How to make IE 6 more secure?

  • Thread starter Thread starter Francis Marsden
  • Start date Start date
F

Francis Marsden

Can someone please direct me to a site which explains how to configure
Internet Explorer 6 (for win98) so that it is more safe from
viruses,scripts. etc. than it is with the ndefault configuration?
Thanks
 
Francis Marsden said:
Can someone please direct me to a site which explains how to configure
Internet Explorer 6 (for win98) so that it is more safe from
viruses,scripts. etc. than it is with the ndefault configuration?
Thanks
Click to expand...

It's rather easy: In the Internet options (Security tab) for the
Internet zone switch off ActiveX and Active Scripting or set it to
prompt. If there's a reliable site which *really* needs these features
(like the Windows Update site), put it to the trusted zone. If you're
using Outlook or Outlook Express set it to the restricted zone, where
nothing is allowed.

And try to use another default browser, like Mozilla. That's what I
did, and I'm OK with that (and I'm not using Outlook-ish software).

Gabriela
 
Can someone please direct me to a site which explains how to configure
Internet Explorer 6 (for win98) so that it is more safe from
viruses,scripts. etc. than it is with the ndefault configuration?
Thanks
Click to expand...

Francis,

Here are three browser security evaluation websites:
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/sid-5da806b0df2bcefd4268f40f69c731e3/index.php
https://testzone.secunia.com/browser_checker/

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
 
Francis,

1) Make sure you have installed all the critical updates to IE 6, Windows
and OE.

http://windowsupdate.microsoft.com is the website with those updates.

2) Install, use and keep updated any popular anti-virus program.

3) Use your head when you are sent files with types .pif .exe .com .scr
(those are dangerous).

4) Consider moving to a version of Windows with backup/recovery XP and ME

4) Relax..... you are pretty darn safe, if you have done the above.

John B
 
Francis,

1) Make sure you have installed all the critical updates to IE 6, Windows
and OE.
Click to expand...

There's a new one today.
http://windowsupdate.microsoft.com is the website with those updates.

2) Install, use and keep updated any popular anti-virus program.

3) Use your head when you are sent files with types .pif .exe .com .scr
(those are dangerous).
Click to expand...

And make sure that the extension being displayed is the real one - IE
tends to suppress real extensions.
4) Consider moving to a version of Windows with backup/recovery XP and ME
Click to expand...

That complicates virus removal and cleanup, so like so many MS
features, it often has to be turned off in the interest of virus
protection.
4) Relax..... you are pretty darn safe, if you have done the above.
Click to expand...

Not as safe as a Firebird user on Linux - not by half.



T.E.D. ([email protected])
SPAM filter: Messages to this address *must* contain "T.E.D."
somewhere in the body or they will be automatically rejected.
 
Chuck said:
Francis,

Here are three browser security evaluation websites:
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/sid-5da806b0df2bcefd4268f40f69c731e3/index.php
Click to expand...

I tried the above test with Mozilla Firebird 0.7 and Microsoft
Internet Explorer 6, both with their default settings, both running on
Windows XP.

Here are the results:

Firebird
--------

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

IE
--

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 7
Medium Risk Vulnerabilities 6
Low Risk Vulnerabilities 1

Also note that, while the IE test was running, my computer lagged
noticably, something that didn't happen with the Firebird test.
https://testzone.secunia.com/browser_checker/

Cheers,

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
Click to expand...

Regards
 
Tom B. said:
hp

I tried the above test with Mozilla Firebird 0.7 and Microsoft
Internet Explorer 6, both with their default settings, both running on
Windows XP.

Here are the results:

Firebird
--------

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

IE
--

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 7
Medium Risk Vulnerabilities 6
Low Risk Vulnerabilities 1

Also note that, while the IE test was running, my computer lagged
noticably, something that didn't happen with the Firebird test.
Click to expand...

Chuck, I too ran the Browser Security Test (on IE6, with all patches etc.
applied) however "I" received different results (on WinME):

Browser Security Test Results
Dear Customer,

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

Was your copy of IE6 updated to incl each and every patch etc.? I don't
understand why you received such different results, unless it has something
to do with the differences in your OS and mine (and besides the basics, I'm
certainly not all that 'up' on computers).



---
Outgoing mail is only certified virus free in accordance with the latest
virus update file. You are well advised to scan all incoming e-mail at your
end..
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.538 / Virus Database: 333 - Release Date: 10/11/2003
 
I tried the above test with Mozilla Firebird 0.7 and Microsoft
Internet Explorer 6, both with their default settings, both running on
Windows XP.

Here are the results:

Firebird
--------

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

IE
--

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 7
Medium Risk Vulnerabilities 6
Low Risk Vulnerabilities 1

Also note that, while the IE test was running, my computer lagged
noticably, something that didn't happen with the Firebird test.
Click to expand...

The Scanit test is long, and throws a lot of dialogs at you. And it
does eat a lot of cpu under IE (showing you how many IE specific tests
there are?).

Your IE test shows 7 high risk vulnerabilities. You need to scroll
down the page below the numbers, read what they are, and fix what you
can. THat's the purpose of the test - to encourage you to harden your
browser. In your case, IE needs a lot of hardening, Firebird none.

Evaluation is the first step. Improvement next. Then reevaluation.

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
 
Chuck, I too ran the Browser Security Test (on IE6, with all patches etc.
applied) however "I" received different results (on WinME):

Browser Security Test Results
Dear Customer,

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

Was your copy of IE6 updated to incl each and every patch etc.? I don't
understand why you received such different results, unless it has something
to do with the differences in your OS and mine (and besides the basics, I'm
certainly not all that 'up' on computers).
Click to expand...

Each person's tests will probably be different. This is the summary
from my latest.

