Securing Internet Explorer:

From the August 2005 Issue

For several months now, there has been a steady drumbeat to switch from using Internet Explorer to Firefox, Netscape, Mozilla or some other browser because supposedly they are more secure and have less vulnerability. Just in the last month, however, several of these alternative browsers have also had their share of vulnerabilities discovered and publicized in the media. Is any browser safe? Probably not!

Can you reduce your exposure? Yes, you can! In this article, you will discover how to secure Internet Explorer to reduce the exposure and eliminate the risks from spyware, viruses, Trojan horses and malware. This article will provide a way to stop these unwanted pests by using the functionality already built into Internet Explorer.

“Why is this important to accountants,” you might ask? Aside from the fact that the alternative browsers are not compatible with several applications used in accounting firms such as QuickBooks, accountants have a duty as prescribed by several laws and our ethics code to protect client data from disclosure to third parties not authorized to view such data. Spyware, Trojan Horses and other items infecting our computers can and do expose client data to non-authorized individuals who should not have such information. HIPPA; Graham, Leach, Bailey; and Sarbanes-Oxley put restrictions on disclosures of information.

The AICPA has also said in its Ethics interpretations that failure to protect confidential client information may be grounds for an ethics investigation. States are also getting into the act by moving forward with privacy laws that can cause trouble for accounting firms and even those in industry if confidential data is released to the public. The security zones in Internet Explorer are used by all applications that access web-based documents whether on the Internet or locally on the network. Other programs such as QuickBooks, Outlook, Outlook Express and Windows Explorer will use the security zones specified via the Internet Options applet to control access to the computer. For purposes of this article, references to Internet Explorer include any application that uses browser functionality to access content.

Internet Explorer is built with four security zones. The first, Internet, is the security zone used for any item not located on the local computer or listed in the other three zones. By default, this zone is set to a medium security level. The next zone is Local Intranet. This zone covers web sites, servers, and other internal components located on the network to which the computer is connected. By default, this zone is set to medium-low. The next zone is Trusted sites. This zone is used to specify internal or external web sites that you specifically trust will not harm your computer. By default, this zone is set to low. The final zone is Restricted Sites. The Restricted Sites zone is the place to specify web sites that could cause damage to your computer operating system or cause data loss if accessed. Each of these zones, separately and combined, provides the ability to control the browsing experience. The impact the Internet will have on your computer is controlled through these settings in these four zones.

As the vulnerabilities increase on the Internet, having the appropriate settings for each of these zones is important to maintaining a computer free of the junk floating around the Internet. The recommendations that follow are derived from personal experience as well as extensive reading on how the various spyware, viruses, Trojan horses and other malware find their way onto computers. If everyone would change his/her settings as recommended here, the malware generated on the Internet would become much less prevalent.