How to Configure Enhanced Security Features for Internet Explorer from Windows XP SP2

Introduction
Before You Begin
Using the Information Bar
Using the File Download Dialog Box
Managing Browser Add-ons
Configuring Pop-up Blocking
Related Information

This document explains how to configure the enhanced security features of Internet Explorer from Microsoft Windows XP Professional Service Pack 2 (SP2) in a small business or for a standalone computer.

The improvements in Microsoft Internet Explorer for Windows XP SP2 can help to:

• Prevent pop-ups when you browse the Web.

• Provide better protection from potentially harmful downloads.

• Assist you to find and control Internet Explorer add-ons.

• Offer stronger security for your PC with built-in security enhancements.

The default settings for Internet Explorer from Windows XP SP2 help to secure your computer. If the default settings do not meet your browsing needs you can use the guidance in this document to configure alternative settings. These allow you to browse the Web efficiently while still helping to improve your browser experience. For example, you might need to adjust pop-up blocker settings if you regularly use a Web mail site that uses pop-ups to display your inbox.

To configure Windows XP SP2 enhanced security features of Internet Explorer this document focuses on how to:

• Use the Information Bar

• Use the File Download prompt

• Manage Browser add-ons

• Configure Pop-up Blocker

  Note: The instructions in this document use the Start menu that appears by default when you install your operating system. If you have modified your Start menu, the steps might differ slightly.

This document provides guidance for configuring the enhanced security features of Internet Explorer from Windows XP SP2.

For more information about the definitions of security-related terms, see the following:

• "Microsoft Security Glossary" on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=35468

Internet Explorer in Windows XP SP2 displays an Information Bar (just below the address bar) where you can see information about downloads, blocked pop-up windows, potential security risks, and other actions. This information helps you to prevent the installation of potentially malicious content or files you might otherwise accept from the Internet. The Information Bar doesn't clutter up your browser when you don't need it. It only appears when there's information to communicate.

Note: This section only addresses the Information Bar. More information on the Pop-up blocker is included in the section headed Configuring Pop-up Blocking below.

Information Bar notifications include:

• Blocked Microsoft ActiveX installs

• Blocked pop-ups

• Blocked downloads

• Blocked active content

  

Figure 1   Information Bar

The Information Bar informs you about blocked content. The text in the Information Bar varies, based on the notification that is provided. For more information about the notification, click the Information Bar. When the menu bar appears, click Information Bar Help.

Figure 2   Information Bar menu when content is blocked

Figure 3   Information Bar menu when a pop-up is blocked

You select an appropriate menu option if you require the blocked information to display.

WARNING: Before you unblock content or pop-ups, consider the following items:

• Heed any warnings. When a Web site attempts to run blocked content on your computer, Internet Explorer displays the Information Bar.

  • Use the Information Bar Help menu item to understand why the Information Bar appeared.

  • Make sure you trust the Web sites you visit.

  • Make sure the content is something you request or expect.

There is also a custom Web content zone setting for the Information Bar that enables you to change the settings of the Information Bar by Web content zone.

Note: For information on Web content zones, see the following:
Microsoft Knowledge Base article 174360 on the Microsoft Help and Support Web site at https://go.microsoft.com/fwlink/?linkid=35997

To change the Information Bar settings you must use these procedures:

• Turn off the Information Bar for blocked pop-up messages

• Turn off the Information Bar for file and software downloads from the Internet

• Credentials: You must be logged on as a member of the local Users group and open Internet Explorer.

  Note: If this computer is a client in a Domain managed by Group Policy some or all of these features and settings may not be available.

To turn off the Information Bar for blocked pop-up messages

1. On the Internet Explorer Tools menu, point to Pop-up Blocker, and then click Pop-up Blocker Settings.

2. Clear the Show Information Bar when a pop-up is blocked check box.   

   

   Figure 4   Pop-up Blocker Settings dialog box

3. Click Close.

To turn off the Information Bar for file and software downloads

1. In Internet Explorer, click Tools and then click Internet Options.

2. Click the Security tab, ensure that Internet zone is selected, and then click Custom Level.   

   

   Figure 5   Security settings for ActiveX controls

3. Do one or both of the following:

   • To turn off the Information Bar for ActiveX controls, in the ActiveX controls and plug-ins section of the list, under Automatic prompting for ActiveX controls, click Enable.

   • To turn off the Information Bar for file downloads, in the Downloads section of the list, under Automatic prompting for file downloads, click Enable.

     Note: This procedure allows Web sites to automatically prompt you when you download files and software (bypassing the Information Bar).

     

     Figure 6   Security settings for file downloads

4. Click OK.

   

   Figure 7   Warning for file downloads

5. In the Warning dialog box, click Yes.

6. To close Internet Options, click OK.

To verify Information Bar settings are applied

1. From the Windows XP desktop, click Start and then click Control Panel.

2. Under Pick a category, click Security Center.

3. Under Manage security settings for, click Internet Options.

4. Click the Privacy tab.

5. In the Pop-up Blocker area, click Settings and verify that the desired configuration for the Information Bar in the Notifications and Filter Level area is applied.

6. Click Close and then click the Security tab.

7. Ensure that the Internet zone is selected and then click Custom Level.

8. Verify that the desired configuration for the Information Bar settings is applied and then click OK.

9. Click OK to close Internet Properties then close Windows Security Center.

When downloading a file after installing Windows XP SP2, a dialog box appears that includes the following information:

• An alert icon on the bottom of the dialog box that represents the risk level

• An information area on the bottom of the dialog box that provides information about the downloaded file type

  

  Figure 8 File Download dialog box

This dialog box asks the question "Do you want to run or save this file?" and prompts you to choose either Run, Save, or Cancel. If you choose Run, a second File Download-Security Warning dialog box appears.

Figure 9 File Download-Security Warning dialog box

Internet Explorer checks for information on the organization that created the file, which is called the publisher. The dialog box displays this information so you can choose whether to download or run the file. You can choose to always run files from this publisher, never run files from this publisher, or be prompted each time.

Note: For more information on a verified publisher you can click the publishers name on the file download dialog box. The file download dialog box also has a link called How can I decide what software to run? Use this link to provide more information on whether or not to run this program.

If Internet Explorer cannot verify the publisher, a dialog box appears to let you know the program file is high risk. From the high risk box, you can only click either Run or Don't Run.

Warning: Before you download or run a file, consider the following items:

• Heed any warnings. When a Web site attempts to download a file to your computer, Internet Explorer displays a message about saving, running, or installing the file. If the message contains a yellow caution icon, then the file has been identified as one that could pose a risk.

  • Make sure the message shows the file source (publisher name). If Internet Explorer cannot identify the publisher, it is safer to delete the file unless you know who created it.)

  • Make sure you trust the Web site that offers the file.

  • Make sure the file is something you request or expect.

• Consider the content. By default Windows hides extensions for well known file types.  Several viruses have used this as an exploit. You should be cautious with any file type.

Web browser add-ons such as extra toolbars, animated mouse pointers, and stock tickers provide added functionality to Internet Explorer.  

Microsoft research has shown that while add-ons can improve your browsing experience, they can:

• Significantly affect the reliability of Internet Explorer

• Pose a security risk, because they might contain malicious programs

Many add-ons come from the Internet. Most require that you give your permission before they are downloaded to your computer. Some add-ons, however, might be downloaded without your knowledge.

WARNING: Many add-ons gather personal information. Be sure to read any privacy statements from the Web site that provides the add-on before you permit the Web site to download the add-on to your computer

Internet Explorer in Windows XP SP2 allows you to use Internet Explorer Add-on Management to manage an add-on. Typically this involves:

• Update the add-on. If the add-on is a Microsoft ActiveX component, you can update it to a newer version, if one is available.

• Disable the add-on. If an add-on causes repeated problems, disable the add-on.

• Report the add-on. Report the problem to Microsoft when the error reporting dialog box appears. This is completely anonymous and requires nothing from you but your permission. These reports are used to improve products and to encourage other companies to update and improve theirs.

