Categories
Planning

How to make internet explorer more secure (if you’re stuck using it)

Chris Hoffman is Editor-in-Chief of How-To Geek. He’s written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader’s Digest, been interviewed as a technology expert on TV stations like Miami’s NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times—and that’s just here at How-To Geek. Read more.

Internet Explorer is on the way out. Even Microsoft is recommending people avoid it in favor of their new browser, Edge. If you require Internet Explorer for an old website, though, you can secure it against attack with optional features like Enhanced Protected Mode.

If you can move away from Internet Explorer to another browser, you definitely should. Google Chrome, Microsoft Edge, and Mozilla Firefox are all better choices. But a few old websites, especially ones using ActiveX controls, still require IE.

Enable Enhanced Protected Mode and 64-bit Processes

Microsoft introduced a feature named “Enhanced Protected Mode” back in Windows 8. In Enhanced Protected Mode, Internet Explorer runs website content sandboxed in an “AppContainer.” Even if a malicious website manages to exploit Internet Explorer, that AppContainer environment will prevent it from escaping to tamper with the rest of your computer. This feature is not available in Windows 7 (yet one more reason to upgrade to Windows 8 or 10).

Unfortunately, this feature is off by default, because many older add-ons aren’t compatible with Enhanced Protected Mode. To enable this feature, click the gear menu and select “Internet Options” in Internet Explorer. Navigate to Advanced > Security and enable the “Enable Enhanced Protected Mode” option.

While you’re at it, you can also enable the “Enable 64-bit Processes for Enhanced Protected Mode” option here. This makes Internet Explorer run as a 64-bit process, so it can use the better security features available on 64-bit versions of Windows, such as a larger address space for Address Space Layout Randomization.

You’ll need to restart your computer after doing this.

If you enable these features, many add-ons will no longer function in Internet Explorer. This is only an issue you if you actually need add-ons that can’t function in Enhanced Protected Mode. Try enabling it and see if anything breaks. You can always disable it if it doesn’t work for you. But, running Internet Explorer without add-ons is probably also a good idea, because…

Run Internet Explorer Without Add-ons

Add-ons can also be a security concern. Malicious applications on your computer can install browser toolbars and other software that snoops on you. Even legitimate add-ons like Adobe’s Flash player can be vulnerable to attack.

If you just need Internet Explorer for a website that doesn’t require add-ons, you can launch it without add-ons to reduce your attack surface. To do so, press Windows+R on your keyboard, type the following command, and press Enter:

You can also create a desktop shortcut to launch IE in this way if it works for you.

If a website requires a specific ActiveX add-on or Flash, though, the website won’t work properly and you’ll have to close and re-launch Internet Explorer to use it.

Remove and Restrict Add-Ons

If you need add-ons enabled, you should check the list of add-ons you have installed and clean it up to ensure no vulnerable or malicious add-ons are installed.

To view the list of add-ons, click the gear menu in Internet Explorer and select “Manage Add-ons”. Select “All Add-ons” under “Show”. Examine the list of add-ons here and perform web searches for any you don’t recognize. You can disable add-ons you don’t need from here, but you can’t uninstall them–you’ll need to visit the Control Panel to do so.

If you do require add-ons enabled, you can prevent them from running on most websites. For example, there’s a way to enable click-to-play for Flash in Internet Explorer, although it’s not easy to find. Flash won’t automatically run on any websites unless you explicitly give it permission. You can tweak other installed add-ons in the same way, preventing them from running except on specific websites you need them to run on.

Use Anti-Exploit Software

Whether you use Internet Explorer or not, you should use an anti-exploit program–but it’s doubly important for IE users. These programs watch web browsers for common types of attacks and terminate them if an attack is detected. If an attacker tries to exploit Internet Explorer, this type of utility can help prevent that. Modern browsers are increasingly integrating these sorts of anti-exploit techniques, but Internet Explorer has been left behind and isn’t doing so.

There are several options here. Microsoft makes its own EMET tool that will work, but it’s not the most user-friendly software. We like Malwarebyte Anti-Exploit. You don’t need the paid version; the free version will protect Internet Explorer and other browsers just fine.

Keep Internet Explorer Updated

It’s crucial to keep Internet Explorer updated. Microsoft is still actively supporting Internet Explorer with security patches, and you should be installing them if you’re using it.

Internet Explorer updates arrive through Windows Update, so they’ll be automatically installed on Windows 10. On Windows 7 and 8.1, be sure to update regularly. You can enable automatic updates or have Windows Update notify you of available updates so you can download and install them at your convenience. Don’t delay installing updates: Internet Explorer is still a big target for attackers.

Avoid Using Internet Explorer as Much as Possible

All that said, the best tip is to use Internet Explorer as little as possible. Even if you have an older website–or a few older websites–that only work in Internet Explorer, you don’t have to use Internet Explorer all the time. You can use Google Chrome, Mozilla Firefox, or Microsoft Edge for most of your browsing and only use Internet Explorer for those specific websites. Don’t set IE as your default web browser.

How many of you are using Internet Explorer 11 on your PC? Do you know how to repair IE browser when it crashes in Windows 10?
I’m now having this issue that the browser keeps crashing when I tried to open it again and again. Internet Explorer reinstallation cannot even solve this problem.
What can I do? Help!

When Internet Explorer crashes, freezes or stops responding in your PC, don’t worry. This article will provide you 5 effective methods to help you effectively fix Internet Explorer not working, crashing issue and just follow to repair IE browser in Windows 10/8/7 with ease now.

Method 1. Run Internet Explorer Performance troubleshooter

1. Press Windows key on the keyboard > Type: troubleshooting and select the topmost search result.
2. Click View all > Select Internet Explorer Performance > Advanced > Apply repairs automatically.
3. Follow the onscreen instructions and wait for the process to complete.
Then you can check whether the crashed IE browser can work or not.

Method 2. Scan and repair bad sectors

Option 1. Repair bad sectors with partition manager software
EaseUS partition manager software allows you to effectively repair bad sectors in Windows system that stops IE from working:

Windows 11/10/8/7 100% Secure

Step 1. Launch EaseUS Partition Master. On the main window, right-click on the unallocated space on your hard drive or external storage device and select “Create”.

Step 2. Adjust the partition size, file system (Choose the file system based on your need), label, etc. for the new partition and click “OK” to continue.

Step 3. Click on the “Execute Operation” button and create a new partition by clicking “Apply”.

Watch the following video tutotial and learn how to create a partition in NTFS, FAT, or EXT file system.

Option 2. Run SFC command to repair corrupted system files to make IE work

1. Right-click Start > Select Command Prompt (Admin);
2. Type:sfc /scannow and hit Enter.

Method 3. Disable Add-ons in Internet Explorer

1. Run Internet Explorer > Click Manage Add-ons on Tool menu;
2. Click the name of add-on and click Disable to disable all add-ons and close the Internet Explorer;
3. Restart IE browser to see if the problem has been fixed or not;
If not, continue below steps:
4. Click Manage Add-ons in Internet Explorer tool menu > Click and disable one add-on at a time;
5. Restart the Internet Explorer to check if the problem has been fixed;
6. Next time, enable the previously disabled add-on and disable another different add-on till IE browser crashing problem gets fixed.

Method 4. Reset Internet Explorer to default settings

1. Open Internet Explorer > Tool > Click Internet Options to open Internet Options box;
2. Go to Advanced > Click Reset to open Reset Internet Explorer Settings dialog;
3. Click Reset and wait for the system to change IE browser to default settings.
4. Close the dialog and restart Internet Explorer browser to apply all changes.

Method 5. Update Internet Explorer to the latest version

When Internet Explorer is outdated, you may not be able to continue using it to search wanted answers online. Therefore, update Internet Explorer to the latest version can also repair and fix IE browser crashing, not responding or freezing issue in your IE browser:

For Windows 10/8 users:
1. Open Start by pressing Windows key > Type: check for updates and press Enter.
2. On Windows Update or Update status screen> Click Check for updates to look for available updates for Internet Explorer.

For Windows 7 users:
1. Click on Start to open Start menu > Type: windows update and hit Enter.
2. On Windows Update screen, click Check for updates to find the available update for IE browser by then.

How well Internet Explorer—or any Web browser, for that matter—protects against attacks and malware greatly depends on whether you keep it up to date and have the right security settings. Here’s how to take the proper security measures with Internet Explorer 9 and 10.

Upgrade to the latest version of IE

Although switching to a new version of your browser can take some getting used to—what with its various interface and feature changes—new security features are often worth the annoyance. So it’s a good idea to upgrade to newer versions when available.

IE 10 is the latest version, and it comes bundled with Windows 8. Microsoft also offers IE 10 for those running Windows 7 with Service Pack 1 installed. But if you’re running Windows Vista, you’re stuck with using IE 9.

To determine whether the latest possible version of IE is installed, open IE, press the Alt key, open the Help menu, and then select About Internet Explorer.

If needed, you can download IE 10 for Windows 7 or IE 9 for Windows Vista.

Download IE updates

No matter which version of Windows or IE you’re running, you should have all the latest IE updates installed. These updates typically patch known security holes and vulnerabilities. Open IE, press the Alt key, select the Tools menu, and then select Windows Update. If you’re using Windows 8, open IE in the desktop interface.

In the Windows Update window that follows, click Check for Updates, and install IE or other updates. To ensure you stay up-to-date in the future, consider having updates installed automatically.

Check for add-on updates

Many browser attacks exploit security vulnerabilities that affect popular add-ons like Adobe Flash Player or Java, so you should install updates for those as soon as you get the update nag message. Also consider periodically running a scan with free tools like Qualys BrowserCheck or Secunia Personal Software Inspector (PSI) to make doubly sure that you haven’t missed any updates.

Verify or adjust security levels

IE lets you set custom security settings for different zones: Internet, Local Intranet, Trusted Sites, and Restricted Sites. When you visit a website, IE automatically classifies it as in the Internet zone. The exceptions are websites hosted by your local network (say, a site set up for use on your company’s network)—then it’s Local Intranet—or sites that you’ve added to the Trusted or Restricted lists beforehand. You can set each zone to a predefined security level and customize the settings as well.

Though IE sets each zone to an acceptable level by default, you may want to double-check your settings for each zone and even turn them up for greater protection. Open IE, press the key, select the Tools menu, and click Internet Options. If you’re using Windows 8, open IE from the traditional desktop interface to get at these options.

From the Internet Options window, select the Security tab: you’ll then see icons for each security zone, which you can click to change their security level. The Internet zone is set to Medium-high by default, Local Intranet is Medium-low, Trusted Sites is Medium, and Restricted Sites is High. In addition, the Internet and Restricted Sites zones both have Protected Mode enabled (which alerts you when webpages try to install or run programs).

I recommend that you use these default levels. If you change security levels for the various zones, you can always return them to their default settings by clicking Reset all zones to default level.

Use SmartScreen Filtering

In IE 8, Microsoft added the SmartScreen filter, which helps block dangerous websites and downloads. It’s enabled by default (if you selected the recommended security settings when you first ran IE), but you should double-check to see if you still have SmartScreen Filtering turned on. Open IE, press the Alt key, open the Tools menu, and select SmartScreen Filter. If you see Turn On SmartScreen Filter, click it.

Now, if you visit a possible phishing or malware-infested site, or if you download a suspicious file, you’ll get a warning message.

Here’s what you’ll see if SmartScreen Filtering runs across a potentially harmful site.

Enable ActiveX Filtering

The ActiveX filter in IE 9 and 10 blocks all ActiveX content on websites, but it allows you to run it selectively on sites you trust. Though some sites use ActiveX controls to display or run legitimate content (like animations, ads, Web-based programs, and download managers), some sites may try to run malicious ActiveX controls or content to infect your computer.

This is where ActiveX Filtering can help; however, this security feature is disabled by default. If you’d like the extra protection of this filtering feature, you can easily turn it on: Open IE, press the Alt key, open the Tools menu, and click ActiveX Filtering if it isn’t already checked.

Now when you visit a website with active content, you’ll be alerted that some content has been filtered or blocked. If you trust the site, you can click Turn off ActiveX Filtering to allow the content on that particular website.

Set up tracking protection

Tracking Protection, a feature present in IE 9 and 10, helps protect your online privacy and reduces annoyances from third-party content like advertisements. Combined with Tracking Protection Lists, it can block third-party content from appearing and prevent third-party tracking from content providers on the list.

By default, Tracking Protection Lists are turned off. To enable and configure them, open IE, press the Alt key, select the Tools menu, and click Tracking Protection. You should see the default list that’s generated automatically based on sites you visit, and you may choose to download additional lists. To use a list, select it, and click the Enable button.

Then, to choose how you want to block them, click the Settings button.

In IE 10, Microsoft added a Do Not Track setting—enabled by default—to Tracking Protection, which tells websites you visit that you prefer not to be tracked. Though websites are under no obligation to honor your request, stating your preference may reduce some tracking.

To adjust your Do Not Track settings, open IE from the desktop, press the Alt key, pop open the Tools menu, and click Internet Options. From there, select the Advanced tab, scroll down to the Security section, and confirm that the Always send Do Not Track header setting is checked.

Did we mention that you should update?

