Firefox is one of the most popular web browser for Windows and other platforms. This makes it a large target for malware and cybercrime. We will focus on securing Firefox, and will significantly increase the browser’s security through add-ins and special hardening settings. We are avoiding earlier versions of Firefox and recommend users to upgrade to the latest version of Firefox. We also recommend running under Windows 7, 8 or 10, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Firefox includes the following security oriented features:

• Instant Web ID
• Do not Track
• Private Browsing
• Clear Recent History
• Customized Security Setting

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Before you make any changes to your system, always back it up.

Firefox Add-ons to UNINSTALL

Software that enhances Firefox can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Firefox to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Firefox through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

• Adobe Reader or Adobe Acrobat – This is a major source of internet threats, so consider using an alternative PDF reader such as Foxit Reader, or PDF-XChange.
• Flash Player – This animation enhancement plug-in is widely used but full of security holes, leading to many updates. If you need Flash, you will have to update it constantly.
• Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
• Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
• Silverlight – We recommend removing it from your system unless you really need it. This software is another possible time bomb waiting for exploitation.

Hardening Firefox’s Settings

Firefox can be secured even more with several key changes to the browser’s settings.  We have selected all the Critical settings for Firefox.

1. Prevent Firefox from saving passwords

Firefox can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

1. Launch Firefox
2. Click on the Tools Menu
3. Select Options
4. Select Security Tab
5. Make sure Remember password for sites and Use master password are not checked
6. Click Saved Passwords
7. Click Remove All to remove saved passwords

2. Mark Valuable Data Inaccessible to Firefox

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Firefox. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

1. Press Start menu
   
2. Go to All Programs
3. Go to Accessories
4. Right-Click on Command Prompt
5. Select Run as Administrator
6. Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
7. Press Enter to Execute the Command
8. Type Exit to end the Command Prompt

3. Allow Firefox to update itself

Firefox automatically tries to update itself, which is a good thing, but it asks whether it is ok to install a newer version. Be sure allow Firefox to update itself tot he latest version available, so that you have all the latest security fixes.

4. Prevent Firefox from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They were first supported in Firefox 4. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem.

Helpful Firefox Add-ins

NoScript – Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting. Make Sure you go into the Options – Whitelist – And remove all sites from it, so you start from scratch without trusting anyone.

HTTPS Everywhere – Automatically makes Firefox try to use https secure connections whenever available.

Simple URL Extender – Replaces short URLs with the originals so you can see where links actually link to. Essential for Twitter.

URLs List – Shows the URLs of all the tabs of a webpage.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

Cocoon – All-in-one plugin that tunnels your traffic through a SSL-encrypted proxy for privacy and security.

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Firefox already includes the SmartScreen Filter that detects dangerous websites and warns you. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Firefox to secure your browsing.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Firefox from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Firefox Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Firefox, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins.

Secure Web Browsing with HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Firefox settings, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Google Chrome is one of the most popular web browser for Windows, Mac, and Linux. This makes it a large target for malware and cybercrime. We will focus on securing Google Chrome, and will significantly increase the browser’s security through add-ins and special hardening settings. We also recommend running under Windows 10 or Windows 7, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

The #1 Tip for Chrome Security

Keep it updated.  Google fixes bugs quickly and updates an internal Flash plug regularly. When you start Chrome, you should select from the Chrome menu – Settings – About – If it shows a newer version, download it and relaunch before doing ANY browsing.

Why Chrome?

Chrome is a much newer browser than Firefox or Internet Explorer.  It is not saddled with all the baggage of IE, where a change needs to be regression tested with many parts of Windows.  Firefox has been around for a while and is also slowed down with lots of historical code.

A recent security test from Accuvant Labs found Chrome more secure, primarily due to its Sandbox technology.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Google Chrome includes the following security oriented features:

• Safe Browsing
• Sandboxing
• Auto-updates
• Built in PDF viewer
• Built in Adobe Flash – Kept up to date by Chrome

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Before you make any changes to your system, always back it up.

