1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Using Firefox instead of IE6 -- what high security settings should I set in IE6?

Discussion in 'Web & Email' started by bloomcounty, Feb 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. bloomcounty

    bloomcounty Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    112
    I'm using the newest version of Firefox and not using my IE6 at all.

    The only time I'd use it would be to do Windows Update. (I have an XP-SP2 laptop.)

    I thought I read it's good (or doesn't hurt) to set everything in IE to high security settings if you're not using it. (And I seem to recall there were some custom settings it was best to do...?)

    So I was wondering what those settings were and what the best way to set IE security is if I'm only using Firefox...?

    (I guess I'd need to change the settings each time I do Windows Update though, right? Then put them back to the high settings?)

    Thanks!
     
  2. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,889
    There are some recommended settings here on Eric Howe's website; http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm which I use on my IE6 SP1, but they aren't intended to cover SP2.

    If you have a look through the recommended settings and compare them with how your version of IE is currently set up, you may be able to adapt them. The most important thing seems to be to disable Active X, cross domain scripting and other potentially dangerous activities.

    I use Opera with Firefox as a backup, but still 'lock down' IE because I have read that components of IE, because they are shared with your OS, will always be running and open to attack, whether the browser is used or not. Sounds plausible to me and it's the most I can do because removing IE is difficult if not impossible.
     
  3. bloomcounty

    bloomcounty Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    112
    So how does that work with Windows Update? Will I have to change the settings every time I do that? Or should I somehow put it in the trusted sites part?
     
  4. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,889
    I think it is possible to put the Windows Update URL(s) into the Trusted Sites zone so that they would not be affected by the more restrictive settings you may put in place.

    That article I provided the link to has details of how to do it with 6SP1 versions. How useful it is will depend on whether SP2 has changed things much.

    When I used IE (for updates only!) I had a total of six URLs referring to MS update sites in my Trusted Sites Zone, including https ones, but had problems, probably due to other security restrictions I had in place!

    I have no idea what happens if you choose to have Automatic Updating enabled.
     
  5. bloomcounty

    bloomcounty Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    112
    I did this...

    * Open Internet Explorer
    * Go to Tools | Internet Options... | Security
    * Set the security level for all zones except trusted sites to high
    * Set the security level for trusted sites to medium
    * While the trusted sites zone is selected, click on the Sites... button
    * Uncheck Require server verification (https:) for all sites in this zone
    * Add:
    o http://*.update.microsoft.com
    o https://*.update.microsoft.com
    o http://download.windowsupdate.com

    ...so should I be good/safe?
     
  6. redoak

    redoak Gone but never forgotten

    Joined:
    Jun 24, 2004
    Messages:
    6,782
    I looked into this matter earlier today. If the security setting is put on "high" a connection to the download site will not be made. I had to put it at medium for all to go well. I had the three urls you listed in the trusted zone, too. We will have to "juggle" the security setting as needed.

    I don't use IE for regular browsing either, being devoted to "SeaMonkey," the successor to the old "Mozilla Suite."

    {redoak}
     
  7. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,889
    My settings differ from yours because I went into 'Custom Level' then 'Security Settings' and disabled specific features, as advised in the article I posted the link to. Because of the changes between SP1 and SP2, some of those features may not be in SP2 or may already be dealt with.

    As an example of what I am talking about, the features included 'Download signed ActiveX controls', 'Script ActiveX controls marked safe for scripting' etc, etc. and I disabled all those that had the disable option, except for the ones connected with d/l'ing files.

    As for the entries in the Trusted Sites Zone, I had all the ones you have plus some others, mostly http and https versions of the same URL, plus one for http//download.windowsupdate.com I have no idea if they were all needed and I was using the old version of the update software, v4. whereas XP uses v6 (I think) so the URLs you need could be very different.
     
  8. bloomcounty

    bloomcounty Thread Starter

    Joined:
    Jun 4, 2005
    Messages:
    112
    Why not just leave the security setting for trusted sites at Medium if the only sites listed are those for Windows Update? Is there a reason this wouldn't be safe?

    All those settings are marked as "disable" when you have it set to "High Security" in SP2, it seems. So no need to change anything manually in there...

    Related question: Do those Windows Update sites need to even be listed in the Trusted Sites tab if you just use Automatic Updates? (I have my Automatic Updates set to let me know when there is one, but not to download.) Is the Automatic Updater still using IE6 when it downloads updates, even though IE isn't open?
     
  9. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,889
    I really don't know the answers to the points you raise because I don't have XP. I'm not surprised that the high security setting appears to do what I did manually in 6 SP1. The key thing is that the 'dangerous' processes don't run without your knowledge.

    Obviously, I know nothing about Automatic Update but I'm sure you are right to only allow it to notify you, otherwise you will get IE 7!! Based on what I have read about the level of integration between IE and Windows, I have no doubt that IE is 'always on' regardless of whether it is open or not, so that is how XP communicates with the update site.

    After all, MS don't exactly encourage the use of other browsers on their websites (although I understand that there's an extension that is supposed to fool them into thinking Firefox is IE?).
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541475

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice