Internet Explorer 7 Desktop Security Guide Enhancing Internet Explorer Security for Desktop Users
Total Page:16
File Type:pdf, Size:1020Kb
Internet Explorer 7 Desktop Security Guide Enhancing Internet Explorer Security for Desktop Users Published July 2007 For the latest information, see http://www.microsoft.com/ie Version 2.0 Copyright © 2007 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below. If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user’s particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious. Microsoft, Windows, ActiveX, Authenticode, Excel, Internet Explorer, MSDN, Outlook, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them. Contents Executive Summary ........................................................................................................................................ 1 Introduction: Increasing Browser Security ....................................................................................................... 2 Managing Internet Explorer 7 .......................................................................................................................... 2 Security Zones ................................................................................................................................................ 3 Modifying Zone Settings in Internet Explorer 7 ........................................................................................... 4 Zone Determination .................................................................................................................................... 4 Changes to the Security Zone Model in Internet Explorer 7 ....................................................................... 5 Other Security Settings .............................................................................................................................. 5 New Security Features in Internet Explorer 7.................................................................................................. 5 Internet Explorer Protected Mode .............................................................................................................. 6 ActiveX Opt-in ............................................................................................................................................ 6 Cross-Domain Scripting Attack Protection ................................................................................................. 6 Security Status Bar .................................................................................................................................... 6 Phishing Filter ............................................................................................................................................ 7 Recommendations for Increased Security ...................................................................................................... 8 Zone Security Recommendations .............................................................................................................. 8 Enable Zone Elevation Protection ......................................................................................................... 8 Do not allow users to add/delete sites from Security Zones .................................................................. 9 Do not allow users to change policies for Security Zones ..................................................................... 9 Do Not Configure Security Zones: Use Only Machine Settings ............................................................. 9 Certificate Security Recommendations .....................................................................................................10 Prevent users from navigating to sites that have certificate errors .......................................................10 Active Content Security Recommendations ..............................................................................................10 Restrict ActiveX Install ..........................................................................................................................11 Add ActiveX controls and plug-ins to pre-approved list ........................................................................11 Disable active scripting in response to specific threats.........................................................................11 Enable Scripted Window Security Restrictions .....................................................................................12 Reducing Application Privilege Recommendations ...................................................................................12 Turn on Protected Mode in Windows Vista ...........................................................................................12 Use DropMyRights with Windows XP ...................................................................................................13 Privacy Settings Recommendations ..........................................................................................................13 Set the Privacy Slider to at least Medium .............................................................................................14 Empty Temporary Internet Files folder when browser is closed ...........................................................14 Set Form AutoComplete options to Disabled ........................................................................................15 Configure Logon options for each Security Zone .................................................................................15 Enable the Phishing Filter .....................................................................................................................16 Other Security Settings Recommendations ...............................................................................................18 Do not save encrypted pages to disk....................................................................................................18 Disable Automatic Install of Internet Explorer components ..................................................................18 Disable Periodic Check for Internet Explorer software updates ............................................................19 Disable software update shell notifications on program launch ............................................................19 Make proxy settings per machine (rather than per user) ......................................................................19 Turn off Crash Detection ......................................................................................................................20 Restrict File Download ..........................................................................................................................20 Disable Allow File Downloads for Restricted Sites Zone ......................................................................20 Enable Data Execution Prevention .......................................................................................................20 Do not allow users to enable or disable add-ons ..................................................................................21