You never know when you're going to fall victim to something malicious on the Internet. If you're using Internet Explorer as your main browser, it's a good idea to lock down those services that are most at risk. This excerpt from David A. Karp's Windows 7 Annoyances lets you know what you'll need to do in order to lock down Internet Explorer.
Over the years, Microsoft has fixed hundreds of security holes in Internet Explorer, and if you’ve been using the Windows Update feature regularly, you already have the benefit of all their sweat and tears sitting on your hard disk. But the larger issue is IE’s underlying design—and its cozy connection with the underlying operating system—that has caused so much trouble all these years.
The premise is that a web page can contain code that instructs Internet Explorer to install software on your PC. In the early days, web designers used this capability sparingly, mostly to install widgets and small helper programs to add trivial features to their pages. But it didn’t take long for unscrupulous hackers and greedy corporate executives to learn how to exploit Internet Explorer’s open-door nature, which is why we now have spyware, adware, browser hijackers, rootkits, and other nasty surprises.
Microsoft finally addressed many of Internet Explorer’s unfortunate shortcomings in IE8, which comes with Windows 7, and not a moment too soon. But just because IE now looks for signed code and has a list of malicious websites at its disposal, doesn’t mean it can’t still be a conduit for malicious software. Thanks to the strategy tax explained in the preface, you have two choices: hobble Internet Explorer by turning off the most dangerous features, use a different browser, or both.
Warning: If you’re using Mozilla Firefox, discussed later, avoid the Microsoft .NET Framework Assistant (ClickOnce) add-on like the plague. It adds to Firefox the same core vulnerability of Internet Explorer, namely the ability for websites to easily and quietly install software on your PC, and is installed surreptitiously with several Windows updates. Since this design flaw is one of the reasons you may’ve originally switched to Firefox in the first place, you’d be wise to remove it. If you find the Uninstall button grayed out in Firefox, see http://www.annoyance...w/article08-600 for removal instructions.
If you want to stick with Internet Explorer for now, open the Internet Options window in Control Panel (or from the Tools drop-down in IE, select Internet Options). Choose the Security tab, and turn on the Enable Protected Mode option if it’s not already enabled. Then select the Internet “zone” icon at the top (the globe), and then click Custom Level below to open the Security Settings dialog box shown in Figure 7-36.
Figure 7-36. Use the Security Settings window to turn off some of the more dangerous Internet Explorer features
Warning: Setting the Launching applications and unsafe files option may have consequences even if you use Mozilla Firefox to download files. If Firefox tells you that a “download has been blocked by your Security Zone Policy,” try changing this option to Prompt instead of Disable.
Next, click the Trusted sites (green checkmark) icon, click the Sites button, and turn off the Require server verification (https:) for all sites in this zone option. Type the following URLs into the Add this Web site to the zone field, clicking the Add button after each one:
http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://*.windowsupdate.microsoft.com
These four URLs permit the Windows Update feature to continue working unencumbered by your new security settings. The asterisks are wildcards allowing these rules to apply to variants, such as http://download.windowsupdate.com. Feel free to add the domains for other websites you trust, and then click OK when you’re done.
Learn more about this topic from Windows 7 Annoyances.
Windows 7 may be faster and more stable than Windows Vista, but that's a far cry from problem-free. With Windows 7 Annoyances, you'll learn how to deal with a wide range of nagging problems before they deal with you. Annoyances.org founder David Karp offers you the tools to fix all sorts of Windows 7 issues, along with solutions, hacks, and timesaving tips to make the most of your PC.