Browser

How do I secure Internet Explorer with IEController?

There are times when you have to use Internet Explorer. For those instances, you may want to make sure that IE is as safe as possible with IEController.

There are plenty of schools of thought on this, but ultimately there are situations where IE is a must-use application. This could be per your company policy or even due to specific Web-site needs. Regardless, there are times when you have to (or want to) use Internet Explorer. For those instances, you will want to make sure that IE is operating as safe as possible. Of course, the definition of "safe" is very fluid. Thankfully there are tools available that allow for such fluidity, while still helping to secure a very popular Web browser.

This blog post is also available in PDF format in a TechRepublic download.

IEController is a handy tool that allows you to:

  • Execute/monitor access
  • Control the execution of ActiveX controls
  • Control the execution of scripts and programs
  • Control requests to restrict and control files
  • Prevent ads
  • Log data traffic

And what is really nice about IEController is that it isn't an installable application. Based on your settings, all this tool does is edit your Windows Registry file and create an icon for that particular instance of IE. You can also use IEController for any application that accesses similar protocols and tools as does IE. This means you can also secure other browsers as well, which is very handy. If it sounds a bit confusing, it's not, once you see it in action. Let's see how this works.

Step 1: Download and extract

The first thing you have to do is download the IEController Zip file and extract this file somewhere on your system. Unpack that file, and you will see the IEController icon. You can always pin this icon to the Start menu for quick access.

Step 2: Run IEController

Double-click on the IEController icon to start up the application. The application consists of a single window, housing multiple tabs (Figure A). Each of these tabs handles a different aspect of IE security.

Figure A

You will see this menu only the first time you open an application with IEController. So you will want to make sure you choose your settings wisely.

Step 3: Walk through the tabs

There are nine tabs, seven of which directly impact the security of Internet Explorer (with the only exceptions being the Configuration and the Log tab). The tabs are as follows:

Configuration

This tab is where you set up the icons you will use for your various applications. After you make all your configurations, you will come back to this tab and then click the Create Configuration Icon button, which will then place an icon for that configuration on your desktop.

ActiveX

This one is the big one. As you can see in Figure B, this tab can control a number of the less secure IE features.

Figure B

What you are looking at is the default ActiveX settings in IEController. Add or remove them as per your requirements.

If you click on the Expert Configuration button, a new window will open, allowing you to create unique allowed and disallowed objects. For this, you will need the object's CLSID.

Programs

From this tab (Figure C), you can control which external applications IE can access. Although the list seems a bit on the small side, you can click on the Expert Configuration button and create your own application listings to select from.

Figure C

To create your own, click Expert Configuration, then choose either black or white list, right-click the pane associated with the list you want to use, and select New Entry. The rest is simple.

Files

From this tab (Figure D), you can control what files IE can access. For the most part, this should be self-explanatory.

Figure D

Just remember that anything checked is allowed. By default, all items are set to allow.

Internet

This tab (Figure E) has some very interesting and powerful options available. From inbound to outbound TCP connections, to VeriSign redirects, and ad servers, you can seriously contain IE from this tab.

Figure E

Click the Expert Configuration button, and you can even create black/white lists of sites that IE can and cannot connect to.

Privacy

From this tab (Figure F), you can set keywords associated with sensitive data in order to prevent certain pieces of information from being transmitted unknowingly. In order to set this, you have to click the check box and then manually add keywords for IE to watch for.

Figure F

To create a new entry on this tab, right-click the blank area and select New Entry from the menu.

Registry

This tab (Figure G) is quite important. From here you can disallow write access to the registry. That alone is worth the price of admission. Of course, this tab allows for the configuration of more than just registry settings. You can also set this up such that IE cannot modify the Internet connection as well as register programs for autostart.

Figure G

By default IE has write access to the registry. If you want to change this, click the box next to Disable Write Access to Registry.

Misc

The final tab (Figure H) offers a few settings not related to any other tab. I have yet to use any configuration from this tab, but you might want to change the System Logging Function to Disallow to aid in the prevention of spyware.

Figure H

Do not uncheck the Always Notify Dangerous Actions or else you risk bad things happening without your knowing.

Step 4: Create your icon

When you have finally finished your configuration, go back to the Configuration tab and click the Create Configuration Icon and then click the Start button. A new icon will appear on your desktop, and IE will start with your configuration options set. Now, every time you start IE from that icon, it will run with the same configuration. If, however, you run IE from the normal means, it will run with the default configuration.

Final thoughts

That's it! You've set up IE as a more secure browser. You can also do this with other applications by simply dragging their icon onto the IEController icon. The IEController application will start and set options for that application. Just remember, you see that configuration window only the FIRST time you run an application with IEController.

IEController is certainly worth a look if you must use Internet Explorer. When you set up IE with this tool, you will find it far more secure than the default.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

23 comments
TuneUp Utilities
TuneUp Utilities

Thanks for explaining the importance of browser security. I usually have Firefox as my standard browser, but now with IE8 and these security tips, I?m wondering what will be better for a personal computer. Would you rather recommend Firefox or IE?

rocketmouse
rocketmouse

What I didn't understand is how to make sure it's the "controlled" version that gets launched by another program, e.g. Secunia - I never personally launch IE, but Secunia claims they can't (?) launch anything but.

mdstewar
mdstewar

Is this program compatible with IE 8? All I get when I double-click the saved desktop icon is an IEController 3.2 message that the action may be a potentially dangerous action.

oldbaritone
oldbaritone

Looks like it also might be helpful to programmers to be able to log the TCP and Wininet traffic. Neat tool, great article! Thanks, Jack

deeannejp
deeannejp

I think this is a very valuable tool when using IE and I want to thank you for giving us access to it.

vbs
vbs

If I want to remove this from the system what do I need to do and will registry changes that will left. I would like to have an idea before trying it.

