Tools/Internet Options/Security tab/Internet zone/Custom Level/(various). Disable prompting if you are prone to just clicking "yes" Sending "c:\Users\jforristal\Pictures\blog.gif" exposes my username "jforristal," he noted.Ĥ. This results in a mild privacy concern because the file path can include identifying information such as your computer's login account name. Whenever you upload a file to a Web server (such as an image to your blog or Flickr account), the browser has the choice of sending just the file name or the entire file path, even though the website only needs the file name, Forristal said. Tools/Internet Options/Security tab/Internet zone/Custom Level/Include local file directory path when uploading files to a server: disable. Disable inclusion of local file directory path when uploading files to a server If you don't tend to browse websites outside your normal language, then you really don't need this.ĭownside: It might make some Web pages slightly less pretty, but Forristal said they will still be usable.ģ. This is, however, just another file format and attack vector that could harbor unknown/undiscovered vulnerabilities, Forristal said.
#Browser settings install#
Websites can offer to have your browser install an appropriate font file in order to display international characters correctly when viewing a Web page. Tools/Internet Options/Security tab/Internet zone/Custom Level/Font download: disable. Tools/Internet Options/Security tab/Internet zone/Custom Level/XPS Documents: disable.ĭownside: This can affect simple XPS document viewing, but you can get a standalone XPS viewer from MS that doesn't require IE, he said. Attackers have been having a field day exploiting image/document formats and parsers, so the fewer formats your browser supports, the better. XPS documents are a new image format that was introduced in Vista, Forristal said. Here's a list of 10 provided by Jeff Forristal, a senior security engineer with cloud security vendor Zscaler: In addition to these measures, CSOonline went in search of 10 essential security settings to make an online ride on the IE bandwagon safer. If you do get something via drive-by it won't get out to do damage," he said. "When the session is over, you can delete everything associated with it safely. Thomas Evans, a Cleveland-based network security administrator, suggested installing Sandbox for IE, which allows users to run any program in a "sandbox" and confine any damage done to the sandbox and virtual registry. He also monitors internal and outgoing connections like a hawk for any unusual activity. Mendlik chooses to lock down IE with group policies, stay on top of new patches and deploy content filtering on a proxy/firewall with real-time blacklists. Those who have no choice but to use IE have turned to a number of coping mechanisms. At CSOonline and other media outlets, for example, the programs used to post content online tend to be allergic to non-IE browsers. Besides the tight integration with Windows, there's the simple reality that some business applications will only work when used in IE.
"We aren't going to be able to get away from IE in the corporate world anytime soon," said Christopher Mendlik, a threat analyst at Wachovia.
#Browser settings windows#
The obvious reason is that IE is so tightly integrated into the Windows operating system, though some industry voices have called on Microsoft to divorce it from the OS. When one wakes up from an evening of online adventuring on one of the alternative browsers, the painful reality is that they will never be able to get away from IE completely. īut the intoxication security pros find in Firefox and the other alternatives comes with a big hangover. Most have turned to alternative browsers, especially Firefox.
#Browser settings full#
Ask a room full of security practitioners for a list of security settings that'll make Internet Explorer (IE) safe to use and you'll either hear laughter or advice to get a new browser like Mozilla Firefox, Opera, Safari or Google Chrome.Įven as Microsoft has worked diligently to improve security in its troubled browser, especially in IE7 and the newly-released IE8, security pros simply don't trust it.