Configuring Internet Explorer for Practical Security and Privacy Part – 5
Configuring the Advanced Tab
The Advanced tab has a myriad of options for configuring the Internet Explorer settings.
|Always expand ALT text for images||Check|
If enabled this specifies whether the size of the image in a Webpage should expand to fit all of the alternate Text when the Show Pictures check box is cleared. This check box is available in the Multimedia section of the Advanced tab in Internet options.
|Move system caret with focus/selection changes||Uncheck|
When enabled this option moves the cursor when the focus/selection changes.
|Always send URL's as UTF-8 (requires restart)||Check|
This setting specifies whether to use UTF-8 which enables you to exchange URL's that contain charcters from any language.
|Automatically check for Internet Explorer updates||Uncheck|
If this is enabled, Internet Explorer automatically checks for updates approximately every 30 days. Please note that though this option is available, this feature is not available in Internet Explorer on Windows 2000, 2003 and Windows XP. So, checking or unchecking this option will not have the desired effect.
|Close unused folders in History and Favorites (requires restart)||Check|
This setting specifies that when a folder in the History bar, Favorites bar or Organize Favorites window is opened, any folders opened previously will close.
|Disable Script Debugging (Internet Explorer)||Check|
This setting specifies whether you want to use the script debugger. If this setting is enabled in conjunction with Display a notification about every script error , you are likely to see annoying error messages which gives an option for you to debug. Check mark this unless you are testing out your Webpage scripts and programs.
|Disable Script Debugging (Other)||Check|
This setting can also be checkmarked as the one above. "The 'Other' option control script debugging in other applications that use mshtml.dll such as Outlook".
|Display a notification about every script error||Uncheck|
Uncheck this, unless you want to see numerous script error messages when you browse the Web. This setting is off by default.
|Enable folder view for FTP sites||Uncheck|
This setting specifies whether FTP sites are displayed similar to browsing folders in Windows Explorer or in an HTML based layout.
|Enable Install on Demand (Internet Explorer) and Enable Install On Demand (Other)||Uncheck|
This setting specifies whether to download and Install Internet Explorer components/add-ons if a Web site requires them in order to display the page properly or to perform a particular task. Please note that though this option is available, this feature is not available in Internet Explorer on Windows 2000, 2003 and Windows XP. So, checking or unchecking this option will not have the desired effect..
|Enable offline items to be synchronized on a schedule||Uncheck|
This setting specifies synchronizing the offline items on a schedule you have specified in the Synchronize menu available in Start > All Programs > Accessories > Communication menu in Windows XP. Uncheck this if you don't use the Synchronize function.
|Enable Page transitions||Uncheck|
This setting controls whether you see Internet Explorer fading in and out of Webpages. This is more of an option for people with accessibility needs, uncheck this if you rely on a screen reader or a magnifier and use a voice recognition program or if you don't use IE for slide shows.
|Enable Page transitions||Uncheck|
Enable Page transitions This setting controls whether you hide unused entries in your Favorites list. If enabled, you can view the hidden links by clicking the down arrow at the bottom of the Favorites menu.
|Enable third-party browser extensions (requires restart)||Check|
This setting specifies whether you want to enable third-party browser extensions like Tool bands and Browser helper objects.
A tool band is a band object that was introduced with Internet Explorer 5 to support the Radio Toolbar feature. This feature can put a window on a band that is contained by the Rebar control that holds the toolbars in Internet Explorer.
Browser helper objects are Component Object Model (COM) components that Internet Explorer loads whenever it starts. These objects run in the same memory context as the browser and they can perform any action on the available windows and modules.
Only uncheck this when you have to troubleshoot Internet Explorer problems.
|Enable visual styles on buttons and controls in Web pages||Check|
This setting specifies whether you want the controls like radio buttons in Web pages to use Windows display settings.
|Force offscreen compositing even under Terminal Server (requires restart)||Uncheck|
"Compositing is the process of combining two images to form a new image. The most common compositing operation is an "over," in which one image is placed over another. Compositing effects can cause flashing when you are running Internet Explorer with Terminal Services. If you enable this option, you can eliminate the flashing but you might severely decrease the performance of Internet Explorer running with Terminal Services. For a sample page that uses compositing effects, see the following Microsoft Web site: Compositor. This option can be safely unchecked.
|Notify when downloads complete||Check|
Just does what it says, if enabled Internet Explorer will display a message stating that the download is complete.
|Reuse windows for launching shortcuts||Check|
This setting specifies whether to use an existing IE window or to open a new window when you click a link in an Internet-aware program, such as Outlook Express.
|Show friendly HTTP error messages||Check|
This setting specifies whether you want to see a friendly HTTP error message providing detailed description of the error and hints to correct the problem when there is a problem connecting with a webserver or the error code and message only.
|Show friendly URLs||Uncheck|
If enabled the status bar displays the name of the current Web page instead of the full URL. I personally have this unchecked.
|Show Go button in Address bar||Check|
This setting specifies whether the Go button is shown next to the Address bar. Have this checked, unless you always prefer press the Enter button after entering the URL in the Address bar.
This setting specifies how the links in a Webpage are displayed. I have this set to Always.
|Use inline Autocomplete||Check|
This setting specifies whether to use inline Autocomplete. This works in conjunction with the Autocomplete option available in the Content tab. If you have opted to enable Autocomplete for Webaddresses, enable this also.
|Use Passive FTP (for firewall and DSL modem compatibility)||Check|
This setting allows you to change the Internet Explorer FTP Client mode. You need to enable this setting if you have problems connecting to FTP sites using Internet Explorer when your system is behind a firewall. Please note that "Internet Explorer behaves as a Standard mode FTP client if you select the Enable folder view for FTP sites check box, even if you also select the Use Passive FTP check box. If you clear the Enable folder view for FTP sites check box and then select the Use Passive FTP check box, Internet Explorer behaves as a Passive mode FTP client".
|Use smooth scrolling||Check|
This specifies the option to use a special type of scrolling to display content at a predetermined speed instead of abruptly jumping to another part of the page. Uncheck this if you use a screen reader or a voice recognition programs.
