10 Ways to Use Internet Explorer Safely
So what do you get from the collective wisdom of hackers bunched within the same area? Why, tips on safer computing of course! Software security engineer Jeff Forristal asked people during the last pwn2own what your average user can do to better protect Internet Explorer from hacker activities. Here’s what they came up with.
- Disable XPS Documents. Disable that new image format found in Vista. “Attackers have been having a field day exploiting image/document formats and parsers, so the fewer formats your browser supports, the better.”
- Disable Font Download. “If you don’t tend to browse websites outside your normal language, then you really don’t need this.”
- Disable inclusion of local file directory path when uploading files to a server. “This results in a mild privacy concern because the file path can include identifying information such as your computer’s login account name. Sending ‘c:\Users\jforristal\Pictures\blog.gif’ exposes [the] username ‘jforristal’.”
- Disable prompting if you are prone to just clicking “yes”. “If you are prone to always selecting ‘yes’ whenever a popup box is presented to you (note: not a good habit!), you can remove the temptation by simply switching all the ‘Prompt’ options to ‘Disable.’”
- Always prompt for username and password. “For home users and others using computers that are not in a business environment that uses Active Directory, there is no advantage to having auto-logon enabled since there is practically nothing you would want to auto-logon to out on the Internet, he said.” (Note: this doesn’t disable auto logon for your websites)
- Disable SSL 2.0 support. “SSL2 has been long declared insecure and not suitable for use by the regulators of financial institutions”.
- Enable TLS support. “TLS is the evolution of SSL, offering more security enhancements and extensions than SSL3. Its use is warranted, and thus this feature should be enabled.”
- Disable searching from the URL bar. “Forristal personally doesn’t like the idea of every cut and paste error, typo, and other items entered into the URL bar to be automatically sent off to search engines as search terms. There is the possibility of an information disclosure situation happening.”
- Disable unnecessary add-ons. “There are a lot of third-party tools that hook themselves into your browser. Each one technically is a way for an attacker to potentially hack you, and as such, you want to disable as many of them as possible.”
Uninstall old Java installations. “While you’re in there, it’s also a good time to browse the list and remove anything else you don’t use anymore — again, less attack surface overall”.
For details on how to do all that (some of them are only useful and work in Vista), go here.