• Computer Purchases
• Policies
• FAQ's
• Help Request
• PC Health Checks
• Staff

How do I configure my Internet Explorer (IE) security settings to minimize my risk of infection when I surf the web?

To protect your computer while you're browsing the Internet with Internet Explorer, it is important that you set your IE security settings to as high a level as possible. How high those settings should be will be determined by how you use the Internet -- a security setting that is too low can put your computer at risk but a setting that is too high may prevent you from accessing sites you want to use. These instructions explain how to configure security settings for IE 6.0. They may differ somewhat based on the version of IE that you have.

Internet Explorer Security Zones

To help you control security, IE has defined four "zones" that websites might fall into. These are:

• Internet Zone
• Local Intranet -- Can contain a list of websites that are on your local intranet
• Trusted Sites -- Can contain a list of websites that you trust not to cause harm to your computer.
• Restricted Sites -- Can contain a list of websites that could harm your computer or damage your data.

By default, IE places all websites in the Internet Zone and sets the security level for that zone to "Medium." This protects your computer from content IE determines to be potentially unsafe while still giving you good browsing functionality.

While you could change the security level of the Internet zone to provide more or less security, your changes would affect ALL other sites in that zone, and thus might not be appropriate. Microsoft instead recommends that you control your security settings by adding sites requiring more or less security to one of the other IE zones.

For example, websites that you KNOW won't contain content that could damage your computer could be added to the Trusted Sites zone . The default security setting for the Trusted Sites zone is "low" meaning you would not be asked to confirm any content that you obtain from that site. Some examples of trusted sites might be online banking or bill payment sites. You can recognize sites you've added to Trusted Sites by the green check icon in the lower right hand corner of the IE status bar.

Likewise, if there are sites that you know or suspect might contain damaging content, you can add these to the Restricted Sites zone. For example, you might want to restrict servers that use tracking cookies to track your movements as you surf the web. These sites will then be subjected to the highest security level and will be indicated by the red minus icon in the lower right hand corner of the IE status bar.

To add a site to an IE zone:

1. From the IE toolbar, click "Tools" then "Internet Options."
2. Click the "Security Tab."
3. Select the zone to which you'd like to add a site (for example, select the "Trusted Sites" zone).
4. Click the "Sites" button.
5. Type the name of the site you'd like to add to that zone then click the "Add" button.
   
   
   
   Note that if you're adding sites to the restricted zone, the "Require server verification..." box is checked by default. Microsoft recommends that you only add sites that use a secure connection (https:) to the trusted zone. If for some reason you want to add a site that doesn't use https, you must uncheck the box -- just be SURE the site you're adding can be trusted.
6. Click "Ok" to add the site.

Changing IE Zone Security

For the most part, the default settings for each of the IE zones should be adequate. However, you can make changes to the security settings for any zone -- just be sure you understand the consequences of your changes! To make changes to the security settings for an IE zone:

1. From the IE toolbar, click "Tools" then "Internet Options."
2. Click the "Security" tab.
3. Choose the zone whose security settings you'd like to change.
4. Click the "Custom Level" button.
5. You'll notice a number of security settings you can configure, each with three options:
   • Disable -- This action will always be blocked.
   • Enable -- This action will always be allowed.
   • Prompt -- You will always be asked whether IE should allow this action.
6. Locate the security setting you'd like to change and choose the value for that setting.
   
   
   
   In the image shown here, the security setting for "Script ActiveX controls marked safe for scripting" has been set to "prompt" -- this means that IE will now ask for permission to execute these types of controls. Remember; it will be up to you to evaluate whether or not you should allow IE to execute the scripting!!!
7. When you've made the desired changes, click "Ok" to close the dialog box.

If you change your mind about the security settings you've given to any of the IE zones, you can set them back to the default values:

1. From the IE menu, choose "Tools" then "Internet Options."
2. Click the "Security" tab.
3. Select zone you want to change.
4. If you've changed the security level, the "Default Level" button will be enabled. Click it to restore the security settings. Note that this does not affect the list of sites you've added to any zone.
   
   

To provide the highest level of protection for your computer, Computer Services recommends you set the security options for "Script ActiveX controls marked safe for scripting” and "Active Scripting" in the Internet zone to "Disable" or "Prompt." Be aware that these settings can be restrictive and may affect your ability to view certain websites.

Web Cookies

First, what is a "cookie?"

Cookies are small files that websites have your browser store on your computer. They are used in a number of ways, primarily to allow a website to "remember" you from one visit to the next. For instance, a website might require that you register and logon to access certain services. These sites can set a cooking on your computer so the next time you open that site from that computer you'll be automatically logged on.

In general cookies are harmless. They can't store information that you don't provide to a website, and legitimate sites don't retrieve cookies they haven't set. However, some sites use cookies in ways that aren't so harmless, for instance to track your movements as you surf the web. If you're concerned about allowing cookies on your computer, you can change IE's default privacy settings for the Internet zone (these settings do not apply to the remaining IE zones):

1. From the IE menu, click "Tools" then "Internet Options."
2. Click the "Privacy" tab.
3. The default privacy level is "Medium." This means that some "third-party" cookies -- those placed on your computer by a website other than the one you're visiting -- will be blocked and that cookies which use personally identifiable information will be restricted. These actions are handled automatically by IE, and don't require any intervention on your part.
4. To override automatic cookie handling, click the "Advanced" button.
5. Check the box to "Override automatic cookie handling." Check the box to "Always allow session cookies," "Accept" first-party cookies, and "Prompt" about how to handle third-party cookies.
   
   
   
   If a third party site tries to set a cookie on your computer, you'll be notified by IE and you'll have the option to decide whether or not to allow that cookie.
6. Click "Ok" to accept your changes.

Computer Services recommends you override automatic cookie handling, configuring your browser as shown in the image above.

Remember that if you set your privacy settings too high or if you tell IE to override automatic cookie handling, some sites might not function properly, if at all. If you need to restore your privacy settings to the default:

1. From the IE menu, choose "Tools" then "Internet Options."
2. Select the "Privacy" tab.
3. If you have made changes to the privacy settings, the "Default" button will be enabled. Click it to restore the default IE privacy settings.
   
   
   
4. Click "Ok" to apply your changes.

If the default cooking handling rules are acceptable for most sites, but you have some exceptions, you can override automatic cooking handling for those sites:

1. From the IE menu, click "Tools" then "Internet Options."
2. Select the "Privacy" tab.
3. Click the "Edit" button at the bottom of this tab.
4. Enter the website, then click "Allow" or "Block." Remember these settings apply to all cookies from the website you've entered.
   
   
   
5. Click "Ok" to accept your changes.

Deleting Cookies

You can remove all cookies from your computer.

1. From the IE menu, choose "Tools" then "Internet Options."
2. Select the "General" tab.
3. Click the button labeled "Delete Cookies." You'll be prompted to confirm the delete.
   
   
   
4. Click "Ok" to close the dialog box.

Remember, if a website uses cookies to remember custom settings, deleting cookies will remove all these settings.

 

To learn more see:

• Working with Internet Explorer 6 Security Settings
• Help Safeguard Your Privacy on the Web