It is ok for a home user on WinXP to set IE6's Security Settings to
'Medium'.
Are there any malware exploits, malicious websites, etc which might
cause my PC damage on that setting?
There is a very good explanation of how you should have your internet
security settings configured available from Microsoft - I'll post the
link at the bottom.
Here is what I tell clients when asked about IE Security:
In the last month we've seen a large number of customers and friends
that have home computers that are constantly getting pop-ups and other
nasties. The easiest way to clean a machine is to download SpyBot Search
and Destroy from
http://www.safer-networking.org/index.php?page=download
and the update and run it several times (about half-way down the page).
Once you get your machine cleaned, you can make the following changes to
your Internet Explorer settings to help keep web sites from installing
bad things on your computers.
There are a couple simple things that you can do if you are using IE,
they make browsing a little more of a challenge, but they make it more
secure and still provide full ability on sites you trust:
1) Open IE, select TOOLS, Internet Options
2) Select Security TAB
3) Select "Internet" globe
4) Click DEFAULT LEVEL, then SELECT HIGH
5) Select "Custom Level"
6) Select "Scripting - Active Scripting - Prompt"
7) Click OK
8) Select "Trusted Sites Check Mark Circle"
9) Select "SITES", uncheck "Require Server Verification" - you will be
adding the normal and secure sites in here that you trust, if you don't
uncheck this you can't enter non-secure sites in this list.
10) Type "
http://v4.windowsupdate.microsoft.com" in the ADD box and
click ADD
11) Type "
http://Windowsupdate.microsoft.com" in the ADD box and click
ADD, click OK to close window
12) Click "Default Level" then change to "Medium".
13) Select "Privacy" tab, set to MEDIUM HIGH
14) Select "General" tab, select "Temporary Internet Files - Settings"
15) Select "Every visit to the page"
16) Select 20MB for the temp internet files size, click OK
17) Select "Advanced" Tab
18) Uncheck both "Enable Install On Demand" items
19) Uncheck "Enable third-party browser extensions"
20) Uncheck "Play Animations, sounds, videos in web pages"
21) Select/Check "Empty Temporary Internet file folder..."
22) Click OK to close the settings window
Now, when you browse to a site you want to trust, it may not work, you
are going to have to ADD the site to the TRUSTED SITES in the OPTIONS /
SECURITY tab. This can be a real pain, but it can save your butt when it
comes to sites that can compromise your system.
You will find that after the first week that you are not adding sites to
the list any more and that you're experience is a lot nicer, less pop-
ups, and less chance for something to hack your browser.
Don't forget, you should only ADD TRUSTED SITES to the list. Even if you
make a mistake, we set the TRUSTED SITES to MEDIUM in stead of it's
default LOW, but you really want to limit the ones you add to verifiable
commercial quality sites.
The Microsoft version of this suggestion is at:
http://www.microsoft.com/security/incident/settings.mspx
If I were you, I would download and install Mozilla Firefox 0.9.2 from:
http://www.mozilla.org/download.html
I use Mozilla on almost every web site, except MS Outlook Web Access
sites, and it's a very capable browser, even works at my online bank.
Good Luck,
Mark
