Sure seems like you hear the words “IE Security Hole” a lot, doesn’t it? Now there’s yet another security hole, and a malicious website could use it to get access to your files—it’s not a good thing, but here’s some quick tips to protect yourself.
Note that these are all workarounds, and don’t solve the actual vulnerability. These tips are helpful for any IE security hole, though.
Make Sure You Have Protected Mode Enabled
As with most IE security holes, if you’re running Windows 7 or Vista, you should enable Protected Mode, which runs Internet Explorer in something similar to a sandbox—basically it protects you from malicious web pages a little more (though not completely).
Just head into the Internet Options –> Security tab, and click the checkbox.
Set ActiveX Controls to Always Prompt (or Disable Them)
If you just drag the slider in the screenshot above to High, you’ll have disabled ActiveX Controls from automatically running.
The unfortunate side effect of this is that you’ll be prompted more often when visiting sites that use ActiveX Controls. Microsoft recommends that you add sites that you really trust to your Trusted Sites list… you’ll probably have to uncheck that “Require https” checkbox at the bottom though.
To add a site to your Trusted Sites, click the Trusted Sites icon shown in the image above, and then click the Sites button, type in the website URL, and click the Add buttons. Clearly trust is a hard thing to earn…
Extra: Disable Unnecessary Plugins
Open up Tools –> Manage Add-ons from your IE menu, and then change the drop-down for “Show” to say “All add-ons”. This will then show you a list of all the current add-ons that are enabled, so we can start disabling stuff.
At this point you’ll have a massive list of add-ons, and you can start disabling them by clicking on them, and then clicking Disable. Important to note: Adobe Reader seems to have one security hole after another, and if you don’t really need Java you should get rid of it.
My general principle is to disable everything I don’t need (or just everything), and then only enable add-ons if I really need them. Bonus: Disabling add-ons is the quickest way to make IE run much faster.
Use Microsoft FixIt to Solve the Problem
One of the best things that Microsoft has come out with in the recent past is the “Fix it” feature on their support site—for many problems, you can simply launch a Microsoft-created utility that will solve your problem right there.
In this case, you can use Fix it to enable Network Protocol Lockdown. Just click the image below to head to the Microsoft site:
Use Microsoft Fix it to solve the Latest Security Hole
Read more information about the Latest Security Hole (as of February 4th, 2010)