Google Chrome Add-ons

Software that enhances Google Chrome can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Google Chrome to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Google Chrome through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

• Adobe Flash is built in to Chrome. A pdf viewer is also built in. We recommend Disabling it
  • Type the following where you would normally type a URL:
    chrome://plugins
  • Locate the Flash Player in the list of plug-ins. You may see more than one Flash Player listed.
  • Select Disable for each Flash Player listed
• Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
• Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
• Silverlight – Is disable by default on newer version of Chrome.  We recommend removing it from your system unless you really need it.
  • Type the following where you would normally type a URL:
    chrome://plugins
  • Locate the Silverlight in the list of plug-ins.
  • Select Disable for each one listed

Hardening Google Chrome’s Settings

Google Chrome can be secured even more with several key changes to the browser’s settings. We have selected all the Critical settings for Google Chrome.

1. Prevent Google Chrome from saving passwords

Google Chrome can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

1. Launch Google Chrome
2. Click on the Dashes Icon on the far right
3. Select Options
4. Select Personal Stuff on the left hand column
5. Make sure Never save password is checked
6. Click Manage Saved Passwords
7. Click and remove all saved passwords

2. Mark Valuable Data Inaccessible to Google Chrome

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Google Chrome. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

1. Press Start menu
   
2. Go to All Programs
3. Go to Accessories
4. Right-Click on Command Prompt
5. Select Run as Administrator
6. Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
7. Press Enter to Execute the Command
8. Type Exit to end the Command Prompt

3. Allow Google Chrome to update itself

Google Chrome automatically tries to update itself, which is a good thing, but if it asks whether it is ok to restart the browser to use the new version, be sure to say yes right away.

4. Google Chrome secure website warnings

Google Chrome displays warning icons when you visit a website that has possibly dangerous information on it. Look for the following icons right next to the https:// in the browser.

The site uses SSL, but Google Chrome has detected insecure content on the page. Be careful if you’re entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page.

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

5. Sandbox Google Chrome plugins

Google Chrome has an option to for plugins to be run in a safe sandbox. Make the following change to enable this feature. Note: Files and folders marked with the everyone permission, will only be accessible.

1. Press Start menu
   
2. Right click on Google Chrome
3. Select Properties
4. Add the following text to the Target field, right after “chrome.exe ” –safe-plugins. Make sure there is a space after .exe.
   
5. Click OK

6. Prevent Chrome from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They are supported in the latest Chrome. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem by adding the following when launching Chrome:

--disable-accelerated-compositing

7. Enable Server Certificate Revocation Checking

Note: This was removed in later versions of Chrome

Most browsers do not have a setting enabled by default to check Security certificates to see if they have been revoked. It is important to do this, otherwise you could be access a sign with a stolen certificate and it appears to work fine.

1. Click on the Dashes Icon on the far right
2. Select Settings
3. Select Show advanced Settings.. at the bottom
4. Scroll down to HTTPS/SSL and Check Check for server certificate revocation

8. Check for Compromised Digital Certificates

The NSA has a PDF that describes a way to help Windows defend against Compromised Certificates.

You can also run the RCC program to check for untrusted root certificates.

Helpful Google Chrome Add-ins

Docs PDF/PowerPoint Viewer – Automatically previews pdfs, powerpoint presentations, and other documents in Google Docs Viewer. No need to download pdf files to your computer and potentially have a bug in Acrobat cause a security problem.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

ScriptNo – A ‘NoScript-like’ extension for a safer and faster Chrome. Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting.

KB SSL Enforcer – Automatic security, browse encrypted using HTTPS secure connections whenever possible, automatically.

Flashblock – Blocks Flash so it won’t get in your way

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Google Chrome can warn you if it detects that the site you’re trying to visit is suspected of phishing or containing malware. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Google Chrome to secure your browsing.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Google Chrome from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Google Chrome Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Norton ConnectSafe for Home – Similar to Google DNS, but includes options to filter porn or be family friendly.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. You can manually install Google Chrome. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins. You can manually install Google Chrome.

Secure Web Browsing with HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Google Chrome settings and adding add-ons, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Internet Explorer remains the most popular web browser for Windows. This makes it a large target for malware and cybercrime. We will focus on securing Internet Explorer 9, and will significantly increase the browser’s security through add-ins and special hardening settings. We are avoiding earlier versions of Internet Explorer and recommend users to upgrade to Internet Explorer 9. It requires Windows Vista or Windows 7 to operate, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

Enhanced Mitigation Experience Toolkit (EMET)

Internet Explorer users should definitely install Microsoft’s free Enhanced Mitigation Experience Toolkit. It helps beefup IE’s security. It even prevented the major Zero Day IE vulnerability of April 2014.

Windows 8 and Internet Explorer 10

In 2012 is a new version of Windows and a new Internet Explorer promising tighter security. ForceASLR will be added, making more applications use the randomization code protection of ASLR. High Entropy ASLR will be added to take advantage of the larger memory address space of 64-bit Windows 8 PCs.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping. Internet Explorer has seen so many bugs over the years, that even with all our suggestions, security conscious people might want to run Firefox or Chrome instead.

Internet Explorer 9 includes the following security oriented features:

• ActiveX Filtering
• Domain highlighting
• SmartScreen Filter
• Cross site scripting (XSS) filter
• A 128-bit Secure Sockets Layer (SSL)
• Tracking Protection
• InPrivate Browsing

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Before you make any changes to your system, always back it up.

Internet Explorer Add-ons to UNINSTALL

Software that enhances Internet Explorer can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Internet Explorer through its removal.

• Adobe Reader or Adobe Acrobat – This is a major source of internet threats, so consider using an alternative PDF reader such as Foxit Reader, or PDF-XChange.
• Flash Player – This animation enhancement plug-in is widely used but full of security holes, leading to many updates. If you need Flash, you will have to update it constantly.
• Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
• Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
• Silverlight – We recommend removing it from your system unless you really need it. This software is another possible time bomb waiting for exploitation.

Hardening Internet Explorer 9’s Settings

Internet Explorer 9 can be secured even more with several key changes to the browser’s settings. Many of these settings were recommended by Microsoft’s Business Oriented Security Compliance Manager Security Guide for Internet Explorer 9. We have selected all the Critical settings for Internet Explorer 9.

1. Selectively Enable ActiveX to increase security

ActiveX is a technology that allows webpages to be more powerful. Because ActiveX code is downloaded from the website you are visiting, it could be crafted to produce security risks such as malware. Our goal is to only use ActiveX when visiting known safe Internet websites.

1. Launch Internet Explorer 9
2. Click on the Gear Icon in the upper right hand corner
3. Select Safety
4. Select ActiveX Filtering

When you visit a website that has ActiveX support, a Light Blue circle with a line through it will appear. Click on this icon to enable ActiveX for this particular site. You need to do this once per website.

2. Enable Protected Mode for Intranet and Trusted Site Zones

Protected Mode is usually enabled for Internet Zone, we can enable it for the two other zones for which Protected Mode comes disabled to increase security further.

1. Launch Internet Explorer 9
2. Click on the Tools Menu
3. Select Internet Options
4. Click on Security tab
5. Click on Local intranet
6. Check “Enable Protected Mode“
7. Repeat Step 6 after Clicking on “Trusted Sites“

3. Mark Valuable Data Inaccessible to Internet Explorer

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Internet Explorer. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

1. Press Start menu
   
2. Go to All Programs
3. Go to Accessories
4. Right-Click on Command Prompt
5. Select Run as Administrator
6. Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
7. Press Enter to Execute the Command
8. Type Exit to end the Command Prompt

4. Set Internet Explorer 9 to High Security

US-CERT recommends the High security setting be applied for the Internet Zone. (Default is Medium-High security) High security will cause several features including ActiveX, Active Scripting, and Java to be disabled. With these features disabled, the browser will be much more secure but many websites may not load correctly,  forcing you to tediously add them to the Trusted Zone list so they load properly. Many folks may not want to perform this step.