The fundamental step to keeping any browser secure is to update it regularly. Once you’ve made that a habit, you’ll also find that Internet Explorer has a solid set of built-in security features, as well as some privacy protections. The settings recommended here will do the trick for most situations, but they aren’t set in stone. The better you learn the security functions, the better you can adjust them to your own browsing habits.

How well Internet Explorer—or any Web browser, for that matter—protects against attacks and malware greatly depends on whether you keep it up to date and have the right security settings. Here’s how to take the proper security measures with Internet Explorer 9 and 10.

Upgrade to the latest version of IE

Although switching to a new version of your browser can take some getting used to—what with its various interface and feature changes—new security features are often worth the annoyance. So it’s a good idea to upgrade to newer versions when available.

IE 10 is the latest version, and it comes bundled with Windows 8. Microsoft also offers IE 10 for those running Windows 7 with Service Pack 1 installed. But if you’re running Windows Vista, you’re stuck with using IE 9.

To determine whether the latest possible version of IE is installed, open IE, press the key, open the Help menu, and then select About Internet Explorer.

If needed, you can download IE 10 for Windows 7 or IE 9 for Windows Vista.

Download IE updates

No matter which version of Windows or IE you’re running, you should have all the latest IE updates installed. These updates typically patch known security holes and vulnerabilities. Open IE, press the key, select the Tools menu, and then select Windows Update. If you’re using Windows 8, open IE in the desktop interface.

In the Windows Update window that follows, click Check for Updates, and install IE or other updates. To ensure you stay up-to-date in the future, consider having updates installed automatically.

Check for add-on updates

Many browser attacks exploit security vulnerabilities that affect popular add-ons like Adobe Flash Player or Java, so you should install updates for those as soon as you get the update nag message. Also consider periodically running a scan with free tools like Qualys BrowserCheck or Secunia Personal Software Inspector (PSI) to make doubly sure that you haven’t missed any updates.

Verify or adjust security levels

IE lets you set custom security settings for different zones: Internet, Local Intranet, Trusted Sites, and Restricted Sites. When you visit a website, IE automatically classifies it as in the Internet zone. The exceptions are websites hosted by your local network (say, a site set up for use on your company’s network)—then it’s Local Intranet—or sites that you’ve added to the Trusted or Restricted lists beforehand. You can set each zone to a predefined security level and customize the settings as well.

Though IE sets each zone to an acceptable level by default, you may want to double-check your settings for each zone and even turn them up for greater protection. Open IE, press the key, select the Tools menu, and click Internet Options. If you’re using Windows 8, open IE from the traditional desktop interface to get at these options.

From the Internet Options window, select the Security tab: you’ll then see icons for each security zone, which you can click to change their security level. The Internet zone is set to Medium-high by default, Local Intranet is Medium-low, Trusted Sites is Medium, and Restricted Sites is High. In addition, the Internet and Restricted Sites zones both have Protected Mode enabled (which alerts you when webpages try to install or run programs).

I recommend that you use these default levels. If you change security levels for the various zones, you can always return them to their default settings by clicking Reset all zones to default level.

Use SmartScreen Filtering

In IE 8, Microsoft added the SmartScreen filter, which helps block dangerous websites and downloads. It’s enabled by default (if you selected the recommended security settings when you first ran IE), but you should double-check to see if you still have SmartScreen Filtering turned on. Open IE, press the key, open the Tools menu, and select SmartScreen Filter. If you see Turn On SmartScreen Filter, click it.

Now, if you visit a possible phishing or malware-infested site, or if you download a suspicious file, you’ll get a warning message.

Here’s what you’ll see if SmartScreen Filtering runs across a potentially harmful site.

Enable ActiveX Filtering

The ActiveX filter in IE 9 and 10 blocks all ActiveX content on websites, but it allows you to run it selectively on sites you trust. Though some sites use ActiveX controls to display or run legitimate content (like animations, ads, Web-based programs, and download managers), some sites may try to run malicious ActiveX controls or content to infect your computer.

This is where ActiveX Filtering can help; however, this security feature is disabled by default. If you’d like the extra protection of this filtering feature, you can easily turn it on: Open IE, press the key, open the Tools menu, and click ActiveX Filtering if it isn’t already checked.

Now when you visit a website with active content, you’ll be alerted that some content has been filtered or blocked. If you trust the site, you can click Turn off ActiveX Filtering to allow the content on that particular website.

Set up tracking protection

Tracking Protection, a feature present in IE 9 and 10, helps protect your online privacy and reduces annoyances from third-party content like advertisements. Combined with Tracking Protection Lists, it can block third-party content from appearing and prevent third-party tracking from content providers on the list.

By default, Tracking Protection Lists are turned off. To enable and configure them, open IE, press the key, select the Tools menu, and click Tracking Protection. You should see the default list that’s generated automatically based on sites you visit, and you may choose to download additional lists. To use a list, select it, and click the Enable button.

Then, to choose how you want to block them, click the Settings button.

In IE 10, Microsoft added a Do Not Track setting—enabled by default—to Tracking Protection, which tells websites you visit that you prefer not to be tracked. Though websites are under no obligation to honor your request, stating your preference may reduce some tracking.

To adjust your Do Not Track settings, open IE from the desktop, press the key, pop open the Tools menu, and click Internet Options. From there, select the Advanced tab, scroll down to the Security section, and confirm that the Always send Do Not Track header setting is checked.

Did we mention that you should update?

The fundamental step to keeping any browser secure is to update it regularly. Once you’ve made that a habit, you’ll also find that Internet Explorer has a solid set of built-in security features, as well as some privacy protections. The settings recommended here will do the trick for most situations, but they aren’t set in stone. The better you learn the security functions, the better you can adjust them to your own browsing habits.

One Comment

Ulrike

I was visiting register for your feed (RSS) but realized its not the full article,
is there a feed which does deliver out the comprehensive short article?

Its truly useful for when I am away from a net connection

The Internet Explorer 11 desktop application is retired and out of support as of June 15, 2022 for certain versions of Windows 10.

You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. Learn how.

The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. Disable IE today.

This article provides information about resolving issues with web pages that only display secure content.

Original product version: В Internet Explorer 9 or later versions
Original KB number: В 2625928

Symptoms

When viewing a website in Internet Explorer 9 or later, you receive the following message:

Only secure content is displayed.

Cause

This message means there may be secure and non-secure content (mixed content) on the page. The webpage tries to display elements using both secure (HTTPS/SSL) and non-secure (HTTP) web server connections. This issue often happens with online stores or financial sites. The webpage displays images, banners, or scripts from a server that isn’t secured. The risk of displaying mixed content is that a non-secure webpage or script may access information from the secure content.

Resolution

Internet Explorer blocks non-secure content by default and is set to prompt you when this is happening. Changing this setting may make your computer vulnerable to viral, fraudulent, or malicious attacks. Microsoft does not recommend that you attempt to change this setting. Modify this setting at your own risk.

Windows 10

To Disable/Enable/Prompt the Only secure content is displayed message:

Open Internet Explorer from the Start screen.

On the Tool menu, select Internet Options.

Select the Security tab, and then select Custom level.

In the Settings box, scroll down to the Miscellaneous section, and under Display mixed content choose from the following options:

Disable, won’t display non-secure items.
Enable, will always display non-secure items without asking.
Prompt, will prompt you when a webpage is using non-secure content.

Windows 8

To Disable/Enable/Prompt the Only secure content is displayed message:

From the start screen, type Internet Options.

Tap or select the Settings option below the Search box, and then tap or select Internet Options.

Tap or select the Security tab, and then tap or select the Custom Level.

In the Settings box, scroll down to the Miscellaneous section, and under Display mixed content choose from the following options:

Disable, won’t display non-secure items.
Enable, will always display non-secure items without asking.
Prompt, will prompt you when a webpage is using non-secure content.

Windows 7 and Windows Vista

To Disable/Enable/Prompt the Only secure content is displayed message:

Start Internet Explorer.

On the Tool menu, select Internet Options.

Select the Security tab, and then select Custom level.

In the Settings box, scroll down to the Miscellaneous section, and under Display mixed content choose from the following options:

Disable, won’t display non-secure items.
Enable, will always display non-secure items without asking.
Prompt, will prompt you when a webpage is using non-secure content.

More information

To learn more about the risks of allowing mixed content, see Protecting Consumers from Malicious Mixed Content.

Internet Explorer đang trên đường ra. Ngay cả Microsoft cũng khuyên mọi người nên tránh nó để ủng hộ trình duyệt mới của họ, Edge. Tuy nhiên, nếu bạn yêu cầu Internet Explorer cho một trang web cũ, bạn có thể bảo vệ trang web khỏi bị tấn công bằng các tính năng tùy chọn như Chế độ bảo vệ nâng cao.

Nếu bạn có thể chuyển từ Internet Explorer sang một trình duyệt khác, bạn chắc chắn nên. Google Chrome, Microsoft Edge và Mozilla Firefox đều là những lựa chọn tốt hơn. Nhưng một vài trang web cũ, đặc biệt là các trang web sử dụng điều khiển ActiveX, vẫn yêu cầu IE.

Kích hoạt chế độ bảo vệ nâng cao và quy trình 64 bit

Microsoft đã giới thiệu một tính năng có tên là Chế độ bảo vệ được tăng cường của Hồi giáo trong Windows 8. Trong Chế độ được bảo vệ nâng cao, Internet Explorer chạy nội dung trang web được đóng hộp trong một ứng dụng trên ứng dụng của ứng dụng. thoát ra để làm xáo trộn phần còn lại của máy tính của bạn. Tính năng này không có sẵn trong Windows 7 (còn một lý do nữa để nâng cấp lên Windows 8 hoặc 10).

Thật không may, tính năng này bị tắt theo mặc định, vì nhiều tiện ích bổ sung cũ không tương thích với Chế độ bảo vệ nâng cao. Để kích hoạt tính năng này, hãy nhấp vào menu bánh răng và chọn Tùy chọn Internet của Nhật Bản trong Internet Explorer. Điều hướng đến Nâng cao> Bảo mật và bật tùy chọn Chế độ bảo vệ nâng cao Chế độ bảo vệ cải tiến.

Trong khi bạn đang ở đó, bạn cũng có thể kích hoạt tùy chọn Kích hoạt 64 bit cho Chế độ bảo vệ chế độ bảo vệ nâng cao tại đây. Điều này làm cho Internet Explorer chạy như một quy trình 64 bit, do đó, nó có thể sử dụng các tính năng bảo mật tốt hơn có sẵn trên các phiên bản Windows 64 bit, chẳng hạn như không gian địa chỉ lớn hơn cho Ngẫu nhiên bố trí không gian địa chỉ.

Bạn sẽ cần phải khởi động lại máy tính của bạn sau khi làm điều này.

Nếu bạn bật các tính năng này, nhiều tiện ích bổ sung sẽ không còn hoạt động trong Internet Explorer. Đây chỉ là vấn đề nếu bạn thực sự cần các tiện ích bổ sung không thể hoạt động trong Chế độ bảo vệ nâng cao. Hãy thử kích hoạt nó và xem nếu có bất cứ điều gì phá vỡ. Bạn luôn có thể vô hiệu hóa nó nếu nó không làm việc cho bạn. Nhưng, chạy Internet Explorer mà không có tiện ích bổ sung có lẽ cũng là một ý kiến ​​hay, bởi vì

Chạy Internet Explorer mà không cần tiện ích bổ sung

Tiện ích cũng có thể là một mối quan tâm bảo mật. Các ứng dụng độc hại trên máy tính của bạn có thể cài đặt các thanh công cụ trình duyệt và các phần mềm khác rình mò bạn. Ngay cả các tiện ích bổ sung hợp pháp như Flash player của Adobe cũng có thể dễ bị tấn công.

Nếu bạn chỉ cần Internet Explorer cho một trang web không yêu cầu tiện ích bổ sung, bạn có thể khởi chạy nó mà không cần tiện ích bổ sung để giảm bề mặt tấn công của bạn. Để làm như vậy, nhấn Windows + R trên bàn phím của bạn, nhập lệnh sau và nhấn Enter:

Bạn cũng có thể tạo lối tắt trên màn hình để khởi chạy IE theo cách này nếu nó hoạt động cho bạn.

Tuy nhiên, nếu một trang web yêu cầu một tiện ích bổ sung ActiveX hoặc Flash cụ thể, thì trang web đó sẽ không hoạt động chính xác và bạn sẽ phải đóng và khởi chạy lại Internet Explorer để sử dụng nó.

Xóa và hạn chế các tiện ích bổ sung

Nếu bạn cần bật tiện ích bổ sung, bạn nên kiểm tra danh sách các tiện ích bổ sung bạn đã cài đặt và dọn sạch để đảm bảo không có tiện ích bổ sung dễ bị tổn thương hoặc độc hại nào được cài đặt.

Để xem danh sách các tiện ích bổ sung, nhấp vào menu bánh răng trong Internet Explorer và chọn Khác Quản lý tiện ích bổ trợ. Chọn tất cả các tiện ích bổ sung khác Kiểm tra danh sách các tiện ích bổ sung tại đây và thực hiện tìm kiếm trên web cho bất kỳ bạn không nhận ra. Bạn có thể tắt các tiện ích bổ sung mà bạn không cần từ đây, nhưng bạn không thể gỡ cài đặt chúng – bạn sẽ cần truy cập Bảng điều khiển để làm như vậy.

Nếu bạn yêu cầu bật tiện ích bổ sung, bạn có thể ngăn không cho chúng chạy trên hầu hết các trang web. Ví dụ: có một cách để bật nhấp để phát cho Flash trong Internet Explorer, mặc dù không dễ tìm. Flash sẽ không tự động chạy trên bất kỳ trang web nào trừ khi bạn cho phép rõ ràng. Bạn có thể điều chỉnh các tiện ích bổ sung được cài đặt khác theo cùng một cách, ngăn không cho chúng chạy ngoại trừ trên các trang web cụ thể mà bạn cần chúng để chạy trên.

Sử dụng phần mềm chống khai thác

Cho dù bạn có sử dụng Internet Explorer hay không, bạn vẫn nên sử dụng chương trình chống khai thác – nhưng điều này thực sự quan trọng đối với người dùng IE. Các chương trình này xem trình duyệt web cho các loại tấn công phổ biến và chấm dứt chúng nếu phát hiện một cuộc tấn công. Nếu kẻ tấn công cố gắng khai thác Internet Explorer, loại tiện ích này có thể giúp ngăn chặn điều đó. Các trình duyệt hiện đại đang ngày càng tích hợp các loại kỹ thuật chống khai thác này, nhưng Internet Explorer đã bị bỏ lại phía sau và không làm như vậy.

Có một số lựa chọn ở đây. Microsoft tạo ra công cụ EMET của riêng mình sẽ hoạt động, nhưng nó không phải là phần mềm thân thiện với người dùng nhất. Chúng tôi thích Malwaritherte Chống khai thác. Bạn không cần phiên bản trả phí; phiên bản miễn phí sẽ bảo vệ Internet Explorer và các trình duyệt khác tốt.

Cập nhật Internet Explorer

Điều quan trọng là phải cập nhật Internet Explorer. Microsoft vẫn đang tích cực hỗ trợ Internet Explorer với các bản vá bảo mật và bạn nên cài đặt chúng nếu bạn đang sử dụng nó.

Các bản cập nhật Internet Explorer đến thông qua Windows Update, vì vậy chúng sẽ được cài đặt tự động trên Windows 10. Trên Windows 7 và 8.1, hãy đảm bảo cập nhật thường xuyên. Bạn có thể bật cập nhật tự động hoặc để Windows Update thông báo cho bạn về các bản cập nhật có sẵn để bạn có thể tải xuống và cài đặt chúng một cách thuận tiện. Đừng trì hoãn cài đặt bản cập nhật: Internet Explorer vẫn là mục tiêu lớn cho những kẻ tấn công.

Tránh sử dụng Internet Explorer càng nhiều càng tốt

Tất cả những gì đã nói, mẹo tốt nhất là sử dụng Internet Explorer càng ít càng tốt. Ngay cả khi bạn có một trang web cũ hơn – hoặc một vài trang web cũ hơn – chỉ hoạt động trong Internet Explorer, bạn không phải sử dụng Internet Explorer mọi lúc. Bạn có thể sử dụng Google Chrome, Mozilla Firefox hoặc Microsoft Edge cho hầu hết trình duyệt của mình và chỉ sử dụng Internet Explorer cho các trang web cụ thể đó. Đừng đặt IE làm trình duyệt web mặc định của bạn.

Internet Explorer กำลังใกล้เข้ามา แม้แต่ Microsoft กำลังแนะนำผู้คนให้หลีกเลี่ยงเพราะเบราว์เซอร์ใหม่ของพวกเขา Edge อย่างไรก็ตามหากคุณต้องการ Internet Explorer สำหรับเว็บไซต์เก่าคุณสามารถรักษาความปลอดภัยจากการถูกโจมตีด้วยฟีเจอร์เสริมเช่นโหมดที่ได้รับการป้องกันขั้นสูง.

หากคุณสามารถย้ายออกจาก Internet Explorer ไปยังเบราว์เซอร์อื่นได้คุณควรทำอย่างแน่นอน Google Chrome, Microsoft Edge และ Mozilla Firefox เป็นตัวเลือกที่ดีกว่า แต่เว็บไซต์เก่า ๆ บางแห่งโดยเฉพาะเว็บไซต์ที่ใช้ตัวควบคุม ActiveX ยังคงต้องการ IE.

เปิดใช้งานโหมดที่ได้รับการป้องกันขั้นสูงและกระบวนการ 64 บิต

Microsoft เปิดตัวคุณลักษณะชื่อ“ Enhanced Protected Mode” กลับมาใน Windows 8 ในโหมด Enhanced Protected, Internet Explorer เรียกใช้เนื้อหาเว็บไซต์ที่มี Sandbox ใน“ AppContainer” แม้ว่าเว็บไซต์ที่เป็นอันตรายจะจัดการเพื่อใช้ประโยชน์จาก Internet Explorer สภาพแวดล้อม AppContainer จะป้องกันไม่ให้ หนีไปยุ่งกับคอมพิวเตอร์ส่วนที่เหลือของคุณ คุณลักษณะนี้ไม่สามารถใช้งานได้ใน Windows 7 (ยังมีอีกหนึ่งเหตุผลที่ต้องอัพเกรดเป็น Windows 8 หรือ 10).

น่าเสียดายที่คุณลักษณะนี้ปิดใช้งานตามค่าเริ่มต้นเนื่องจาก Add-on รุ่นเก่าจำนวนมากไม่สามารถทำงานร่วมกับโหมดได้รับการป้องกันขั้นสูงได้ หากต้องการเปิดใช้งานคุณสมบัตินี้ให้คลิกเมนูรูปเฟืองแล้วเลือก“ ตัวเลือกอินเทอร์เน็ต” ใน Internet Explorer ไปที่ขั้นสูง> ความปลอดภัยและเปิดใช้งานตัวเลือก“ เปิดใช้งานโหมดป้องกันขั้นสูง”.

ขณะที่คุณอยู่ที่นี่คุณยังสามารถเปิดใช้งานตัวเลือก“ เปิดใช้งานกระบวนการ 64 บิตสำหรับโหมดที่ได้รับการป้องกันขั้นสูง” ได้ที่นี่ สิ่งนี้ทำให้ Internet Explorer ทำงานเป็นกระบวนการแบบ 64 บิตดังนั้นจึงสามารถใช้คุณลักษณะด้านความปลอดภัยที่ดีกว่าที่มีอยู่ใน Windows รุ่น 64 บิตเช่นพื้นที่ที่อยู่ที่มีขนาดใหญ่กว่าสำหรับ Address Space Layout Randomization.

หากคุณเปิดใช้งานคุณสมบัติเหล่านี้ส่วนเสริมจำนวนมากจะไม่ทำงานใน Internet Explorer อีกต่อไป นี่เป็นเพียงปัญหาของคุณหากคุณต้องการโปรแกรมเสริมที่ไม่สามารถทำงานได้ในโหมดป้องกันขั้นสูง ลองเปิดใช้งานและดูว่ามีอะไรผิดปกติหรือไม่ คุณสามารถปิดการใช้งานได้ตลอดเวลาหากไม่ได้ผลสำหรับคุณ แต่การรัน Internet Explorer โดยไม่มีโปรแกรมเสริมอาจเป็นความคิดที่ดีเพราะ .

เรียกใช้ Internet Explorer โดยไม่มีโปรแกรมเสริม

ส่วนเสริมอาจเป็นปัญหาด้านความปลอดภัย แอปพลิเคชันที่เป็นอันตรายในคอมพิวเตอร์ของคุณสามารถติดตั้งแถบเครื่องมือเบราว์เซอร์และซอฟต์แวร์อื่น ๆ ที่สอดแนมคุณ แม้แต่ส่วนเสริมที่ถูกกฎหมายเช่นโปรแกรมเล่น Flash ของ Adobe อาจมีความเสี่ยงที่จะถูกโจมตี.

หากคุณต้องการ Internet Explorer สำหรับเว็บไซต์ที่ไม่ต้องการโปรแกรมเสริมคุณสามารถเปิดใช้งานได้โดยไม่ต้องใช้โปรแกรมเสริมเพื่อลดพื้นที่การโจมตีของคุณ ในการดำเนินการดังกล่าวให้กด Windows + R บนแป้นพิมพ์ของคุณพิมพ์คำสั่งต่อไปนี้แล้วกด Enter:

นอกจากนี้คุณยังสามารถสร้างทางลัดบนเดสก์ท็อปเพื่อเปิด IE ได้ด้วยวิธีนี้หากเหมาะกับคุณ.

หากเว็บไซต์ต้องการโปรแกรมเสริม ActiveX หรือ Flash เฉพาะเว็บไซต์จะทำงานไม่ถูกต้องและคุณจะต้องปิดและเปิด Internet Explorer ใหม่เพื่อใช้งาน.

เอาออกและ จำกัด Add-on

หากต้องการดูรายการส่วนเสริมคลิกเมนูรูปเฟืองใน Internet Explorer แล้วเลือก“ จัดการส่วนเสริม” เลือก“ Add-on ทั้งหมด” ภายใต้“ แสดง” ตรวจสอบรายการส่วนเสริมที่นี่และทำการค้นหาเว็บไซต์ที่คุณไม่รู้จัก คุณสามารถปิดใช้งานส่วนเสริมที่คุณไม่ต้องการได้จากที่นี่ แต่คุณไม่สามารถถอนการติดตั้งได้คุณจะต้องไปที่แผงควบคุมเพื่อทำเช่นนั้น.

หากคุณต้องการเปิดใช้งาน Add-on คุณสามารถป้องกันไม่ให้ทำงานบนเว็บไซต์ส่วนใหญ่ได้ ตัวอย่างเช่นมีวิธีการเปิดใช้งานแบบคลิกเพื่อเล่นสำหรับ Flash ใน Internet Explorer แม้ว่าจะหาไม่ยาก Flash จะไม่ทำงานบนเว็บไซต์ใด ๆ โดยอัตโนมัติเว้นแต่คุณจะให้สิทธิ์อย่างชัดเจน คุณสามารถปรับแต่งแอดออนอื่น ๆ ที่ติดตั้งด้วยวิธีเดียวกันได้โดยป้องกันไม่ให้ทำงานยกเว้นเว็บไซต์ที่คุณต้องการให้ทำงาน.

ใช้ซอฟต์แวร์ต่อต้านการใช้ประโยชน์

ไม่ว่าคุณจะใช้ Internet Explorer หรือไม่คุณควรใช้โปรแกรมต่อต้านการเอารัดเอาเปรียบ แต่มีความสำคัญสำหรับผู้ใช้ IE เป็นสองเท่า โปรแกรมเหล่านี้ดูเว็บเบราว์เซอร์สำหรับการโจมตีประเภททั่วไปและยุติหากการตรวจพบการโจมตี หากผู้โจมตีพยายามใช้ประโยชน์จาก Internet Explorer ยูทิลิตี้ประเภทนี้สามารถช่วยป้องกันได้ เบราว์เซอร์สมัยใหม่กำลังรวมเทคนิคต่อต้านการใช้ประโยชน์เหล่านี้เข้าด้วยกันมากขึ้นเรื่อย ๆ แต่ Internet Explorer ถูกทิ้งไว้เบื้องหลังและไม่ได้ทำเช่นนั้น.

มีหลายตัวเลือกที่นี่ Microsoft สร้างเครื่องมือ EMET ของตัวเองซึ่งจะใช้งานได้ แต่ไม่ใช่ซอฟต์แวร์ที่ใช้งานง่ายที่สุด เราชอบ Malwarebyte Anti-Exploit คุณไม่ต้องการรุ่นที่ต้องชำระเงิน รุ่นฟรีจะปกป้อง Internet Explorer และเบราว์เซอร์อื่น ๆ ได้ดี.

อัพเดท Internet Explorer อยู่เสมอ

การปรับปรุง Internet Explorer เป็นสิ่งสำคัญ Microsoft ยังคงสนับสนุน Internet Explorer ด้วยแพตช์รักษาความปลอดภัยและคุณควรติดตั้งหากคุณใช้งาน.

การอัปเดต Internet Explorer มาถึง Windows Update ดังนั้นพวกเขาจะถูกติดตั้งโดยอัตโนมัติใน Windows 10 บน Windows 7 และ 8.1 โปรดอัปเดตเป็นประจำ คุณสามารถเปิดใช้งานการอัปเดตอัตโนมัติหรือให้ Windows Update แจ้งให้คุณทราบถึงการอัปเดตที่มีอยู่เพื่อให้คุณสามารถดาวน์โหลดและติดตั้งได้ตามความสะดวกของคุณ อย่าล่าช้าในการติดตั้งการอัปเดต: Internet Explorer ยังคงเป็นเป้าหมายสำคัญสำหรับผู้โจมตี.

