IE6 is not the most recent version of Internet explorer,
but still can be found being used for Web browsing in the
enterprise. If there is still a need for IE6, then there is still a
need for
IE6 security. Check out this section of our guide for helpful
expert advice on how to make sure that IE6 is not used as a doorway
to your network.
Table of contents
Internet Explorer security settings and
controls
Securing Microsoft Internet Explorer
7
Securing Microsoft Internet Explorer 6
| Securing Microsoft
Internet Explorer 6 | |
Just because there is a more up-to-date version of the Microsoft
Web browser (IE 7) does not mean that people are not still running
IE6 in the enterprise. And wherever there is a user running
Internet Explorer 6, there is a security vulnerability that can
give a hacker access to your network.
Despite it not being the most recent version of Internet
Explorer, our resident security experts Jonathan Hassell and Kevin
Beaver still field user questions on IE6 security. They address
such topics as running IE6 after downgrading from IE7, surviving
with out-of-date IE6, adjusting security settings in IE6 and more.
Check out some questions users have asked in our FAQ below.
Internet Explorer 6
If you plan on running IE6 in the enterprise, you should be
properly prepared. Proper IE security takes some user know-how and
you will have to micromanage some of your security settings. Of
course, according to Windows security threats expert Kevin Beaver,
there are certain types of malware that can prevent you from making
necessary security changes. Follow the tips below to learn how you
can survive with Internet Explorer 6.0.
Adjusting security settings in Internet Explorer 6.0
Question:When I go to Internet Explorer 6.0, then
Tools, then Internet options, the Apply button is disabled so I
can't make any changes to the Internet options. I've been told that
it has to do with my security template. My question is where in the
security template is that Apply button being disabled
Kevin Beaver: There's a chance you have a
malware infection that does not allow you to
change things like your home. I recommend scanning your system
using 2-3 anti-spyware tools such as Spybot and Microsoft's
Antispyware as well as perform a thorough virus scan. You can also
run gpedit.msc to see if any
IE settings have been changed/applied as
shown here:
Run a secure IE6 after downgrading from IE7
Question: I need to use a software that will only install
under IE6. Unfortunately, I have updated to IE7 and because of the
Windows hardening that has taken place I am in a sticky situation.
What would you suggest to
keep my IE secure after downgrading from IE7
to IE6?
Jonathan Hassell: Using IE6 isn't necessarily a losing
proposition. Here are some of the basics:
- Install the latest IE patches—the recent update corrected a
pretty big security hole
- Make sure you have an antivirus solution installed
- Watch out for sites that can give you spyware (a popup blocker
is necessary here to prevent some automated installs)
- Check your zone settings to make sure the Internet isn't a
trusted place
- Consider disabling ActiveX controls
- Install Firefox and use it exclusively except with the
application that requires IE6
Security risks in Internet Explorer 6
Question: I want to take a step back from Internet
Explorer 7 but I am concerned about the
security risks of IE6. What do I need to
worry about in Internet Explorer 6 that I do not need to worry
about in Internet Explorer 7? What steps should I take to limit
security risks during such a switch?
Jonathan Hassell: As far as what you should consider from
IE6 that IE7 might take off your mind:
- IE6 doesn't run in low privilege mode, so adware and spyware
can infiltrate more easily.
- There is no phishing filter in IE6, nor are there any obvious
warning signs when you're about to enter a phishing site.
- IE6 doesn't have tabs out of the box. (Not security related,
but it's certainly a convenience factor.)
Make sure you have an antivirus solution installed, watch out
for sites that can give you spyware (a popup blocker is necessary
here to prevent some automated installs) and check your zone
settings to make sure the Internet isn't a trusted place. Or,
better yet, install Firefox until you're ready to return to
IE7.
If you are still running IE6 in your Windows network, feel free
to ask
Jonathan Hassell or
Kevin Beaver an
Internet Explorer security question of your
own.