To start us off I have a confession to make. I had originally planned to include information on how to secure the main web browsers in this blog. However during the course writing of this article it transpired that I had underestimated just how much information I was going to need to shoe horn into a blog post. As a result the previously planned 2 part series on safe web browsing has grown into a 3 part series! You can’t say we don’t keep you well informed!
In the last blog post we discussed general tips and tricks on how to secure your computer against various nasties floating around the internet. This week’s post will focus on how you can help secure Internet Explorer to ensure you have a safe web browsing experience.
Not all browsers are born equally! Generally speaking web browsers are split into two groups: Internet Explorer and Other Browsers. The main reason for this distinction is that Internet Explorer uses a piece of software called ActiveX to deliver content within certain web pages. In the group of Other Browsers are programmes such as Chrome, Firefox, Safari, and Opera to name a few of the larger ones. It is worth noting that only Internet Explorer is able to leverage Active X technologies – so you might well find yourself forced into using IE to view certain content within websites. Therefore even if you don’t use IE as your main browser then I would still recommend you follow these steps to ensure a safe web browsing experience, in case you find yourself forced into using it.
Currently the different versions of IE are IE8, 9, and 10. IE8 is as good as your going to get on XP. Unfortunately IE8 is starting to show signs of age and you will likely start to come across compatibility issues (e.g. websites not working), performance issues (e.g. websites taking a long time to load), and security problems. Any of the other browsers will do a better job than IE8. This is yet another reason to move away from Windows XP. IE9 is the current version available to Windows Vista users and IE10 is available to Windows 7 and 8 users. For the sake of this article we’ll assume you are using IE10. Though as a general rule of thumb you will find the menus of IE9 the same, and the information is still relevant.
One way of looking at the internet is to divvy it up into two zones. One zone we know and trust, websites that we visit often are likely to fall into this category. We will call this zone A for the sake of clarity (otherwise I can see us getting into known unknowns and all that rubbish). The other zone we don’t know, and don’t know if we can trust websites in that zone. This zone I shall rather originally call zone B (bet you didn’t see that coming!). Not treating these zone differently is what leads to problems occurring. Something that highlights this well is if we consider a very common situation where you might be following links from zone A and end up in zone B. As we don’t know what is in zone B we might open ourselves up to attack from this website.
With that in mind our first step is to configure two security profiles for zones A and B. Start off by left clicking on the cog/gear in the top right hand corner of the IE10 window (or Alt + X) and then select Internet Options from the drop down menu. From this window select the Security tab. Zone B is the zone called Internet in this window and is the first zone we are going to configure. Click on Internet, the slider bar below is where you are able to change the security level for the zone. Medium-high should be the value that you see before you, if you don’t change it to that. Also ensure that there is a check in the box next to “Enable Protected Mode”. Click on custom level. We are now going to change the following settings:
1) Set “Run components not signed with Authenticode” to prompt
2) Set “Automatic prompting for ActiveX controls” to enable
3) Set “Script ActiveX control marked safe for scripting” to prompt
4) Set “Submit non-encrypted form data” to prompt
5) Set “Scripting of Java applets” to prompt
Finally click on the advanced tab and scroll down to the security section (which is at the bottom) and ensure that there is a check in the box next to “Enable Enhanced Protection Mode”. All of these settings will mean that you will be quite aware when a website is trying to interact with your computer. Now it might be quite legitimate interaction; but that is what we want to limit in this zone, the chance for interaction from unknown websites. This type of interaction should only be happening in our trusted zone or zone A.
Now that we’ve locked everyone out it’s now time to allow a few people in! To use as an example go to www.bbc.co.uk before proceeding with the next steps. Now get into the security tab of internet options. From there highlight “Trusted sites” this is zone A that we trust. Ensure that slider is set to medium and that the box next to Enable Protected Mode is unchecked. Because of the reasonably stringent settings we have put in place on the rest of the internet you are going to want to add sites that you know and love to this zone. Click on the sites button. In the window that pops up you should now see the address of the website you are viewing (which should be http://www.bbc.co.uk). Delete the “http://www” section from the address and replace it with an asterisk. The address should now read *.bbc.co.uk. Remove the check from the box that reads “Require server verification (https:) for all sites in this zone” and then click the Add button. The BBC website will now exist in our trusted zone (zone A) and thus will have be allowed to interact with your computer without having to ask for permission to do so. This is a manual task that you will need to repeat with all the websites you want to add to your zone A. Based on the growing attacks on web browsers it is worth it in the long run. A final word to the wise though, don’t add any old site to this list. Once the site is on the list it operates in a considerably less secure zone.
That is it for this week. Stay tuned for the final edition of Safe Web Browsing in a fortnights time.