Is there any way to make IE 8 / IE 7 safe?

[Juddog]

IE 7 / IE 8 are the easiest browsers to get infected with spyware / malware. Are there any plugins for them that are the equivalent of noscript for Firefox?

What I mean to say is a whitelist approach, saying only trust certain sites after I have given the ok to run javascript / activeX / dot net / Flash, etc..

Personally I almost never use IE anymore but almost every corporation I have worked for uses it since it integrates with group policy. I am mostly looking for a way to make it secure since people are getting infected every day. We have tried just about every anti spyware solution out there and none seem to be any good at stopping infection from occurring. Many can remove an infection after it occurs, but none seem to stop it from the get-go. Installing Firefox on every image is a no-no, same goes for Chrome and Opera.

moved from Off Topic.
Sr moderator allisolm

 

[MrChad]

In Vista / Windows 7, they are extremely secure due to Protected Mode sandboxing.

Are your users running under limited accounts?

 

[imported_snikt]

We don't implement this because our users are running limited accounts on our domain, among other security measures, but there is an option in the Group Policy to customize and configure Zones.

User Configuration > Window Settings > Internet Explorer Maintenance > Security > Security Zones and Content Ratings

Here you will see the necessary options you can customize.

 

[Juddog]

Originally posted by: MrChad
In Vista / Windows 7, they are extremely secure due to Protected Mode sandboxing.

Are your users running under limited accounts?

We're not running Vista yet, since a lot of our apps don't work with it.

People get infected even just running as power users (with non-admin accounts).

 

[mechBgon]

Don't make them Power Users, make them Restricted Users. Also consider using Software Restriction Policy and keeping all browser extensions up-to-date (e.g. Adobe Flash Player, Adobe Reader, Sun Java), as they are an attack vector unto themselves.

If your users are being duped into running Trojan Horse programs (such as scamware that claims their system is infected, and urges them to download & run stuff), then Software Restriction Policy will slam the door on that. User education about scamware is also a good idea, but you never want to leave the user in the driver's seat if you don't have to.

Here are more security suggestions, including DEP: http://www.mechbgon.com/security This is partly developed from my firsthand malware-hunting experience, and partly from my sysadmin experience. IE will be plenty secure if you apply that knowledge. My own fleet, equipped with IE6 at the time, racked up hundreds of thousands of machine-hours without infections.

 

[ChAoTiCpInOy]

Teach users not to download programs for wallpapers. Be safe, if something is happening and you didn't cause it, then it's probably something bad.

 

[F1refly]

pick one or both.

1. Use another browser
2. Use Linux and virtualize windows or wine.