Internet Explorer Safety
Internet Explorer contains a wealth of embedded functionality making it extremely complicated and prone to implementation mistakes. It is widely installed and has been the focus of much vulnerability research and exploit attempts. Over the past two years, serious security related defects have been discovered in the product almost every other month. Many of these defects can be, and/or have been, exploited by maliciously crafted web pages and/or email messages and/or automated worms.
Outlook and Outlook Express, as well as some other programs, internally use Internet Explorer to process HTML mail messages so defects in Internet Explorer also affect these products.
When a defect is exploited, the internal security controls of the product are often bypassed. In such cases, no action is needed on the part of the computer operator to become a victim. Simply reading a malicious email message, clicking a malicious web link, or visiting a malicious web site is sufficient to turn control of the computer and all its data over to either a virus or an individual. No email attachments need to be clicked and no files downloaded from the web site.
Because of its widespread deployment, its record of security related defects, and the instantaneous nature of world-wide Internet communications to which it connects us, it is important that Internet Explorer be properly maintained and configured in order to protect our computing assets.
Contents
Minimum Security Measures (generally transparent)
Minimum Internet Explorer Security Measures
Minimum Outlook/Outlook Express Email Handling Security
Additional Security Measures (may result in usage problems)
Optional Outlook/Outlook Express Email Handling Security
Optional Internet Explorer Security Measures
Explanation of Security Measures
more