In his Report ‘Why is Internet Explorer security such a challenge?‘ Stephen Bigelow talks about Internet Explorer (IE) security and attack trends. In section ‘Tips to minimize the risk’ he introduces the standard mitigation measures.

In addition, IE 11 and Windows 8 provide security functions which can be activated or adjusted to make Internet use less risky:

1. Set User Account Control (UAC) to ‘Always notify me’

With UAC set to ‘Always notify me’ you will be notified if malicious code which is executed in Internet Explorer tries to install software or tries to make changes to your computer.

2. Activate SmartScreen Filtering to reduce the risk of phishing attacks

SmartScreen Filtering was introduced with IE8 and was integrated in the OS with Windows 8. SmartScreen Filtering checks web sites and files, after you clicked on the link, against a list of harmful sites and blocks downloads from these sites.

If the SmartScreen Filter blocks a malicious site you will get an error message like

SmartScreen Filter Error Message

To activate SmartScreen Filtering check Enable SmartScreen Filter in the IE Advanced Security Options.

3. Activate Enhanced Protection Mode (EPM) in the Internet Explorer Advanced Security Options

With EPM activated IE runs in an AppContainer at low integrity level. Write access to resources at medium or high integrity level, e.g. Windows system resources, is blocked.

4. Try to work without administrative rights

From my point of view this is the most important advice at all. Without administrative privileges it is very unlikely that malicious code executed by Internet Explorer could attack the operating system because this is blocked by the User Account Control (UAC) in Windows.

Even if you activate only SmartScreen Filtering and EPM, Internet use will become less risky.

Moon over Wangalm, Austria. 47°22’54.1″N 11°06’35.4″E

Have a nice weekend.