By Val Bakh
2.7.4 Internet Explorer Security Features
When you are physically in a crowded place, such as a shopping mall or a busy street, you are very much cognizant of the fact that most people around you are total strangers. You wouldn’t climb to a podium and shout out your name, address, date of birth, place of work, or any other personal information for everyone’s benefit. Most of the time, you wouldn’t even fumble in your wallet too openly. And if you come across a banking machine and decide to do some banking, you’ll make sure no one is watching over your shoulder when you are entering your PIN, you’ll never forget to remove your banking card when you are done, and you’ll never leave behind any receipts that the machine printed for you. When you are browsing the Internet from the comfort of your home, there is no jostle or bustle of a physical crowd, but that doesn’t mean that there’s no one watching you or that everyone in cyberspace is a friend you can trust. Therefore, certain precautions are in order if you want to stay safe.
Windows 7 comes with the Internet Explorer 8 (IE8) browser, or you can upgrade it to a newer version, IE9. As you are visiting different Web sites, IE can accumulate various information about your browsing patterns, the text that you type in Web forms, and the choices that you make when prompted for your age, gender, country, state or province, or postal code. Of course, it goes without saying that you must be very careful about what information you provide to whom. But even if you are, there are other dangers that are not always easy to spot.
If a stranger approached you in a street to tell you that your bank had somehow messed up information about your accounts and that you needed to come with him or her right away and help sort it out, a very big red flag would immediately pop up in your mind. But it all looks and feels a bit different when you receive an e-mail purportedly coming from your bank, essentially saying the same thing the stranger did. The e-mail message conveniently provides a hyperlink to what appears to be your bank’s login page. Lulled into a false sense of security, you enter your account number and password and breathe easier when you see a confirmation that everything has now been fixed and that access to your account has been restored. Needless to say, you are unlikely to find your money still in place the next time you log in—or ever. This type of social engineering is known as “phishing.” Another phishing trick can involve a Web site requesting that you provide certain personal information for a seemingly legitimate purpose. The recipient of that information can then use it to impersonate you in order to open credit accounts or take loans under your name.
IE includes a security feature that helps protect you against such scams. In IE7, it is named Phishing Filter; in IE8 and later versions, it has been renamed SmartScreen Filter and has been enhanced to include protection against malware. When this filter is on, IE sends Microsoft each URL that you are about to navigate to; Microsoft then checks the URL against a database of known malicious Web sites. If the site has been blacklisted, IE warns you that the site is reportedly unsafe. If the site is not in the list, SmartScreen Filter can heuristically analyze the site for common signs of malicious behavior. The filter also blocks attempts to download files that are known to be unsafe. Of course, SmartScreen Filter alone cannot protect you against all dangers, especially if you choose to disregard its warnings, but it’s a very helpful tool; so make sure it’s always enabled on your computer.
Another important security feature in IE8 and later is InPrivate Browsing. If you are browsing the Internet on a shared computer—in a library, airport, Internet café, or another public place—you probably don’t want the people who use that computer after you to know which Web sites you visited, and you never want anyone to find out your login credentials for any of your online accounts. If you have access to IE settings, you should select InPrivate Browsing from the Safety menu. A new instance of IE will open with the InPrivate icon on the left side of the address bar. During an InPrivate session, IE stores cookies in RAM so that the Web sites you visit function properly. Browsing history and AutoComplete information, such as user names, passwords, and form data, are not stored, and custom toolbars and extensions are disabled by default. When you finish working on the public computer, you should close the InPrivate IE window to ensure that all the information related to your activities is deleted.
Don’t confuse InPrivate Browsing with InPrivate Filtering. The latter is also intended to protect your privacy but, strictly speaking, is not a security feature. Web sites often include advertisements or other Web components from third-party content providers. These components can collect information about your browsing patterns and thus infer certain personal information about you that can be used to tailor advertisements to your perceived interests. Although advertisements can be rather obtrusive, and even disruptive, they are generally harmless. By using InPrivate Filtering, you can block all or some of that third-party content. However, doing so can prevent some Web pages from functioning properly; it’s usually more practical to simply ignore any content you are not interested in.
IE is a great tool, but as is the case with any security measures, whether it is about your physical safety or safety in cyberspace, the most important element is your own good judgment. Always stay vigilant, don’t ignore red flags, and use your common sense.