tip
To rate tips, you must be a member of SearchEnterpriseDesktop.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Enterprise Desktop Security - Virus Protection, Malware Protection, Intrusion Detection
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts