The recent attacks on Google from China seem to have been caused by a vulnerability in Internet
Explorer.
This has led many fans of alternate browsers to tell everyone to dump IE. This may be a good idea, but
some people don't want to switch browsers, or worse, can't switch because their workplace won't let
them.
Whatever the case, here's how to make sure Internet Explorer is as safe as possible while surfing the
Net.
First, upgrade to Internet Explorer 8. Yes, the vulnerability that led to the Google hack still exists in IE
8, but IE 7 and IE 6 are even more insecure in other ways.
IE 8 automatically blocks some attempts at click-jacking and cross-site scripting attacks.
If your computer just can't handle IE 8, go ahead and use IE 7. However, be vigilant about following
these recommendations, especially the parts about patching and set your security settings to high.
Do not use IE 6. It is not secure, and it was the browser taken advantage of in the Google hack.
Now here are four things to make IE quite a bit more secure.
IE 8 enables Data Execution Prevention by default. To check that it's on (or turn it on in IE 7) go to
tools, select Internet options, then click the advanced tab. Scroll to the security section and make sure
"Enable memory protection to help mitigate online attacks is checked."
Next, don't be logged in as admin. Create a standard user account and log in to that one.
Go to the control panel in your start menu.
Click User accounts.
Click "Give other users access to this computer."
Press the add button.
Fill in the information and press next.
Choose "Standard User."
And press Finish.
Use this account 99 percent of the time. It will prevent you and any piece of malicious software you
encounter from downloading and installing programs, and changing system settings. YOU and you
alone, not malware, can override these restrictions by entering an administrator password. Never
enter that admin password unless you're absolutely sure WHY it's being asked for.
Next, set IE to the highest Internet security setting.
Go to tools, then select Internet options, then choose the security tab. Change the security level to
high. Make sure Enable protected mode is checked too.
If you find it too restrictive, don't lower it. Try customizing it. Press the Custom Level button" and
enable only the functions you know you need to have on constantly.
Finally, PATCH! As of this recording, Microsoft announced they will soon patch the hole targeted in the
Google attack.
Your best bet is to make updates automatic. Short of that, have updates automatically announced to
you, and don't put off installing them.
Go to the control panel in the start menu.
Click on System and Security.
Under Windows Update click, "Turn automatic updating on or off."
Under Important Updates, choose "Install updates automatically."
Press OK.
This won't make you bulletproof, but it will make IE a viable and much more secure browser.
That's it for this How-to. I'm Tom Merritt, CNET.com.