1. Launch Internet Explorer 9
2. Click on the Tools Menu
3. Select Internet Options
4. Click on Security tab
5. Click on Internet
6. Select High for Security level for this zone
7. Check “Enable Protected Mode“

5. Internet Explorer 9 security settings

These settings are not available to Vista Home or Windows 7 Home.

If you are running Windows Vista Pro or Ultimate or Windows 7 Pro or Ultimate do the following:

1. Hit Windows key and the letter R
2. Type “gpedit.msc” into the Box, Hit OK
3. If User Account Control is enabled, Hit Yes

Now that Group Policy Editor is open, we will make several changes to increase the security of Internet Explorer 9.

Disable AutoComplete for forms – It is possible that this feature will cache sensitive data.

1. Navigate to “User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable AutoComplete for forms”
2. Check Enabled and Press OK

Disable Save this program to disk option – Users could download and execute hostile code from Web sites.

1. Navigate to “User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Save this program to disk option”
2. Check Enabled and Press OK

Disable changing certificate settings – Users could import new certificates, remove approved certificates, or change settings for previously configured ones.

1. Navigate to “User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing certificate settings”
2. Check Enabled and Press OK

Prevent users from bypassing SmartScreen  – Reduces risk of malware infection via visiting malicious websites.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent users from bypassing SmartScreen Filter’s application reputation warnings about files that are not commonly downloaded from the Internet”
2. Check Enabled and Press OK

Only use the ActiveX Installer Service for installation of ActiveX Controls  – The standard installation process is less secure than using the ActiveX Installer Service.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Only use the ActiveX Installer Service for installation of ActiveX Controls”
2. Check Enabled and Press OK

Prevent Bypassing SmartScreen Filter Warnings  – The user can ignore a SmartScreen Filter warning and navigate to a site determined to be unsafe.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Bypassing SmartScreen Filter Warnings”
2. Check Enabled and Press OK

Turn off Managing SmartScreen Filter for Internet Explorer 9 – Reduces risk of malware infection via visiting malicious websites.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing SmartScreen Filter for Internet Explorer 9”
2. Check Enabled and Press OK

Java permissions – Java applications could contain malicious code.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions”
2. Check Enabled and Press OK
3. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions“
4. Check Enabled and Press OK

Turn on ActiveX Filtering – Without ActiveX Filtering you cannot make an informed decision about every ActiveX control you run.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX Filtering”
2. Check Enabled and Press OK

Security Zones: Do not allow users to change policies – Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to change policies”
2. Check Enabled and Press OK

Security Zones: Do not allow users to add/delete sites – Users will be able to add or remove sites from the Trusted Sites and Restricted Sites zones at will and change settings in the Local Intranet zone.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to add/delete sites”
2. Check Enabled and Press OK

Security Zones: Use only machine settings – Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Use only machine settings”
2. Check Enabled and Press OK

Turn off Crash Detection – A crash report might contain sensitive information from the computer’s memory.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Crash Detection”
2. Check Enabled and Press OK

Turn off Encryption Support – The allowed encryption protocols determines the possible encryption types that can be used.

1. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off Encryption Support”
2. Check Enabled and Press OK

Helpful Internet Explorer 9 Add-ins

Web of Trust (WOT) for Internet Explorer – Displays a simple gauge showing the website’s danger levels.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

Phising Toolbars – Internet Explorer 9 already includes the SmartScreen Filter that detects dangerous websites and warns you. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Internet Explorer from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Internet Explorer 9 Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Norton ConnectSafe for Home – Similar to Google DNS, but includes options to filter porn or be family friendly.

Dyn Internet Guide – Free Web content filtering.

Internet Explorer Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image.  Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.

If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:

ide0:0.mode = “independent-nonpersistent”

Secure Web Browsing with HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Internet Explorer 9 settings, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.