This section of our Internet Explorer Security Learning Guide deals with Internet Explorer 6. IE6 is not the most recent version of Internet explorer, but still can be found being used for Web browsing in the enterprise. If there is still a need for IE6, then there is still a need for IE6 security. Check out this section of our guide for helpful expert advice on how to make sure that IE6 is not used as a doorway to your network.
Table of contents
|Securing Microsoft Internet Explorer 6|
Just because there is a more up-to-date version of the Microsoft Web browser (IE 7) does not mean that people are not still running IE6 in the enterprise. And wherever there is a user running Internet Explorer 6, there is a security vulnerability that can give a hacker access to your network.
Despite it not being the most recent version of Internet Explorer, our resident security experts Jonathan Hassell and Kevin Beaver still field user questions on IE6 security. They address such topics as running IE6 after downgrading from IE7, surviving with out-of-date IE6, adjusting security settings in IE6 and more. Check out some questions users have asked in our FAQ below.
Internet Explorer 6
If you plan on running IE6 in the enterprise, you should be properly prepared. Proper IE security takes some user know-how and you will have to micromanage some of your security settings. Of course, according to Windows security threats expert Kevin Beaver, there are certain types of malware that can prevent you from making necessary security changes. Follow the tips below to learn how you can survive with Internet Explorer 6.0.
Adjusting security settings in Internet Explorer 6.0
Question: When I go to Internet Explorer 6.0, then Tools, then Internet options, the Apply button is disabled so I can't make any changes to the Internet options. I've been told that it has to do with my security template. My question is where in the security template is that Apply button being disabled
Kevin Beaver: There's a chance you have a malware infection that does not allow you to change things like your home. I recommend scanning your system using 2-3 anti-spyware tools such as Spybot and Microsoft's Antispyware as well as perform a thorough virus scan. You can also run gpedit.msc to see if any IE settings have been changed/applied as shown here:
Run a secure IE6 after downgrading from IE7
Question: I need to use a software that will only install under IE6. Unfortunately, I have updated to IE7 and because of the Windows hardening that has taken place I am in a sticky situation. What would you suggest to keep my IE secure after downgrading from IE7 to IE6?
Jonathan Hassell: Using IE6 isn't necessarily a losing proposition. Here are some of the basics:
- Install the latest IE patches—the recent update corrected a pretty big security hole
- Make sure you have an antivirus solution installed
- Watch out for sites that can give you spyware (a popup blocker is necessary here to prevent some automated installs)
- Check your zone settings to make sure the Internet isn't a trusted place
- Consider disabling ActiveX controls
- Install Firefox and use it exclusively except with the application that requires IE6
Security risks in Internet Explorer 6
Question: I want to take a step back from Internet Explorer 7 but I am concerned about the security risks of IE6. What do I need to worry about in Internet Explorer 6 that I do not need to worry about in Internet Explorer 7? What steps should I take to limit security risks during such a switch?
Jonathan Hassell: As far as what you should consider from IE6 that IE7 might take off your mind:
- IE6 doesn't run in low privilege mode, so adware and spyware can infiltrate more easily.
- There is no phishing filter in IE6, nor are there any obvious warning signs when you're about to enter a phishing site.
- IE6 doesn't have tabs out of the box. (Not security related, but it's certainly a convenience factor.)
Make sure you have an antivirus solution installed, watch out for sites that can give you spyware (a popup blocker is necessary here to prevent some automated installs) and check your zone settings to make sure the Internet isn't a trusted place. Or, better yet, install Firefox until you're ready to return to IE7.
This was first published in July 2007