หลีกเลี่ยงการใช้ Internet Explorer ให้มากที่สุด

เคล็ดลับที่ดีที่สุดคือการใช้ Internet Explorer ให้น้อยที่สุด แม้ว่าคุณจะมีเว็บไซต์ที่เก่ากว่าหรือเว็บไซต์เก่า ๆ ที่สามารถใช้งานได้ใน Internet Explorer แต่คุณไม่จำเป็นต้องใช้ Internet Explorer ตลอดเวลา คุณสามารถใช้ Google Chrome, Mozilla Firefox หรือ Microsoft Edge สำหรับการเรียกดูส่วนใหญ่ของคุณและใช้ Internet Explorer สำหรับเว็บไซต์เฉพาะเหล่านั้นเท่านั้น อย่าตั้งค่า IE เป็นเว็บเบราว์เซอร์เริ่มต้นของคุณ.

Internet Explorer на виході. Навіть Microsoft рекомендує людям уникнути цього на користь свого нового браузера Edge. Якщо вам потрібен Internet Explorer для старого веб-сайту, ви можете захистити його від атаки за допомогою додаткових функцій, таких як Enhanced Protected Mode.

Якщо ви можете відмовитися від Internet Explorer до іншого браузера, вам обов’язково потрібно. Google Chrome, Microsoft Edge і Mozilla Firefox – це кращий вибір. Але деякі старі веб-сайти, особливо ті, які використовують елементи керування ActiveX, все ще вимагають IE.

Увімкнути покращений захищений режим і 64-розрядні процеси

Microsoft представила функцію під назвою “Enhanced Protected Mode” назад у Windows 8. У покращеному захищеному режимі Internet Explorer запускає вміст веб-сайту в “AppContainer”. уникнути втручання в решту комп’ютера. Ця функція недоступна в Windows 7 (ще одна причина для оновлення до Windows 8 або 10).

На жаль, ця функція вимкнена за замовчуванням, оскільки багато старих додатків не сумісні з розширеним захищеним режимом. Щоб увімкнути цю функцію, клацніть меню gear і виберіть “Internet Options” у Internet Explorer. Перейдіть у меню Додатково> Захист і ввімкніть опцію “Увімкнути розширений захищений режим”.

Поки ви на ньому, ви також можете ввімкнути опцію “Увімкнути 64-розрядні процеси для розширеного захищеного режиму”. Це робить Internet Explorer запущеним як 64-розрядний процес, тому він може використовувати кращі функції безпеки, доступні в 64-розрядних версіях Windows, такі як більший адресний простір для рандомізації макет адресного простору.

Після цього потрібно перезавантажити комп’ютер.

Якщо ввімкнути ці функції, багато додаткових компонентів більше не будуть функціонувати в Internet Explorer. Це лише проблема, якщо вам дійсно потрібні доповнення, які не можуть працювати в розширеному захищеному режимі. Спробуйте увімкнути його і подивитися, якщо щось розірве. Ви завжди можете вимкнути його, якщо він не працює для вас. Проте, використання Internet Explorer без додаткових компонентів, можливо, є гарною ідеєю, тому що…

Запустіть Internet Explorer без додатків

Додатки також можуть викликати занепокоєння. Шкідливі програми на вашому комп’ютері можуть встановлювати панелі інструментів веб-переглядача та інше програмне забезпечення, яке перехоплює вас. Навіть легітимні доповнення, такі як Flash-програвач Adobe, можуть бути вразливі до атак.

Якщо вам потрібен лише Internet Explorer для веб-сайту, який не вимагає доповнень, ви можете запустити його без додаткових компонентів, щоб зменшити поверхню атаки. Для цього натисніть клавішу Windows + R на клавіатурі, введіть таку команду та натисніть Enter:

Ви також можете створити ярлик на робочому столі для запуску IE таким чином, якщо він працює для вас.

Якщо веб-сайт вимагає спеціального додатку ActiveX або Flash, веб-сайт не буде працювати належним чином, і вам доведеться закрити та запустити Internet Explorer, щоб використовувати його.

Видалити та обмежити додатки

Якщо вам потрібні додаткові компоненти, слід перевірити список встановлених додаткових компонентів і очистити їх, щоб не було встановлено вразливих або шкідливих додатків..

Щоб переглянути список додаткових компонентів, клацніть меню шестерні в Internet Explorer і виберіть “Керування надбудовами”. Виберіть “Усі додатки” в розділі “Показати”. Ознайомтеся зі списком додаткових компонентів тут і виконайте пошук у мережі для будь-яких не розпізнаних. Ви можете вимкнути додаткові компоненти, які вам не потрібні, але ви не можете їх видалити – для цього потрібно відвідати панель керування.

Якщо потрібні додаткові компоненти, можна запобігти їх запуску на більшості веб-сайтів. Наприклад, є спосіб увімкнути функцію відтворення для Flash у Internet Explorer, хоча знайти його нелегко. Flash не запускатиметься автоматично на будь-яких веб-сайтах, якщо ви явно не дасте йому дозволу. Так само можна налаштувати інші встановлені додатки, запобігаючи їх запуску, за винятком конкретних веб-сайтів, на яких вони потрібні..

Використовуйте програмне забезпечення Anti-Exploit

Якщо ви використовуєте Internet Explorer чи ні, ви повинні використовувати анти-exploit-програму, але це подвійно важливо для користувачів IE. Ці програми переглядають веб-браузери для звичайних типів атак і припиняють їх, якщо виявлено атаку. Якщо зловмисник намагається використати Internet Explorer, цей тип утиліти може запобігти цьому. Сучасні браузери все більше інтегрують ці види анти-експлуатаційних методів, але Internet Explorer залишився позаду і не робить цього.

Тут є кілька варіантів. Microsoft робить свій власний інструмент EMET, який буде працювати, але це не найзручніше програмне забезпечення. Ми любимо Malwarebyte Anti-Exploit. Вам не потрібна платна версія; безкоштовна версія захистить Internet Explorer та інші браузери.

Тримайте оновлення Internet Explorer

Дуже важливо, щоб оновити Internet Explorer. Корпорація Майкрософт продовжує активно підтримувати Internet Explorer з виправленнями безпеки, і ви повинні встановлювати їх, якщо ви його використовуєте.

Оновлення Internet Explorer надходять через службу Windows Update, тому вони автоматично встановлюються в Windows 10. У Windows 7 і 8.1 обов’язково регулярно оновлюйте. Можна ввімкнути автоматичне оновлення або за допомогою служби Windows Update повідомлятиме вас про наявні оновлення, щоб ви могли завантажити та встановити їх у зручність. Не відкладайте встановлення оновлень: Internet Explorer як і раніше є великою ціллю для зловмисників.

