|
Display mixed
content. I’d recommend setting
this to Prompt so you can be notified in the event
you are viewing a webpage with both secure and insecure
content (https and http), in which case you may want to
reconsider entering personal information such as credit card
numbers.
Navigate
sub-frames across different domains.
Set this to Prompt.
Active scripting.
1 of the most popular ways of exploiting Internet Explorer
is via scripting, though many legitimate websites use
scripting also, e.g.
Windows Update.
While setting this to Disable will significantly aid
in securing Internet Explorer it also will have a noticeable
effect on website functionality, e.g. Windows Update will
not function. One perhaps beneficial affect though is
pop-up/under windows will not appear at all. It’s worth
noting that this (Disabling Active Scripting) is recommended
by many security experts, e.g. Georgi Guninski. Given the
current state of Internet Explorer exploitation you’d be
best setting this to Prompt.
Allow paste
operations via script. This
feature allows webpages that script DHTML to paste the
contents of your clipboard, which obviously could be a
rather serious issue for many. As such it is strongly
recommended you set this to Disable, as an added
bonus this will have zero effect on
functionality/compatibility.
Scripting of Java
applets. JavaScript is an
open, cross-platform object scripting language (Not to be
confused with Sun MicroSystem’s
Java) and much
like the Active Scripting option above also represents a big
enough potential security risk, as such it is recommended
you set this to Disable.
If you’re interested
in disabling the ADODB.Stream object (and hence,
vulnerabilities), then please
see Microsoft for details.
To get around the
functionality issues modifying these options can cause
(Particularly with sites you may visit regularly) you should
select the Trusted sites zone in Internet Options
Security tab, then the Sites button.
Simply Add
desired websites to this list and scripting/ActiveX, etc.
can function as normal on these sites, offering improved
functionality while not exposing you to the risks other
unknown/untrustworthy sites could pose (Assuming you only
add site you know you can trust that is).
Now select the
Privacy tab. The options available here allow you some
manner of filtering against cookies, which should help to
increase your privacy online just that little bit more.
Privacy
Preferences. The vertical
slider here may be used to choose from 6 predefined privacy
settings. Each of the options available will display the
features of each setting, which are fairly self-explanatory,
so move the slider Up/Down to view each the features of each
option. I'd highly recommend leaving setting this to High.
Import.
This button allows you to install custom privacy settings
from a local or network stored file. Although the 6
available presets should prove more than enough for most
users.
Default.
Selecting this button will restore your Privacy setting to
the default level of Medium.
Edit.
Select the Edit button if you wish to ignore
the Cookie preferences you have selected for specific sites.
Simply type the sites URL into the Address of Web site
field and select Block to refuse saving any Cookies
from that site, or selecting Allow to not decline
saving of Cookies from that site. Use the Remove
button should you wish such sites to use the normal Cookie
management features. Note – This setting will also override
any privacy policy available for the listed Domain(s).
If you’ve got time on
your hands a good idea would be to add Block sites
whose Cookies Ad-aware/Spybot (Covered later on) detect, as
this will mostly affect ad servers, this should have little
effect on functionality also.
Select Advanced
if you wish to customize the Cookie preferences yourself;
Override automatic
cookie handling. Ticking
this setting will remove the Slider bar in the Privacy
tab, instead of using that for setting your Cookie
preferences they will determined here by you. The following
3 option will now be available to change.
First-party
Cookies. Set this to Accept
to enable cookies originating directly from the
webpage you are visiting to be stored on your system. This
is rather useful and can be used to store information such
as forum login details so you won't need to re-login any
time you visit a forum. If you are on a shared PC however
you may want to set this to Block for similar
reasons, you don't want others to be able to access certain
websites as you. Some websites may not function correctly
with 1st party cookies disabled. Another
alternative would be to set this to Prompt, in which
case you can block some cookies and accept others, although
this is fairly time consuming if you visit many websites.
Third-party
Cookies. Set this to Accept
to enable cookies originating externally from a webpage you
are visiting to be stored on your system. In most instances
this will mean 1 thing – Advertisements, as a result I’d
recommend selecting Block for this setting.
|
