Learn two ways to disable Internet Explorer

Internet Explorer's laundry list of vulnerabilities and Firefox's growing popularity have made many users consider their browser alternatives. If you've had enough of dealing with IE's security flaws and decided to make a switch, learn two ways you can disable IE for your users.

Microsoft's Internet Explorer (IE) has long been a favorite target of hackers, and the frequent discovery of vulnerabilities over the years has only offered more incentive. In fact, Microsoft is currently researching a new, unpatched flaw that could put users at risk of a cyberattack.

In addition, the growing popularity of the Firefox browser has offered computer users a browser alternative—one that millions of users have opted to try. While not immune to its own security issues, the default installation of Firefox is rather secure, and it doesn't support ActiveX controls, a common culprit of security issues.

So if you've had enough of dealing with IE's security flaws, how do you disable or remove Internet Explorer? If you're running Windows 2000 or XP, there's good news and bad news.

The bad news is that you can't remove IE without crippling your operating system. However, the good news is that you can disable IE for your users and move to a different browser.

Several simple, popular methods exist to disable IE. The easiest way to remove users' ability to browse with IE is to add a bogus proxy server to IE's Internet Settings.

Follow these steps:

  1. In IE, go to Tools | Internet Options.
  2. On the Connections tab, click the LAN Settings button.
  3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
  4. Enter in the Address text box.
  5. Enter 80 in the Port text box, and click OK.

Please note that adding a bogus proxy server to your Internet settings won't affect Automatic Windows Update from connecting and updating your operating system.

You can also restrict Internet settings via Group Policy. Follow these steps:

  1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
  2. On the Group Policy tab, click Edit.
  3. Expand User Configuration to set restrictions on a per-user basis.
  4. Expand Windows Settings, and expand Internet Explorer Maintenance.
  5. Select Connection, and double-click Proxy Settings.
  6. Select the Enable Proxy Settings check box, add to the HTTP entry, and click OK.
  7. Expand Administrative Templates, and expand Windows Components.
  8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
  9. Select Enabled, and click OK.

Remember that Enabled sets a restriction, Disabled prevents a restriction from applying to a group of users (even if you enable it for a broader category of users), and Not Configured doesn't set the restriction.

Before you take any of these steps, download another browser, and test it on your current configuration. I highly recommend Mozilla's Firefox. After you install a new browser, answer Yes when it asks whether to make it your default browser.

Final thoughts

No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object (a file loaded with Internet Explorer) are all an attacker needs to control your system and steal your data. Microsoft designed IE for functionality—not security. And antivirus software can't defend your network against IE exploits.

Windows security isn't about eliminating security holes—it's about managing risk and user functionality. All operating systems have vulnerabilities, but Windows' popularity makes it the target of choice for most black hats.

Miss a column?

Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.