OdeonIT
OdeonIT

Is the customized icon portable to other computers? In other words, if I copy the newly-created icon from the initial computer to another computer, would the increased IE security be in affect when using that icon on the second computer or does the program have to be run on each individual computer to make the setting changes applicable?

Mark W. Kaelin
Mark W. Kaelin

What extra precautions do you take to secure your Web browser? What settings shown by IEController would you change?

protokeys
protokeys

I always thought that if IE is running in non-admininstrator account, what malware can get through? Nothing. Sandboxie is a solution. Using an account type of administrator instead of Standard leaves the user susceptible to many windows exploits. freeware http://www.sandboxie.com/

OdeonIT
OdeonIT

I tried to test it with IE8 also and I get multiple warnings about it accessing the explorer.exe running process, then the Service Control Manager multiple times (to access RASMAN two times, TAPISRV 14 times, and Sens once) and after clicking Allow every time along with the configuration window opening itself again (tried both Start and Cancel), IE appears to open for a couple of milliseconds, then closes immediately with no warnings. I didn't make many changes at all to the configuration option and didn't make any Expert Configuration changes at all. I also tried creating a new custom icon with all of the default settings with the same results. The configuration window pops up, IE8 flashes open for less than a second, then disappears again. Clicking Start on the configuration window has the same result as clicking Cancel: the configuration window closes and nothing else happens. In Task Manager, one iexplore.exe process opens at the first message, then another when I click the first Allow, then another process starts when I click the second Allow, but it closes when the configuration window appears. When I click Start or close, the second new process closes, but the third remains open, yet no new IE8 window.

BIG CHRONO
BIG CHRONO

I'm not in IT, but a simple end user @ home. I subscribe to TechRepublic since things it deals with are applicable to public/private sectors, & even home PC's. If I were going to try this @ home, the first precaution would be to back up everything. Then roll out the program, hoping there are no blue/red screens, etc. If positive results are realized, then it could be safe to utilize continuously. If there are any anamolies, including seize ups, etc., & controls are lost, then I would try system restore, "crashing" the computer back through time. Failing that, then system recovery would be the ultimate solution. If successful, I would then remove IE Controller, grateful I did not need any geek squads, or other financial drains.

Gis Bun
Gis Bun

I suspect it leaves behind nothing. Anything changed in the registry was done when you made the change in the program. [of course I could be wrong]

Gis Bun
Gis Bun

Didn't look at it myself but I suspect something like this one doesn't have the option to port the changes over to another. They are all registry changes. Soa registry monitor tool could track what changes have been made.

blarman
blarman

The overview is a good start, but how about an example? Most of the settings aren't self-explanatory enough to tell you what effects they are going to have. I like the tool in concept, but I'd like to know more about what each feature does...

RipVan
RipVan

I still have a Windows box on which I haven't used IE in years. The box does get some use, but IE was a NO GO. This sounds like it would be fun to go back and play with.

taylorstan
taylorstan

The only other method I've used to control IE was sandboxing. The only problem with that was printing and allowing it to run certain web based programs. So that was a major draw back. This program sounds like something that MS should "steal" and incorporate into IE natively. InPrivate browsing does not cut it.

tom0s
tom0s

You say "You will only see this menu the first time you open an application with IEController." It's not clear to me:- can you make multiple "versions" of IE using this app or is this a once off job? Also curious about settings other might use (as a non-expert here)

Who Am I Really
Who Am I Really

in the article those dialog box screen shots are XP dialog boxes, not Vista or Win7 IE7 is Vista's browser not XP's IE8 is Win7's browser not XP's and the titlebar says: "IE Controller 3.2 Configuration, 2002-07 ..." So I'd guess that it's not going to support IE 8 properly if at all.

OdeonIT
OdeonIT

By the description given, it sounds like the program either makes the registry changes when you click the custom icon or somehow uses an alternate set of registry entries to do what it does. I can't think of any way to use registry keys other than those that are defined by the program itself, so my guess would be that it makes the registry changes on the fly, then reverts them when the program (IE) is closed, possibly by the use of .reg files that are merged into the registry when needed (one file to make the changes, another to revert back). This theory is why I wonder if the changes can be ported.

gilbert_miole
gilbert_miole

Does it affect the memory usage when this IEController will be installed?

OdeonIT
OdeonIT

The accounting firm I work for has plenty of accounting-specific software packages that we were afraid IE7 would break as well, but we've found no issues for those that installed it as an Automatic Update, so we rolled it out to the entire firm. We've had zero issues since that time and a few computers are now running IE8 (including mine, obviously). Again, no problems so far, but there are far fewer IE8 computers acting as guinea pigs than there were IE7 computers, so there may still be issues we haven't encountered. Since we are migrating to Win7 in a few months, we're not going to risk any problems with our existing XP boxes, but we felt it was in our company's best interest to drop XP's standard IE6 install due to its known security issues. I'm surprised to find that any modern application has issues with IE7 and XP, but I'm not familiar with EMC7 or the company that produces it, so I suppose it's always possible that they've decided to drop support for XP.

Who Am I Really
Who Am I Really

yes MS did do back ports of IE7 & IE8 for XP however, a bunch of changes are made to the OS which can break programs that would normally function on XP take EMC7 for instance, EMC7 gets toasted by IE7 EMC7 doesn't run on vista but runs on XP until IE7 is installed then it's broken IE7 & up & WinMP11 breaks all the production software on my XP systems

gmichaels
gmichaels

Actually, IE7 & IE8 can run on Win XP -- I occasionally use IE7 when I have to, instead of Mozilla. I had IE8 installed after it first was released, but its memory usage went up substantially, so I reverted back to IE7. I wouldn't dare touch IE9 when it is released later this year.

Editor's Picks