Home » Data Protection » Application Security

In Depth

10 IE Browser Settings for Safer Surfing

Here are 10 essential security settings from Zscaler Senior Security Engineer Jeff Forristal, plus tips from other experts

By Bill Brenner, Senior Editor

Page 3

Downside: No obvious negatives.

6. Disable SSL 2.0 support
Tools/Internet Options/Advanced tab/Use SSL 2.0: unchecked.
SSL2 has been long declared insecure and not suitable for use by the regulators of financial institutions, Forristal noted. Any website in the world that only supports SSL2 and nothing newer (SSL3, TLS) is either up to no good or probably so old that it's full of vulnerabilities, making it prone to being compromised by a hacker and thus up to no good anyways.

Downside: No obvious negatives.

7. Enable TLS support
Tools/Internet Options/Advanced tab/Use TLS 1.0: checked.
TLS is the evolution of SSL, offering more security enhancements and extensions than SSL3. Its use is warranted, and thus this feature should be enabled.

Downside: No obvious negatives.

8. Disable searching from the URL bar
Tools/Internet Options/Advanced Tab/Search from the address bar: Do not search from the address bar.
Forristal personally doesn't like the idea of every cut and paste error, typo, and other items entered into the URL bar to be automatically sent off to search engines as search terms. There is the possibility of an information disclosure situation happening. Hence this suggestion.

Downside: No obvious negatives.

9. Disable unnecessary add-ons
Tools/Internet Options/Programs tab/Manage Add-ons button.
There are a lot of third-party tools that hook themselves into your browser. Each one technically is a way for an attacker to potentially hack you, and as such, you want to disable as many of them as possible, Forristal said.

Downside: Unfortunately it's not always obvious what should be left alone and what should be disabled, Forristal said.

But users should peruse the list to see if anything jumps out as something no longer needed. For example, he asked, "Do you no longer use Skype after giving it a try a few months ago? Then you can safely disable the Skype browser add-on.

10. Uninstall old Java installations
[Vista] Start Menu/Control Panel/Programs and Features.
For some strange reason, new versions of Java sometimes install completely new versions rather than upgrade the old versions. This can be problematic because an attacker can still potentially utilize the old versions, and those could harbor security flaws fixed in the newer versions. So Forristal suggests checking your installed applications list, scrolling down to 'Java' and keeping the highest listed version number while removing the rest. "While you're in there, it's also a good time to browse the list and remove anything else you don't use anymore -- again, less attack surface overall," he said.

Downside: No obvious negatives.

"Most of the options above, with the exception of uninstalling old Java versions, can safely be undone by just changing a checkbox or radio button value," Forristal said. "So it's OK to experiment and try these settings; if any give you a problem, just revert and things are back to normal."