HTTP 1.1 settings
|Use HTTP 1.1||Check|
This setting specifies whether to use HTTP 1.1 protocol when connecting to Web sites. Have this checked.
|Use HTTP 1.1 through proxy connections||Check|
This setting specifies whether to use HTTP 1.1 protocol when connecting to Web sites through proxy servers.
|Use JRE 1.x.x for applet (requires restart)||Check|
Checking this option allows Internet Explorer to run Java applets.
Java consolde enabled (requires restart)
Java logging enabled
JIT compiler for virtual machine enabled (requires restart)
If you have the above Microsoft VM options in addition to the Java (sun) option, uncheck all of them as Microsoft VM is unsupported and hence unsafe. Check here Microsoft Java Virtual Machine Support.
|Enable Automatic Image Resizing||Check|
This setting specifies whether the large images in Webpages should be resized to fit in the browser window.
|Enable Image Toolbar (requires restart)||Check|
This setting enables or disables the appearance of the Image toolbar when you position the mouse pointer over an image in Internet Explorer.
Play animations in Web pages
Play sounds in Web pages
Play videos in Web pages
All are self-explanatory, enable or disable accordingly.
This is self-explanatory. Deselect this if you don't want to see any of the images from the Web pages you visit.
|Smart image dithering||Check|
If enabled this setting smooths the the images in the Webpages you are viewing.
|Print background colors and images||Uncheck|
This setting specifies whether Internet Explorer should print the Web page background colors and images contained in the Web page you are printing.
Search from the Address bar – This setting specifies how Internet Explorer should present the results if a Web search is performed using the Address bar. I have this set to Just display the results in the main window.
Allow active content from CDs to run on My Computer
Allow active content to run in files on My Computer
Note that "My Computer" denotes the local machine.
The above options are currently available only in the version of Internet Explorer that comes with Windows XP SP2. These options are enabled by default.
Prior to Service Pack 2 the Local Machine zone allowed Web content to run with fewer restrictions since local content was considered to be secure. Unfortunately, attackers also try to take advantage of the Local Machine zone to elevate their privileges and compromise a computer.
In Windows XP Service Pack 2, all local files and content that is processed by Internet Explorer has additional security applied to it in the Local Machine zone.
This feature dramatically restricts HTML in the Local Machine zone and HTML that is hosted in Internet Explorer. This helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code. Local Machine Zone Lockdown
|Allow software to run or install even if the signature is invalid||Uncheck|
ActiveX controls and file downloads often have digital signatures attached to them vouching for the integrity of the file and the identity of the creator of the software. An invalid signature might indicate that someone has tampered with the file. Please note that some legitimate software may have an invalid signature and still be OK. Leave this setting unchecked.
|Check for publisher's certificate revocation||Check|
Certificates are electronic credentials authenticated and issued by a trusted third party called certification authority to ensure content integrity. This setting specifies whether Internet Explorer should verify that an issuing certificate authority has not revoked a publisher's certificate.
|Check for server certificate revocation (requires|
This setting specifies whether Internet Explorer should also verify that a certificate issuing authority has not revoked the Website's certificate.
|Check for signatures on downloaded programs||Check|
This setting specifies whether Internet Explorer should verify the identity of programs that you choose to download. If this setting is checked, a dialog box will appear with information that Internet Explorer finds during the check.
|Do not save encrypted pages to disk||Check|
This setting specifies whether or not secure infromation such as passwords, credit card information etc that you may exchange with secure servers are stored in the Temporary Internet Files folder.
|Empty Temporary Internet files folder when browser is closed||Check|
Each page or image that you view in Internet Explorer may be stored in the Temporary Internet Files folder also called as the 'cache'. Enabling this setting prevents the browser from storing any information about your online activities.
|Enable Integrated Windows Authentication||Check|
Integrated Windows authentication is a secure form of authentication for an Intranet environment. If you are not in one Uncheck this.
|Enable Profile Assistant||Uncheck|
This setting specifies how the browser interacts with a Web site that requests user profile information. If you check this, the browser will prompt you when a Web site requests profile assistant information and you can choose what to share and also to allow this information to be shared with that Website in future without prompting. You can store your profile information if you want in the personal information section of the 'content' tab, which is not recommended.
Use SSL 2.0 Use SSL 3.0 Use TLS 1.0 The above settings specify whether to send and receive secured information through these protocols. Checkmark all. SSL 2.0 is supported by all the secure web sites. Some of the secure Websites may not support SSl 3.0 and TLS 1.0. If you get an error message when trying to access a secure Web site uncheck 'Use TLS 1.0'.
|Warn about invalid site certificates||Check|
This setting specifies whether Internet Explorer should warn you, if the URL in a Web site's security certificate does not match its domain name.
|Warn if changing between secure and not secure mode||Check|
This is a vital setting if you are a prolific online shopper or frequently in an activity that requires you to share your secure information online. Checking this option will prevent you from sending secure information over a non-secure connection, by mistake.
|Warn if forms submittal is being redirected||Check|
This setting specifies whether Internet Explorer should issue a warning when information submitted on a form is sent to an address different from the one hosting the form.
This completes the Internet Explorer Advanced tab settings tutorial