You can enable and disable each add-on individually and view information about how often the add-ons have been used by Internet Explorer.

To manage browser add-ons in Internet Explorer, use these procedures:

• Open Add-on Management

• Use Add-on Management to disable an add-on

• Use Add on Management to enable an add-on

• Use Add-on Management to update an add-on

• Unblock a signed add-on whose publisher is untrusted

• Credentials: You must be logged on as a member of the local Users group.

Note: If Internet Explorer is already open, you can open Add-on Management. To do this, click Tools, click Internet Options, and then skip to step 4 below.

To open Add-on Management

1. Click Start, and then click Control Panel.

2. On the Pick a category page, click Network and Internet Connections.

3. Under or Pick a Control Panel icon, click Internet Options.

   

   Figure 10   Internet Properties

4. In the Internet Properties dialog box, click the Programs tab.

   

   Figure 11   Programs tab

   Note: Figure 11 displays the default Internet programs list. The list on your computer might be different.

5. On the Programs tab, click Manage Add-ons.

   

   Figure 12   Manage Add-ons

6. Click the Show drop-down list to control the way in which add-ons are listed. Select either:

   Add-ons currently loaded in Internet Explorer to list add-ons that are currently loaded into memory or are blocked from being loaded into memory.

   Add-ons that have been used by Internet Explorer to list all add-ons that are installed on your computer.

   Note: If you only have one add-on loaded, you will only be able to display Add-ons that have been used by Internet Explorer.

7. Click OK.

To use Add-on Management to disable an add-on

1. Click Manage Add-ons.

2. Select the add-on you wish to disable and then click Disable.   

   

   Figure 13   Add-on Status

3. In the Add-on Status dialog box, click OK.

4. Click OK to close Manage Add-ons.

Note: All add-ons are enabled by default, until the user chooses to disable them.

WARNING: Many add-ons gather personal information. Be sure to read privacy statements from Web sites that provide the add-ons before you enable them.

To use Add-on Management to enable an add-on

1. Click Manage Add-ons.

2. Select the add-on you wish to enable and then click Enable.

3. In the Add-on Status box, click OK.

4. Click OK to close Manage Add-ons.

To use Add-on Management to update an add-on

1. Click Manage Add-ons.

2. Select the add-on you wish to update and then click Update ActiveX.

3. Follow the prompts to update the ActiveX control if an update is available.

4. Click OK to close Manage Add-ons.

A signed add-on contains a digital signature. A digital signature is data that binds a sender's identity to the information that is sent.

A Blocked Add-on icon similar to the one below appears in the status bar when a Web page attempts to use an ActiveX control that is disabled or blocked because its publisher is not trusted.

Figure 14   Blocked Add-on icon

Note: You can double-click this icon to open Manage Add-ons

To use Add-on Management to unblock a signed add-on whose publisher is untrusted

1. Click Manage Add-ons.

2. To unblock a signed add-on, click on the add-on and then click Allow.

   Note: Use caution when you unblock a signed add-on. When you click Allow the sender's identity is removed from the untrusted list.

3. Click OK to close Manage Add-ons and then click OK to close Internet Properties.

   Note:  A Blocked Add-on icon appears in the status bar when a Web page attempts to use an ActiveX control that is disabled or blocked because its publisher is untrusted. You can either use the above procedure, or double click the icon to open Manage Add-ons.

To verify browser Add-on settings are applied

1. From the Windows XP desktop, click Start and then click Control Panel.

2. Under Pick a category, click Security Center.

3. Under Manage security settings for, click Internet Options.

4. Click the Program tab, then click Manage Add-ons and verify that the desired configuration for the Add-ons is applied to Internet Explorer on the computer.

5. Click OK to close Manage Add-ons, then click OK to close Internet Properties.

In Internet Explorer after the installation of Windows XP SP2, the Pop-up Blocker is enabled by default. It prevents unwanted pop-up windows.

If you have disabled it, you can enable Pop-up Blocker by three different methods:

• Prompt at first occurrence. A dialog box appears and asks you to enable Pop-up Blocker.

