This document describes configuration settings for Internet Explorer that I have found essentially negate the impact of spyware on my computer. I scan my machine for spyware on a weekly basis using Ad-Aware SE Personal and SpyBot Search & Destroy 1.4, and have found no new infestations of spyware since adopting this configuration.

As per usual, this standard disclaimer goes along with the information to state that I do not guarantee that spyware may not find a way around this methodology, or that you may encounter some web pages or web-based applications that do not function properly as a result of making these changes. From my own use and research, I have had no issues.

In Internet Explorer, select the menu items 'Tools', and then 'Internet Options'. The suggested settings for each tab (which is bolded and underlined) are described below.

General

Temporary Internet files - Settings

- Check for newer versions of stored pages: automatically

- Amount of disk space to use: 640 mb

- Days to keep pages in history: 14

Security

- Security level: Custom

.NET Framework-reliant components

Run components not signed with Authenticode: Prompt

Run components signed with Autheticode: Enable

Activex controls and plug-ins

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disable

Initialize and script ActiveX controls not marked as safe: Disable

Run ActiveX controls and plug-ins: Enable

Script ActiveX controls marked safe for scripting: Enable

Downloads

File download: Enable

Font download: Enable

Microsoft VM

Java Permissions: High safety

Miscellaneous

Access data sources across domains: Disable

Allow META REFRESH: Enable

Display mixed content: Prompt

Don't prompt for client certificate selection when no..... Disable

Drag and drop or copy and paste files: Enable

Installation of desktop items: Prompt

Launching programs and files in an IFRAME: Prompt

Navigate sub-frames across different domains: Disable

Software channel permissions: High safety

Submit nonencrypted form data: Enable

Userdata persistence: Enable

Scripting

Active scripting: Enable

Allow paste operation via script: Prompt

Scripting of Java applets: Enable

User Authentication

Logon: Automatic logon only in Intranet zone

Privacy

- Privacy level: Custom

- Override automatic cookie handling

First-party cookies Prompt

Third-party cookies Prompt

- Always allow session cookies

Web Sites:

Allow only the sites you visit that require cookies - block all others. This does require some action on the part of the end user to keep things up to date. If a web site does not appear to be working correctly, remove the site cookie from the list and try it again to know if the cookie setting is the source of the problem.

Here are some examples of sites that need to have cookies allowed to ensure they function correctly:

att.net

avantgo.com

broadcast.com

certmag.com

isc2.org

mapquest.com

mcafee.com

microsoft.com

msn.com

netscape.com

netzero.com

netzero.net

novell.com

passport.com

passport.net

placeware.com

qwest.com

sans.org

symantec.com

techtarget.com

webex.com

yahoo.com

Content

- No specific settings

Connections

Local Area Network (LAN) settings

- Automatically detect settings

Programs

- Default browser check box

- Other program settings as applicable

Advanced

Select the check boxes for the following options:

Accessibility:

- No items selected

Browsing:

Always send URLs ast UTF-8

Automatically check for Internet Explorer updates

Close unused folders in History and Favorites

Disable script debugging

Enable folder view for FTP sites

Enable Install On Demand (Internet Explorer)

Enable Install On Demand (Other)

Enable offline items to be synchronized on a schedule

Enable page transitions

Enable third-party browser extensions

Enable visual styles on buttons and controls in web pages

Notify when downloads complete

Show friendly HTTP error messages

Underline links - Always

Use smooth scrolling

HTTP 1.1 settings

Use HTTP 1.1

Java (Sun)

- No items selected

Microsoft VM

JIT compiler for virtual machine enabled

Multimedia

Enable Automatic Image Resizing

Enable Image Toolbar

Play animations in web pages

Play videos in web pages

Show pictures

Smart image dithering

Printing

- No items selected

Search from the Address Bar

- Just display the results in the main window

Security

Check for publisher's certificate revocation

Check for server certificate revocation

Check for signatures on downloaded programs

Do not save encrypted pages to disk

Empty Temporary Internet Files folder when browser is closed

Enable Integrated Windows Authentication

Enable Profile Assistant

Use SSL 2.0

Use SSL 3.0

Warn about invalid site certificates

Warn if forms submittal is being redirected.

Tom Reineke, CISSP - ISSAP, ISSMP #46137
Information Security Analyst
Gillette Children's Specialty Healthcare
East St. Paul MN 55101-2507

All copyrights of this article remain with the author.