---------------------------------------------------------------------

Browser Security Test Results
Dear Customer,

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 2
Low Risk Vulnerabilities 0

New bugs keep coming! Sign up for announcements of new tests.

Questions about the test? Read the FAQ.

Still having questions? Send us your feedback.

Want to know how everyone else is doing on Browser Test? Check our
statistics.

---------------------------------------------------------------------

My specific vulnerabilities are further down the page, below the
Summary. Yours are too.

Your results will vary by: OS, OS patch level, browser, browser
version, patches applied, browser configuration, when the test was
run.

You need to look at your specific vulnerability list, choose which
ones are significant to you, decide which ones you can fix, and fix
them.

Depending upon the vulnerability, you might decide to: Upgrade your
browser, patch your browser, patch your OS, change a security setting,
change how you answer an alert dialog.

Once you fix what you can, you repeat the test. You repeat until you
run out of tests, run out of time, run out of paranoia.

Remembering that "New bugs keep coming!", you sign up for notification
of new tests. And you repeat the tests later.

Awareness, which comes from evaluation, is the first step. Stay
aware.

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
 
I tried that test with Mozilla FB, says that I have popups blocked even
though I disabled the popup blocker that comes with it. Could it be
Firebird is SO secure that it wont even let me run a browser security
test?! Awesome :)
 
Back in the day { [email protected]},
john avery said:
Just get Mozilla Firebird. Tinkering with IE will not
make it suck any less.
Click to expand...

The open-source version of "security through obscurity" works no better than
the proprietary version. In fact, STO has never been a successful
strategy, since before browsers or even PCs existed.

The only constant is that ANY software has security vulnerabilities, and
eventually they will be discovered. Especially software that relies on
network access.

When Mosaic Netscape (the granddaddy of Mozilla) was the most popular
browser, and everything else was a distant second, guess which browser was
the main target of the bad guys?

Installing a browser because no one has gotten around to exploiting its
security holes yet, and expecting everything to stay that way, is just
nonsense. You have to take the same level of precautions with Mozilla
Firebird as you do with any other browser, or you are asking for trouble.
 
I tried that test with Mozilla FB, says that I have popups blocked even
though I disabled the popup blocker that comes with it. Could it be
Firebird is SO secure that it wont even let me run a browser security
test?! Awesome :)
Click to expand...

Now if we could just do something about all the websites written for
IE... :(

Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
 
Tom said:
I tried the above test with Mozilla Firebird 0.7 and Microsoft
Internet Explorer 6, both with their default settings, both running on
Windows XP.

Here are the results:

Firebird
--------

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

IE
--

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 7
Medium Risk Vulnerabilities 6
Low Risk Vulnerabilities 1

Also note that, while the IE test was running, my computer lagged
noticably, something that didn't happen with the Firebird test.




Regards
Click to expand...
My copy of Mozilla 1.5 also scored perfect, but I had to enable pop-up
windows first. Ironic, isn't it? What's up with the "long page" with
40,000 lines?
 
Tom said:
I tried the above test with Mozilla Firebird 0.7 and Microsoft
Internet Explorer 6, both with their default settings, both running on
Windows XP.

Here are the results:

Firebird
--------

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

IE
--

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 7
Medium Risk Vulnerabilities 6
Low Risk Vulnerabilities 1

Also note that, while the IE test was running, my computer lagged
noticably, something that didn't happen with the Firebird test.




Regards
Click to expand...
My copy of IE 6 also came through with flying colors. I had to disable
Earthlink Pop-Up blocker to run the test.
 
[Snip]
IE
--

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 7
Medium Risk Vulnerabilities 6
Low Risk Vulnerabilities 1

Also note that, while the IE test was running, my computer lagged
noticably, something that didn't happen with the Firebird test.
Click to expand...

Looks to me like you need to do some patching... Running the test on my
fully patched Windows 2000/IE 6 system garnered the following results:

The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

I also didn't notice any performance lag while the test(s) where
running.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
 
Back in the day { [email protected]},


The open-source version of "security through obscurity" works no better than
the proprietary version. In fact, STO has never been a successful
strategy, since before browsers or even PCs existed.

The only constant is that ANY software has security vulnerabilities, and
eventually they will be discovered. Especially software that relies on
network access.

When Mosaic Netscape (the granddaddy of Mozilla) was the most popular
browser, and everything else was a distant second, guess which browser was
the main target of the bad guys?

Installing a browser because no one has gotten around to exploiting its
security holes yet, and expecting everything to stay that way, is just
nonsense. You have to take the same level of precautions with Mozilla
Firebird as you do with any other browser, or you are asking for trouble.
Click to expand...

Since you admit that STO is effective your post is
self-contradictory. And in this browser alternative context, there are
more good reasons than merely STO, as you put it. to recommend that
naive users abandon IE. Mozilla doesn't come with either Java or
Activex. A user would have to have a good reason (a special use for
it) to download and install Java. And a user would be downright nuts
to download the activex plugin for Moz. But the effective result is
that at least the raw download of Moz doesn't shove these things down
your nose ... and many naive users will remain completely free and
ignorant of them. That is a very Good Thing!

So primarily it's a matter of Java Script vulnerabilities which are
not going completely unfound and and unfixed along the way. The best
bet is to keep current ... stay up with the latest Moz versions. If
you're paranoid, disable Java Script until you need it at a trusted
site. But the odds are for the time being that you'll never have a
problem leaving it enabled all the time. Because of STO :) STO is a
Good Thing!

No, you don't have to take the same level of precautions with Moz
based browsers as you do with IE. Not by a long shot. And if the
developers are as security conscious as I think they are, maybe there
never will come a time when you have to be paranoid with the Moz
browsers as you most definitely must be with IE.


Art
http://www.epix.net/~artnpeg
 
Back
Top