How to secure IE

[Ice Czar]

in three easy steps

1. copy this text into a notepad and save it as noaccess.rat
and save it in WINNT\system32 (W2K) WINDOWS\system32 (XP)

((PICS-version 1.0)
 (rating-system "http://www.microsoft.com")
 (rating-service "http://www.microsoft.com")
 (name "Noaccess")
 (description "This file will block all sites.")

 (category
  (transmit-as "m")
  (name "Yes")
   (label
   (name "Level 0:   No Setting")
   (description "No Setting")
   (value 0) )
  (label
   (name "Level 1:   No Setting")
   (description "No Setting")
   (value 1) ) ))

2. Open IE > Tools > Internet Options > Content > Enable > General tab > Rating Systems > delete all > add > noaccess.rat > OK > Approved Sites Tab > add

http://technet.microsoft.com/
http://update.microsoft.com
http://support.microsoft.com/
http://www.microsoft.com/windows2000
http://www.microsoft.com/windowsxp/

clicking "always" after each > General Tab > User Options > Check Supervisor can type password to allow users to view restricted content > uncheck Users can see sites that have no rating > set password

3. install Firefox with the noscript extention or Opera

IE is now secured

might make sense to restrict that folder's NTFS permissions as well
Program Files\Internet Explorer > Properties > Sharing Tab > check do not share > Security Tab > remove all users except yourself (Administrators)

 

[GeForceX]

So what this does is basically disable IE from even going on any site which renders it literally useless? Except... the approved sites, right?

That sounds very extreme (good for the security paranoid individuals).

Now, how to implement these settings as default upon installing unattended Windows XP?

-J.

 

[Ice Czar]

EDIT > Im yet again the victim of ninja editing
however to answer the now missing question about updatability

thats what some of those sites listed are
however set a relatively short password and run through the update a few times
you can also add sites you absolutely have to view with IE (say active X tutorials on your latest DMM)

but yes it renders it basically inoperable
which it could be argued is the only secure state its capable of

seeing how they don't patch it

 

[mikeblas]

You're just trading one set of problems for another; after I do Step 3, how do I secure FireFox or Opera?

 

[Ice Czar]

Firefox and Opera stay ahead of the curve for exploits in the wild historically, the same is not true of IE