7 things you can do to make Internet Explorer more secure
By Eric Geier
How well Internet Explorer—or any Web browser, for that matter—protects against attacks and malware greatly depends on whether you keep it up to date and have the right security settings. Here’s how to take the proper security measures with Internet Explorer 9 and 10.
Upgrade to the latest version of IE
Although switching to a new version of your browser can take some getting used to—what with its various interface and feature changes—new security features are often worth the annoyance. So it’s a good idea to upgrade to newer versions when available.
IE 10 is the latest version, and it comes bundled with Windows 8. Microsoft also offers IE 10 for those running Windows 7 with Service Pack 1 installed. But if you’re running Windows Vista, you’re stuck with using IE 9.
To determine whether the latest possible version of IE is installed, open IE, press the Alt key, open the Help menu, and then select About Internet Explorer.
If needed, you can download IE 10 for Windows 7 or IE 9 for Windows Vista.
Download IE updates
No matter which version of Windows or IE you’re running, you should have all the latest IE updates installed. These updates typically patch known security holes and vulnerabilities. Open IE, press the Alt key, select the Tools menu, and then select Windows Update. If you’re using Windows 8, open IE in the desktop interface.
In the Windows Update window that follows, click Check for Updates, and install IE or other updates. To ensure you stay up-to-date in the future, consider having updates installed automatically.
Check for add-on updates
Many browser attacks exploit security vulnerabilities that affect popular add-ons like Adobe Flash Player or Java, so you should install updates for those as soon as you get the update nag message. Also consider periodically running a scan with free tools like Qualys BrowserCheck or Secunia Personal Software Inspector (PSI) to make doubly sure that you haven’t missed any updates.
Verify or adjust security levels
IE lets you set custom security settings for different zones: Internet, Local Intranet, Trusted Sites, and Restricted Sites. When you visit a website, IE automatically classifies it as in the Internet zone. The exceptions are websites hosted by your local network (say, a site set up for use on your company’s network)—then it’s Local Intranet—or sites that you’ve added to the Trusted or Restricted lists beforehand. You can set each zone to a predefined security level and customize the settings as well.
Though IE sets each zone to an acceptable level by default, you may want to double-check your settings for each zone and even turn them up for greater protection. Open IE, press the key, select the Tools menu, and click Internet Options. If you’re using Windows 8, open IE from the traditional desktop interface to get at these options.
From the Internet Options window, select the Security tab: you’ll then see icons for each security zone, which you can click to change their security level. The Internet zone is set to Medium-high by default, Local Intranet is Medium-low, Trusted Sites is Medium, and Restricted Sites is High. In addition, the Internet and Restricted Sites zones both have Protected Mode enabled (which alerts you when webpages try to install or run programs).
I recommend that you use these default levels. If you change security levels for the various zones, you can always return them to their default settings by clicking Reset all zones to default level.
Use SmartScreen Filtering
In IE 8, Microsoft added the SmartScreen filter, which helps block dangerous websites and downloads. It’s enabled by default (if you selected the recommended security settings when you first ran IE), but you should double-check to see if you still have SmartScreen Filtering turned on. Open IE, press the Alt key, open the Tools menu, and select SmartScreen Filter. If you see Turn On SmartScreen Filter, click it.
Now, if you visit a possible phishing or malware-infested site, or if you download a suspicious file, you’ll get a warning message.
Enable ActiveX Filtering
The ActiveX filter in IE 9 and 10 blocks all ActiveX content on websites, but it allows you to run it selectively on sites you trust. Though some sites use ActiveX controls to display or run legitimate content (like animations, ads, Web-based programs, and download managers), some sites may try to run malicious ActiveX controls or content to infect your computer.
This is where ActiveX Filtering can help; however, this security feature is disabled by default. If you’d like the extra protection of this filtering feature, you can easily turn it on: Open IE, press the Alt key, open the Tools menu, and click ActiveX Filtering if it isn’t already checked.
Now when you visit a website with active content, you’ll be alerted that some content has been filtered or blocked. If you trust the site, you can click Turn off ActiveX Filtering to allow the content on that particular website.
Set up tracking protection
Tracking Protection, a feature present in IE 9 and 10, helps protect your online privacy and reduces annoyances from third-party content like advertisements. Combined with Tracking Protection Lists, it can block third-party content from appearing and prevent third-party tracking from content providers on the list.
By default, Tracking Protection Lists are turned off. To enable and configure them, open IE, press the Alt key, select the Tools menu, and click Tracking Protection. You should see the default list that’s generated automatically based on sites you visit, and you may choose to download additional lists. To use a list, select it, and click the Enable button.
Then, to choose how you want to block them, click the Settings button.
In IE 10, Microsoft added a Do Not Track setting—enabled by default—to Tracking Protection, which tells websites you visit that you prefer not to be tracked. Though websites are under no obligation to honor your request, stating your preference may reduce some tracking.
To adjust your Do Not Track settings, open IE from the desktop, press the Alt key, pop open the Tools menu, and click Internet Options. From there, select the Advanced tab, scroll down to the Security section, and confirm that the Always send Do Not Track header setting is checked.
Did we mention that you should update?
The fundamental step to keeping any browser secure is to update it regularly. Once you’ve made that a habit, you’ll also find that Internet Explorer has a solid set of built-in security features, as well as some privacy protections. The settings recommended here will do the trick for most situations, but they aren’t set in stone. The better you learn the security functions, the better you can adjust them to your own browsing habits.