Internet Explorer is on the way out. Even Microsoft is recommending people avoid it in favor of their new browser, Edge. If you require Internet Explorer for an old website, though, you can secure it against attack with optional features like Enhanced Protected Mode.
If you can move away from Internet Explorer to another browser, you definitely should. Google Chrome, Microsoft Edge, and Mozilla Firefox are all better choices. But a few old websites, especially ones using ActiveX controls, still require IE.
Enable Enhanced Protected Mode and 64-bit Processes
Microsoft introduced a feature named “Enhanced Protected Mode” back in Windows 8. In Enhanced Protected Mode, Internet Explorer runs website content sandboxed in an “AppContainer.” Even if a malicious website manages to exploit Internet Explorer, that AppContainer environment will prevent it from escaping to tamper with the rest of your computer. This feature is not available in Windows 7 (yet one more reason to upgrade to Windows 8 or 10).
Unfortunately, this feature is off by default, because many older add-ons aren’t compatible with Enhanced Protected Mode. To enable this feature, click the gear menu and select “Internet Options” in Internet Explorer. Navigate to Advanced > Security and enable the “Enable Enhanced Protected Mode” option.
While you’re at it, you can also enable the “Enable 64-bit Processes for Enhanced Protected Mode” option here. This makes Internet Explorer run as a 64-bit process, so it can use the better security features available on 64-bit versions of Windows, such as a larger address space for Address Space Layout Randomization.
You’ll need to restart your computer after doing this.
If you enable these features, many add-ons will no longer function in Internet Explorer. This is only an issue you if you actually need add-ons that can’t function in Enhanced Protected Mode. Try enabling it and see if anything breaks. You can always disable it if it doesn’t work for you. But, running Internet Explorer without add-ons is probably also a good idea, because…
Run Internet Explorer Without Add-ons
Add-ons can also be a security concern. Malicious applications on your computer can install browser toolbars and other software that snoops on you. Even legitimate add-ons like Adobe’s Flash player can be vulnerable to attack.
If you just need Internet Explorer for a website that doesn’t require add-ons, you can launch it without add-ons to reduce your attack surface. To do so, press Windows+R on your keyboard, type the following command, and press Enter:
You can also create a desktop shortcut to launch IE in this way if it works for you.
If a website requires a specific ActiveX add-on or Flash, though, the website won’t work properly and you’ll have to close and re-launch Internet Explorer to use it.
Remove and Restrict Add-Ons
If you need add-ons enabled, you should check the list of add-ons you have installed and clean it up to ensure no vulnerable or malicious add-ons are installed.
To view the list of add-ons, click the gear menu in Internet Explorer and select “Manage Add-ons”. Select “All Add-ons” under “Show”. Examine the list of add-ons here and perform web searches for any you don’t recognize. You can disable add-ons you don’t need from here, but you can’t uninstall them–you’ll need to visit the Control Panel to do so.
If you do require add-ons enabled, you can prevent them from running on most websites. For example, there’s a way to enable click-to-play for Flash in Internet Explorer, although it’s not easy to find. Flash won’t automatically run on any websites unless you explicitly give it permission. You can tweak other installed add-ons in the same way, preventing them from running except on specific websites you need them to run on.
Use Anti-Exploit Software
Whether you use Internet Explorer or not, you should use an anti-exploit program–but it’s doubly important for IE users. These programs watch web browsers for common types of attacks and terminate them if an attack is detected. If an attacker tries to exploit Internet Explorer, this type of utility can help prevent that. Modern browsers are increasingly integrating these sorts of anti-exploit techniques, but Internet Explorer has been left behind and isn’t doing so.
There are several options here. Microsoft makes its own EMET tool that will work, but it’s not the most user-friendly software. We like Malwarebyte Anti-Exploit. You don’t need the paid version; the free version will protect Internet Explorer and other browsers just fine.
Keep Internet Explorer Updated
It’s crucial to keep Internet Explorer updated. Microsoft is still actively supporting Internet Explorer with security patches, and you should be installing them if you’re using it.
Internet Explorer updates arrive through Windows Update, so they’ll be automatically installed on Windows 10. On Windows 7 and 8.1, be sure to update regularly. You can enable automatic updates or have Windows Update notify you of available updates so you can download and install them at your convenience. Don’t delay installing updates: Internet Explorer is still a big target for attackers.
Avoid Using Internet Explorer as Much as Possible
All that said, the best tip is to use Internet Explorer as little as possible. Even if you have an older website–or a few older websites–that only work in Internet Explorer, you don’t have to use Internet Explorer all the time. You can use Google Chrome, Mozilla Firefox, or Microsoft Edge for most of your browsing and only use Internet Explorer for those specific websites. Don’t set IE as your default web browser.