• Use the Pop-Up Blocker item from the Internet Explorer Tools menu.

• Use the Privacy tab in Internet Options from the Security Center category of Control Panel.

If a Web site opens a pop-up window that is blocked by Internet Explorer, a notification appears in the status bar at the bottom of the screen. If you click the notification in the status bar, you see the following menu:

Figure 15    Pop-up menu

The menu options are:

• Temporarily Allow Pop-ups. This option displays the pop-up window, this time unblocked.

• Always Allow Pop-up Windows from This Site. This option adds the current site to an Allowed sites list.

• Turn Off Pop-up Blocker. This option turns the Pop-up Blocker off for your computer.

• Pop-up Blocker Settings. This option opens the Pop-up Blocker Settings window.

• Credentials: You must log on as a member of the local Users group and open Internet Explorer.

Note: If Internet Explorer is not already open, you can open the Pop-up Blocker settings by clicking Start, clicking Control Panel, clicking Security Center, clicking Internet Options, clicking Privacy, in the Pop-up Blocker area clicking Settings and then skipping to step 2 below.

To configure Pop-up Blocking

1. In Internet Explorer, on the Tools menu, point to Pop-up Blocker, and then click Pop-up Blocker Settings.

   Note: If you have previously used the Turn Off Pop-up Blocker option, you will need to use the Turn On Pop-up Blocker option from either the Internet Explorer, Tools, Pop-up Blocker menu item, or the Privacy tab in Internet Options from Security Center before you can complete this procedure.

   

   Figure 16   Pop-up Blocker Settings on Tools Menu

2. In the Notification and Filter Level area, choose the check boxes that enable the way that you are notified when a Pop-up is blocked.

3. Under Filter Level chose the setting for the way that you wish to implement Pop-up blocking.

4. In the Exceptions area, type the address of the Web site that you wish to allow Pop-ups from and then click Add.

5. Repeat step 4 for all the Web sites that you wish to allow Pop-ups from.

   Warning: Adding Web sites to this list might increase the vulnerability of your computer. Only add Web sites that you must receive pop-ups from.

6. Click Close and then close Internet Explorer.

To verify Pop-up Blocker settings are applied

1. From the Windows XP desktop, click Start and then click Control Panel.

2. Under Pick a category, click Security Center.

3. Under Manage security settings for, click Internet Options.

4. Click the Privacy tab and in the Pop-up Blocker area verify that the desired configuration for the Pop-up Blocker is applied to Internet Explorer on the computer.

5. In the Pop-up Blocker area, click Settings and verify that the desired configuration for Exceptions and Notifications and Filter Level areas is applied.

6. Click Close and then click OK to close Internet Properties.

For more information about Windows XP SP2 Internet Explorer safety, see the following:

• "How to troubleshoot problems accessing secure Web pages with Internet Explorer 6 Service Pack" on the Microsoft Web site at https://go.microsoft.com/fwlink/?linkid=35490

• "Changes to Functionality in Microsoft Windows XP Service Pack 2. Part 5: Enhanced Browsing Security" on the Microsoft TechNet Web site at https://go.microsoft.com/fwlink/?linkid=35491

• "Control Internet Explorer Add-ons with Add-on Manager" on the Microsoft Windows XP Web site at https://go.microsoft.com/fwlink/?linkid=35492

For more information about Windows XP SP2 security, see the following:

• "Windows XP Security Guide, updated for Service Pack 2" on the Microsoft Download Center Web site at https://go.microsoft.com/fwlink/?linkid=35309

• "Windows XP Security Guide. Appendix A: Additional Guidance for Windows XP Service Pack 2" on the Microsoft TechNet Web site at https://go.microsoft.com/fwlink/?linkid=35465

• "Windows XP Service Pack 2: What's New for Internet Explorer and Outlook Express" on the Microsoft Windows XP Web site at https://go.microsoft.com/fwlink/?linkid=35493

For definitions of security-related terms, see the following:

• "Microsoft Security Glossary" on the Microsoft Web site at https://go.microsoft.com/fwlink/?linkid=35468