Configuring Internet Explorer for Practical Security and Privacy Part – 4
Configuring the Internet Explorer "Content" tab settings
The section we are interested in the Content tab is Personal information.
Internet Explorer provides Autocomple feature for Web addresses, Forms and User names and passwords on forms. If these are enabled, each time you visit a Website, fill forms or login using your username and password, the information is encrypted and stored on your local machine. So that the next time you encounter similar field, Internet Explorer enters the data automatically on future occasions.
The autocomplete feature for Web addresses specifies whether you want Internet Explorer to remember and automatically suggest internet addresses from its History list, as you type them in the address bar, provided that you have visited the Web site before. You can go to the suggested address by clicking on it and then clicking the Go button.
The autocomplete feature for Forms specifies whether you want Internet Explorer to remember data entered into Webforms and suggest entries when you enter data in similar forms in the same or a different Website.
The autocomplete feature for User names and passwords on forms specifies whether you want Internet Explorer to remember usernames and their corresponding passwords when you enter them in Web pages.
Even though the autocomplete feature basically meant for time saving when filling Webforms it also presents a security risk, especially when two or more people use the same machine with the same user account. This means others may be able to see the URL's of the Websites you have visited or get access to sensitive information like your credit card number, username and password which you had entered previously on a Webform.
I would recommend that only use autocomplete feature for Web addresses. If you are sensitive about the sites you visit you can uncheck that option also.
The Profile Assistant
What is the Profile Assistant? I quote from Microsoft:
The purpose of the Profile Assistant is to make it easy for users to share registration and demographic information with sites that require this information. The goal is to eliminate the need for users to repeatedly enter information such as their address or e-mail name for each site's registration page. This is accomplished by giving users complete control over access to their data, while at the same time maintaining user privacy. User information is stored securely in protected storage on the client computer. Web servers can request to read this information, but it is shared only if users give their consent in the Profile Assistant confirmation dialog box. This dialog box is required, and it is not possible to access this data without the user's permission.
This specifies how Internet Explorer responds when a Website requests user profile information. If this setting is enabled and Internet Explorer encounters a Website that requests user profile data, it will prompt you about the request and lets you specify what personal information is shared with the Website.
The My Profile button lets you edit your user profile. This allows you to enter or change all fields in the form. You can have multiple profiles for work and home or even multiple users. Please note that the Profile Assistant is automatically populated with the vcards from the Windows address book, you only need to choose the vcard you want to use for the particular Website.
Want to see how this works? Visit this link using Internet Explorer. gemal.dk – BrowserSpy – Profile Assistant Information
I usually have the Profile Assistant disabled. It can be done from the Advanced tab of the Internet options.
Add-ons extend the functionality of Internet Explorer. Some add-ons are installed with Windows and many are downloaded from the Internet. But add-ons are also one way Malware invades your system, especially when they are installed without your permission. Internet Explorer in Windows XPSP2 provides an option to configure and control these add-ons.
Open Internet Explorer. Click "Tools" in the menu and "Options" to enter the "Internet Options" window. Select the "Programs" tab and click on "Manage Add-ons" or on the "Tools" menu, click on "Manage Add-ons"
Here you can enable, disable all add-ons installed on your system individually and also update some of them.
Add-ons currently loaded in Internet Explorer are add-ons that are currently loaded into memory or are blocked from being loaded into memory. It can also be add-ons that were needed for the current Web page or a recently viewed Web page.
Add-ons that have been used by Internet Explorer to list all add-ons that reside on your computer.
Note: Some Webpages might not display correctly if an add-on is disabled, disable only those that are known to be Malware or that causes repeated slowing down or shutting down of Internet Explorer.
This completes the Internet Explorer Content tab settings tutorial.