SECURITY SOLUTIONS:
How to setup MSIE to resist Viris, Phishing, Active-X exploits, security breaches, Spyware, Virus, Trojans, Phishing, Keyloggers, Security, & Password stealers.
By Admin

First thing, I'm going to recommend a spyware protection progam. But if you'd like to make MSIE (Microsoft Internet Explorer) more secure on it's own, continue reading and I'll show you how to do it.

Thankfully MSIE for all it's problems, does have a way to protect you, however you have to configure to do so. The default settings for MSIE are just plain sloppy. The key to MS (Microsoft) protection, is that MSIE allows you to classify all sites in one of three catagories: General Internet, Trusted Sites and Restricted sites. What you are going to do is totally shut down the "General Internet" sites to a bare minimum of features and permissions. Then you are going to add all those sites you know are legit, like paypalsucks.com, cnn.com, msnbc.com, etc. to the list of "Trusted Sites." In the middle will be all those other sites you use, but are not sure are 100% legit. Those you will put into the "Restricted sites" list. In that list, all you will allow, beyond the most basic of settings, is allowing "Javascript" to run. Otherwise "Restricted Sites" is almost as closed to hackers as "General Internet" sites.

To start, in your MSIE click on "tools" and then "internet options." Then click on the "security" tab. You will see the following:

If you click on "Trusted Sites" and "Restricted Sites" you will see the following:

Go back to "Internet" by clicking on the globe, and then click on "Custom Level." Click on the drop down box labeled "Reset Custom Settings" and select "high" and "reset." (normally it's "medium.") It'll ask you to confirm, say yes. Then go through each of the following screens checking them. You will have to enable the following:

  • enable downloads
  • enable download fonts
  • enable meta refresh
  • enable mixed content
  • enable copy and paste
  • enable I-frames
  • enable navigation across domains
  • enable non-encrypted form data

    because setting the custom level to high turns these off features and I don't see them as big threats. (The features enable mixed content, enable copy and paste, enable I-frames, and enable navigation across domains, could still pose a risk, but I consider it a low risk and having those disabled makes it very difficult to navigate the web.) Everything else should be to disable or prompt. See the following screens:

    When you are done, click okay, and you should be back at the security settings tab. Now click on "Trusted Sites."

    Now click on "custom level" and then the drop down box under "Reset custom settings" to low and then "reset" and confirm.

    Click on okay, and you should be back at the security tab. Now click on "Restricted Sites."

    Again, set the "Reset custom settings" to high, and bascially follow the same you did for "General Internet" with the following exceptions: Java is still off, but Scripting is set to enabled. See:

    Now when you go to a site you will allow javascript. There is still some risk, but it's fairly low, and there are a ton of sites that use javascript. (Including this one.) If you are still worried, you can specify "prompt" (To ask you permission first, but I don't see a lot of usefulness in that.) Click on okay and okay again, and then close and restart MSIE. Javascript is still risky, but not as risky as Java or Active-X. (See Microsoft's page on this.)

    Now when you go to sites, you will find most of the sites you goto are nothing like what are you are used to. This is because all the scripting has been disabled. If you know the site is legit, you can add it to "Trusted Sites" and it'll work again like you are used to. Here's how you do that:

    First click on "trusted sites," and then click on "Sites" button. You will get this dialogue box:

    Now type *.domain.com in the add box and click on "add." Of course don't put "domain.com" in there, but the domain of the site you are on. For example, "*.paypalsucks.com" "*.nopaypal.com" "*.microsoft.com" "*.yahoo.com" etc. You can add all those you know are good sites. You must add them as star dot domain name, ie *.domain.com. If you do not put the star dot in there, it won't work. When you are done, click on okay.

    As you use your new setup for MSIE, you'll have to add sites to either the "Trusted Sites" or the "Restricted Sites" lists. This should protect you from unknown sites and bad Active-X, Java, and other exploits. It's not 100%, but it's better than nothing. I still recommend using a spyware protection program in addition to these security updates. Be careful of the sites you add to your list of "Trusted Sites." You are giving them a very wide range of permissions on your computer. You should only add those you know are never likely to be corrupted, hacked or used in a criminal manner. Any site you are unfamiliar with will get your "Internet" settings, and if you can't navigate their site, you can add them to the "Restricted Sites" list first, to see if you can at least use the site. Also, you can taylor your "Restricted Sites" features to your own needs, however, adding features will open this list of sites to exploits and tend to defeat the purpose of doing this. But everyone has their own threat level and only you can assess yours. One thing for sure, wait till you are sure of the site before moving it to the list of "Trusted Sites."

    Good luck!

    Okay, back to our normal mode of flogging. ;-)