Site menu:


Home > TechFiles


How to surf the Internet more safely with Internet Explorer

A HelpWithWindows TechFile

By: Arie Slob

• October 10, 2003 •


It seems that week after week more vulnerabilities are found in Internet Explorer, so how can you stay ahead of the curve?

Now most security breaches are related to ActiveX, Java and Scripting.

Note: All settings here apply to the latest version of Internet Explorer, namely Internet Explorer 6 Service Pack 1

If you have upgraded to Service Pack 2 for Windows XP, use this article instead.

Internet Explorer's Content Zone's


Internet Explorer offers a good mechanism to customize your security, with the Content zones. You can access the settings by selecting Tools > Internet Options from the Internet Explorer menu, and choosing the Security tab.

You will see that Internet Explorer lets you set different levels of security for 4 different types of sites: Internet, Local intranet, Trusted sites and Restricted sites.

Without any further action, the default security for sites on the Internet will be the Internet zone. By default, this is set to Medium security. I just want to highlight some of the settings which will be in effect:

  • ActiveX controls and plug-ins
    • Download signed ActiveX controls: Prompt
    • Run ActiveX controls and plug-ins: Enable
    • Script ActiveX controls marked safe for scripting: Enable
  • Downloads
    • Font Download: Enable
  • Microsoft VM
    • Java permissions: High safety
  • Miscellaneous
    • Allow META REFRESH: Enable
    • Display mixed content: Prompt
    • Drag and drop or copy and paste files: Prompt
    • Installation of desktop items: Prompt
    • Launching programs and files in an IFRAME: Prompt
    • Navigate sub-frames across different domains: Enable
    • Software channel permissions: Medium Safety
    • Userdata persistence: Enable
  • Scripting
    • Active scripting: Enable
    • Allow paste operations via script: Enable
    • Scripting of Java applets: Enable
  • User Authentication: Automatic logon only in Intranet zone

So we'll make some changes to make the Internet zone more secure by pressing the Custom Level button, and changing the following settings:

  • ActiveX controls and plug-ins
    • Download signed ActiveX controls: Disable
    • Run ActiveX controls and plug-ins: Disable
    • Script ActiveX controls marked safe for scripting: Disable
  • Downloads
    • Font Download: Disable
  • Microsoft VM
    • Java permissions: Disable Java
  • Miscellaneous
    • Allow META REFRESH: Disable
    • Display mixed content: Disable
    • Drag and drop or copy and paste files: Disable
    • Installation of desktop items: Disable
    • Launching programs and files in an IFRAME: Disable
    • Navigate sub-frames across different domains: Disable
    • Software channel permissions: High Safety
    • Userdata persistence: Disable
  • Scripting
    • Active scripting: Disable
    • Allow paste operations via script: Disable
    • Scripting of Java applets: Disable
  • User Authentication: Automatic logon with current username and password

Now this will have some impact on Web sites you visit. If you want to be able to run ActiveX or Scripting on certain Web sites, just add them to the Trusted sites zone. You can add Web sites by selecting the Trusted sites icon, and pressing the Sites button. Note that by default, you can only add secure sites here (sites using https), just uncheck the Require server verification (https:) for all sites in this zone, and you can add any site.

Microsoft has a handy tool that will add a menu choice Add to Trusted Zone and Add to Restricted Zone to the Tools menu in Internet Explorer. You can download this tool from the Microsoft Web site [127 KB]. It is called Internet Explorer 5 Power Tweaks Web Accessory, but it works fine on Internet Explorer 6.

By default, the security setting for Trusted sites is set to Low. Using the most critical settings as mentioned above, these are now set at:

  • ActiveX controls and plug-ins
    • Download signed ActiveX controls: Enable
    • Run ActiveX controls and plug-ins: Prompt
    • Script ActiveX controls marked safe for scripting: Enable
  • Downloads
    • Font Download: Enable
  • Microsoft VM
    • Java permissions: Low Safety
  • Miscellaneous
    • Allow META REFRESH: Enable
    • Display mixed content: Prompt
    • Drag and drop or copy and paste files: Enable
    • Installation of desktop items: Enable
    • Launching programs and files in an IFRAME: Enable
    • Navigate sub-frames across different domains: Enable
    • Software channel permissions: Low Safety
    • Userdata persistence: Enable
  • Scripting
    • Active scripting: Enable
    • Allow paste operations via script: Enable
    • Scripting of Java applets: Enable
  • User Authentication: Automatic logon with current username and password

The changes above won't guarantee you will never have a problem, but they will certainly make it a whole lot less likely. Keep your anti-virus software up-to-date, make sure you have all the latest Windows updates, and make it a practice never to open unknown email attachments.

Also read the TechFile How to Secure your E-mail against certain viruses.

Give your comments on this article.

Last Updated: October 10, 2003