7 things you can do to make Internet Explorer more secure

Still use Internet Explorer? There's no shame in that. But here are a few quick and easy steps you can take to stay safer as you browse.

How well Internet Explorer--or any Web browser, for that matter--protects against attacks and malware greatly depends on whether you keep it up to date and have the right security settings. Here's how to take the proper security measures with Internet Explorer 9 and 10.

Upgrade to the latest version of IE

Although switching to a new version of your browser can take some getting used to--what with its various interface and feature changes--new security features are often worth the annoyance. So it's a good idea to upgrade to newer versions when available.

IE 10 is the latest version, and it comes bundled with Windows 8. Microsoft also offers IE 10 for those running Windows 7 with Service Pack 1 installed. But if you're running Windows Vista, you're stuck with using IE 9.

To determine whether the latest possible version of IE is installed, open IE, press the key, open the Help menu, and then select About Internet Explorer.

If needed, you can download IE 10 for Windows 7 or IE 9 for Windows Vista.

Download IE updates

No matter which version of Windows or IE you're running, you should have all the latest IE updates installed. These updates typically patch known security holes and vulnerabilities. Open IE, press the  key, select the Tools menu, and then select Windows Update. If you're using Windows 8, open IE in the desktop interface.

In the Windows Update window that follows, click Check for Updates, and install IE or other updates. To ensure you stay up-to-date in the future, consider having updates installed automatically.

Check for add-on updates

Many browser attacks exploit security vulnerabilities that affect popular add-ons like Adobe Flash Player or Java, so you should install updates for those as soon as you get the update nag message. Also consider periodically running a scan with free tools like Qualys BrowserCheck or Secunia Personal Software Inspector (PSI) to make doubly sure that you haven't missed any updates.

Verify or adjust security levels

IE lets you set custom security settings for different zones: Internet, Local Intranet, Trusted Sites, and Restricted Sites. When you visit a website, IE automatically classifies it as in the Internet zone. The exceptions are websites hosted by your local network (say, a site set up for use on your company's network)--then it's Local Intranet--or sites that you've added to the Trusted or Restricted lists beforehand. You can set each zone to a predefined security level and customize the settings as well.

Though IE sets each zone to an acceptable level by default, you may want to double-check your settings for each zone and even turn them up for greater protection. Open IE, press the key, select the Tools menu, and click Internet Options. If you're using Windows 8, open IE from the traditional desktop interface to get at these options.

From the Internet Options window, select the Security tab: you'll then see icons for each security zone, which you can click to change their security level. The Internet zone is set to Medium-high by default, Local Intranet is Medium-low, Trusted Sites is Medium, and Restricted Sites is High. In addition, the Internet and Restricted Sites zones both have Protected Mode enabled (which alerts you when webpages try to install or run programs).

I recommend that you use these default levels. If you change security levels for the various zones, you can always return them to their default settings by clicking Reset all zones to default level.

Use SmartScreen Filtering

In IE 8, Microsoft added the SmartScreen filter, which helps block dangerous websites and downloads. It's enabled by default (if you selected the recommended security settings when you first ran IE), but you should double-check to see if you still have SmartScreen Filtering turned on. Open IE, press the key, open the Tools menu, and select SmartScreen Filter. If you see Turn On SmartScreen Filter, click it.

Now, if you visit a possible phishing or malware-infested site, or if you download a suspicious file, you'll get a warning message.

Enable ActiveX Filtering

The ActiveX filter in IE 9 and 10 blocks all ActiveX content on websites, but it allows you to run it selectively on sites you trust. Though some sites use ActiveX controls to display or run legitimate content (like animations, ads, Web-based programs, and download managers), some sites may try to run malicious ActiveX controls or content to infect your computer.

This is where ActiveX Filtering can help; however, this security feature is disabled by default. If you'd like the extra protection of this filtering feature, you can easily turn it on: Open IE, press the key, open the Tools menu, and click ActiveX Filtering if it isn't already checked.

Now when you visit a website with active content, you'll be alerted that some content has been filtered or blocked. If you trust the site, you can click Turn off ActiveX Filtering to allow the content on that particular website.

Set up tracking protection

Tracking Protection, a feature present in IE 9 and 10, helps protect your online privacy and reduces annoyances from third-party content like advertisements. Combined with Tracking Protection Lists, it can block third-party content from appearing and prevent third-party tracking from content providers on the list.

By default, Tracking Protection Lists are turned off. To enable and configure them, open IE, press the key, select the Tools menu, and click Tracking Protection. You should see the default list that's generated automatically based on sites you visit, and you may choose to download additional lists. To use a list, select it, and click the Enable button.

Then, to choose how you want to block them, click the Settings button.

In IE 10, Microsoft added a Do Not Track setting--enabled by default--to Tracking Protection, which tells websites you visit that you prefer not to be tracked. Though websites are under no obligation to honor your request, stating your preference may reduce some tracking.

To adjust your Do Not Track settings, open IE from the desktop, press the key, pop open the Tools menu, and click Internet Options. From there, select the Advanced tab, scroll down to the Security section, and confirm that the Always send Do Not Track header setting is checked.

Did we mention that you should update?

The fundamental step to keeping any browser secure is to update it regularly. Once you've made that a habit, you'll also find that Internet Explorer has a solid set of built-in security features, as well as some privacy protections. The settings recommended here will do the trick for most situations, but they aren't set in stone. The better you learn the security functions, the better you can adjust them to your own browsing habits.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsMicrosoftsecuritybrowserssoftware

More about Adobe SystemsMicrosoftPSIQualysSecunia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Eric Geier

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place