Although changes have been made to Internet Explorer 7 (IE 7) to make it safer than IE 6, security issues remain and many of the same considerations discussed for IE 6 are also pertinent to IE 7. In fact, possible exploits using active scripting surfaced immediately after the release of IE 7 to the general public. The general discussion of security zones in IE that was given previously applies here and should be read for background. The recommended settings for the Internet security zone given below should be used together with a system of adding frequently visited sites that are known to be safe to the Trusted Zone.
There are quite a few settings and the particular recommendations given in the table below are but one of many possible combinations. The recommended settings can be modified to suit a PC user’s particular pattern of surfing. Thus, you may wish to experiment to find a combination best for your own purposes. For example, many pages use scripts and you may wish to allow certain aspects. Also, it is a common practice for pages to use META REFRESH for redirection. It is also used by bad sites to trap your browser or to fool you. I have left it enabled but you may wish to disable it. Another setting that some may wish to disable is “File download” although I have left it enabled.
The recommended settings below may not suit everybody and may even be irritating to some. Therefore, do not undertake to change anything on your computer unless you know how to get back to where you started.
Category | Setting | Default | Recommended |
---|---|---|---|
.NET Framework | Loose XAML | Enable | Disable |
XAML browser applications | Enable | Disable | |
XPS documents | Enable | Disable | |
.NET Framework-reliant components | Run components not signed with Authenticode | Enable | Disable |
Run components signed with Authenticode | Enable | Enable | |
ActiveX Controls and Plug-ins | Allow previously unused ActiveX controls to run without prompt | Disable | Disable |
Allow Scriptlets | Disable | Disable | |
Automatic prompting for ActiveX controls | Disable | Disable | |
Binary and script behaviors | Enable | Disable | |
Display video and animation on a webpage that does not use external media player | Disable | Disable | |
Download signed ActiveX controls | Prompt | Disable | |
Download unsigned ActiveX controls | Disable | Disable | |
Initialize and script ActiveX controls not marked as safe for scripting | Disable | Disable | |
Run ActiveX controls and plug-ins | Enable | Disable | |
Script ActiveX controls marked safe for scripting | Enable | Disable | |
Downloads | Automatic prompting for file downloads | Disable | Disable |
File download | Enable | Enable | |
Font download | Enable | Disable | |
Enable .NET Framework setup | Enable .NET Framework setup | Enable | Disable |
Miscellaneous | Access data sources across domains | Disable | Disable |
Allow META REFRESH | Enable | Enable | |
Allow scripting of Internet Explorer web browser control | Disable | Disable | |
Allow script-initiated windows without size or position constraints | Disable | Disable | |
Allow webpages to use restricted protocols for active content | Prompt | Disable | |
Allow websites to open windows without address or status bars | Disable | Disable | |
Display mixed content | Prompt | Disable | |
Don’t prompt for client certificate selection when no certificates or only one certificate exists | Disable | Disable | |
Drag and drop or copy and paste files | Enable | Disable | |
Include local directory path when uploading files to a server | Enable | Disable | |
Installation of desktop items | Prompt | Disable | |
Launching applications and unsafe files | Prompt | Disable | |
Launching programs and files in an IFRAME | Prompt | Disable | |
Navigate sub-frames across different domains | Disable | Disable | |
Open files based on content, not file extension | Enable | Enable | |
Software channel permissions | Medium safety | High safety | |
Submit non-encrypted form data | Enable | Disable | |
Use Phishing Filter | Enable | Enable | |
Use Pop-up Blocker | Enable | Enable | |
Userdata persistence | Enable | Disable | |
Websites in less privileged web content zone can navigate into this zone | Enable | Disable | |
Scripting | Active scripting | Enable | Disable |
Allow Programmatic clipboard access | Prompt | Disable | |
Allow status bar updates via script | Disable | Disable | |
Allow websites to prompt for information using scripted windows | Disable | Disable | |
Scripting of Java applets | Enable | Prompt | |
User Authentication | Logon | Automatic logon only in Intranet zone | Automatic logon only in Intranet zone |