By Mike Mullins
The IT industry has witnessed a rash of Internet Explorer (IE) exploits and fixes released in the last several months. In fact, just last week Microsoft released a special security bulletin for three critical IE flaws.
And with the recent release of Metasploit Framework 2.0, a collection of tools for developing and testing exploit code, it seems that malicious hacking is about to reach an all-time high. Even the U.S. Computer Emergency Readiness Team (US-CERT) recommends using a different browser.
More important than using a different browser, how do you disable or remove Internet Explorer? If you're running Windows 2000 or XP, there's good news and bad news.
The bad news is that you can't remove IE without crippling your operating system. However, the good news is that you can disable IE for your users and move to a different browser.
Two methods for disabling IE
Several simple, popular methods exist to disable IE. The easiest way to remove users' ability to browse with IE is to add a bogus proxy server to IE's Internet Settings.
Follow these steps:
You can also restrict Internet settings via Group Policy. Follow these steps:
Remember that Enabled sets a restriction, Disabled prevents a restriction from applying to a group of users (even if you enable it for a broader category of users), and Not Configured doesn't set the restriction.
Please note that adding a bogus proxy server to your Internet settings won't affect Automatic Windows Update from connecting and updating your operating system.
Before you take any of these steps, download another browser, and test it on your current configuration. I highly recommend Mozilla's Firefox. After you install a new browser, answer Yes when it asks whether to make it your default browser.
No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object (a file loaded with Internet Explorer) are all an attacker needs to control your system and steal your data. Microsoft designed IE for functionality—not security. And antivirus software can't defend your network against IE exploits.
Windows security isn't about eliminating security holes; it's about managing risk and user functionality. All operating systems have vulnerabilities, but Windows' popularity makes it the target of choice for most black hats.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.