Happy Trails Computer Club

home > security > level 1  2  3  > settings   
Browser Security Settings

Browser settings are only one of the many groups of settings that are important for Internet security. Make sure you're using the right system and email client settings as well. I've provided instructions for Internet Explorer and Mozilla. If you're using another browser, you should do something similar.

Internet Explorer security settings

Friends don't let friends use Internet Explorer. They recommend something safer. Why? IE is tightly integrated with Windows itself and has lots of marginally useful, but powerful bells and whistles. The combination opens your computer up to all kinds of dirty tricks. You can tame IE though. If you insist on using IE for any but a few sites that you absolutely trust read on:

Tight Internet Explorer settings won't improve your security unless you respond appropriately to any "prompt" dialog boxes that pop up. For example, if the prompt asks if you want to allow an ActiveX control to run, decide if you completely trust the site before you click OK (usually you can view the site even if you don't.

Unfortunately, if you use these settings, you'll be bugged with a bunch of promts that ask if it's OK to run scripts. Some people take the risk and Enable active scripting. I normally use IE for just a few sites that won't work otherwise. I add these sites to my "Trusted Sites Zone" to stop the chatter. It's easy to do that "on the fly."

Access security settings in Internet Explorer by clicking Tools ("View" in earlier versions of IE) > Internet Options > Security (tab) > click the "Custom Level" button. Use the recommended settings listed below. (You may not find all these options, just set the ones you do have.)

  • Download signed ActiveX controls: Disable or Prompt
  • Download unsigned ActiveX controls: Disable or Prompt
  • Initialize amd script ActiveX controls not marked as safe: Disable or Prompt
  • Run ActiveX controls and plug-ins: Disable or Prompt
  • Script ActiveX controls marked safe for scripting: Disable or Prompt
  • Downloads: Enable
  • Font Download: Prompt
  • Access data sources across domains: Prompt
  • Allow META REFRESH: Enable
  • Display mixed content: Prompt
  • Don't prompt for client certificate selection...: Disable
  • Drag and drop or copy and paste files: Prompt
  • Installation of desktop items: Prompt
  • Allow cookies that are stored on your computer: Disable
  • Allow per-session cookies (not stored): Enable
  • Java permissions: High safety
  • Lauching programs and files in an IFRAME: Disable or Prompt
  • Navigate sub-frames across different domains: Disable or Prompt
  • Software channel permissions: High safety
  • Submit nonencripted form date: Disable or Prompt
  • Userdata persistance: Disable
  • Active scripting: Disable or Prompt
  • Allow paste operations via script: Disable or Prompt
  • Scripting of Java applets: Disable or Prompt
  • Logon: Automatic logon only in Intranet zone

Privacy settings

Privacy is totally different from security. Privacy is mostly controlled by cookie settings. Cookies are not a significant threat to security. Internet Explorer 6.0 does offer privacy (cookie) settings as well as security settings. To get there click Tools > Internet Options > Privacy. I have my privacy set to "Medium High". I'd recommend at least "Medium".

Mozilla security settings

Mozilla is cleaner and quite a bit faster than Internet Explorer. Tabbed browsing (window-in-window), excellent security, and superb popup blocking are it's other major advantages. Mozilla also remembers passwords [note] for you. Mozilla is a great browser, eh?

It's easier to set up Mozilla for good security, and it's better behaved than Internet Explorer. One reason is that Mozilla does not run ActiveX pluging. Here's my setup process for Mozilla security:

1. I've made Mozilla my default browser, because I don't want Internet Explorer to open without warning. The option to make it your default browser should be on the first page when you click Edit > Preferrences...

2. Continuing with Edit > Preferences > Privacy & Security (click the "+")

Images Accept images that come from the originating server only
Popup Windows Block unrequested popup windows
Passwords Remember passwords, but remember to never let Mozilla save sensitive paswords when you're asked.

3. Continuing with Edit > Preferences > Advanced > (click the "+")

Scripts & Plugins Uncheck the first 4 boxes


http://www.staff.uiuc.edu/~ehowes/btw/ie/ie-opts.htm The University of Illinois provides a mother-load of advice on privacy and securtiy settings for Internet Explorer.

http://www.langa.com/newsletters/2000/2000-09-07.htm#3 Fred Langa gives good advice on how to set your Internet settings under Make It Stop! (Comet Cursor And Its Ilk, That Is.)

http://www.microsoft.com/security/articles/settings.asp -- Microsoft checklist for security settings

http://www.techspot.com/tweaks/ie6/ -- an illustrated alternative checklist

"The way to develop self-confidence is to do the thing you fear." -- William Jennings Bryan
club stuff
   lost? > index
attack vectors
   web sites
   #  2  3
safe settings
   email client
safe practices
   file handling
defense tools
defense tests