Уникайте використання Internet Explorer якомога більше

Все, що сказано, найкращий відгук – використовувати Internet Explorer якомога менше. Навіть якщо у вас є старий веб-сайт або кілька старих веб-сайтів, які працюють тільки в Internet Explorer, вам не потрібно постійно використовувати Internet Explorer. Ви можете використовувати Google Chrome, Mozilla Firefox або Microsoft Edge для більшої частини вашого веб-перегляду та використовувати лише Internet Explorer для цих веб-сайтів. Не встановлюйте IE як веб-переглядач за промовчанням.

Important: The Internet Explorer 11 desktop application is retired and out of support as of June 15, 2022 for certain versions of Windows 10.

You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. Learn how.

The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. Disable IE today.

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you’re running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

Symptoms

Consider the following scenario:

In a network environment, you are running Windows Internet Explorer 7 on a Windows Vista Service Pack 1 (SP1)-based computer or on a Windows Server 2008-based computer.

You configure the following Group Policy settings for Internet Explorer:

You enable the “Locked-Down Local Machine Zone Template” policy.

You disable the “Web sites in less privileged Web content zones can navigate into this zone” policy.

You try to visit a Secure Sockets Layer (SSL) Web site by using Internet Explorer 7 on the computer on which you applied these Group Policy settings.

In this scenario, the following certificate error Web page is displayed:

There is a problem with this website’s security certificate.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended) .

If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting. When going to a website with an address such as https://example.com, try adding the ‘www’ to the address, https://www.example.com. If you choose to ignore this error and continue, do not enter private information into the website. For more information, see “Certificate Errors” in Internet Explorer Help.

After you click Continue to this website (not recommended), nothing happens.

This issue occurs if the SSL Web site that you try to visit is located in a zone that has more restricted permissions than the Internet zone, such as an intranet zone.

Resolution

Windows Vista Service Pack 1 and Windows Server 2008 hotfix information

A supported hotfix is now available from Microsoft. However, it is intended to correct only the problem that is described in this article. Apply it only to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

Prerequisites

There are no prerequisites.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

Registry information

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows To enable this hotfix after installation, follow these steps:

Click Start, type regeditin the Start Search box, and then press ENTER.

Locate and then click the following registry subkey:

On the Edit menu, point to New, and then click Key.

Type the following key name, and then press ENTER:

On the Edit menu, point to New, and then click DWORD Value.

Type iexplore.exe, and then press ENTER.

On the Edit menu, click Modify.

Type 1, and then click OK.

Exit Registry Editor.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista and Windows Server 2008 file information notes

The files that apply to a specific product, milestone (RTM, SP n), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.

Chris Hoffman is Editor-in-Chief of How-To Geek. He’s written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader’s Digest, been interviewed as a technology expert on TV stations like Miami’s NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times—and that’s just here at How-To Geek. Read more.

Anti-exploit programs provide an additional layer of security by blocking the techniques attackers use. These solutions can protect you against Flash exploits and browser vulnerabilities, even new ones that haven’t been seen before or patched yet.

Windows users should install the free Malwarebytes Anti-Exploit program to help secure their web browsers. Unlike Microsoft’s also-useful EMET, Malwarebytes doesn’t require any special configuration — just install it and you’re done.

Update: On Windows 10, the built-in Windows Defender antivirus now includes exploit protection. This replaces Microsoft’s EMET, and is installed by default for everyone. Malwarebytes Premium now includes anti-exploit features, too—it’s no longer a separate tool.

Malwarebytes Anti-Exploit

We recommend Malwarebytes Anti-Exploit for this. The free version shields web browsers like Internet Explorer, Chrome, Firefox, Opera, and their plug-ins like Flash and Silverlight, as well as Java. The paid version shields more applications, including the Adobe PDF reader and Microsoft Office applications. (If you’re using the free version, this is a good reason to just use the PDF viewer built into your browser. But the free version does shield Adobe Reader as long as it’s loaded as a browser plug-in.)

Anti-exploit programs can help protect you from serious attacks, and Malwarebytes Anti-Exploit offers a good free version, is easy to set up — just install it — and provides solid protection. Every Windows user can get additional protection against the main attacks online — browser and plug-in exploits — and should install this. It’s a good form of defense against all these Flash 0-days.

Malwarebytes notes that this application successfully stopped three big Flash zero-days near the start of 2015. They note “four layers” of protection enabled by Malwarebytes Anti-Exploit. In addition to ensuring DEP and ASLR are enabled for that application on a 64-bit operating system, the tool stops techniques used bypass operating system security protections as well as malicious API calls. It also watches an application and stops it if it behaves in a way that doesn’t seem appropriate to its type of application.

For example, if Internet Explorer decides to start using the CreateProcess API function in Windows, this tool can notice it’s doing something unusual and stop it. If Chrome or the Flash plug-in try to start writing to files they never should, they can be instantly terminated. Other protections help stop buffer overflows and other nasty, but common, techniques used by malware. This doesn’t use a signature database like an antivirus program — it hooks into certain vulnerable programs and just protects against potentially harmful behavior. This allows it to stop new attacks before signatures are created or patches are created.

Technically, MBAE works by injecting its DLL into these protected applications, as you can see with Process Explorer. It only affects those specific applications, so it won’t slow down or interfere with anything else on your system.

Microsoft EMET

Microsoft has been providing a free tool known as EMET, or the Enhanced Mitigation Experience Toolkit, for longer than Malwarebyes Anti-Exploit has been available. Microsoft primarily targets this tool at system administrators, who can use it to secure many PCs on larger networks. While there’s a decent chance EMET has been set up on a work PC you have access to, you probably aren’t already using it at home.

There’s nothing to stop you from using EMET at home, however. It’s free and provides a wizard that makes it not too hard to set up.

EMET works similarly to Malwarebytes Anti-Exploit, forcing certain protections to be enabled for potentially vulnerable applications like your web browser and plug-ins and blocking common memory exploit techniques. You can use it to lock down other applications if you’re willing to get your hands dirty. Overall, though, it’s nowhere near as user-friendly or set-it-and-forget-it as Malwarebytes Anti-Exploit. Malwarebytes Anti-Exploit also seems to offer more layers of defense, according to this comparison of EMET and MBAE from Malwarebytes.

HitmanPro.Alert

HitmanPro.Alert offers similar anti-exploit protections to those found in Malwarebytes Anti-Exploit and EMET. This is the most recent option available here, and — unlike the above tools — these protections aren’t available in the free version. You’ll need a paid license to benefit from the anti-exploit protections in HitmanPro.Alert. We don’t have as much experience with this solution, as HitmanPro.Alert just recently gained these features.

We include this here just for the sake of completeness — most people will be fine with a free anti-exploit tool to protect their browsers. While HitmanPro.Alert may tout some more specific memory protections over other solutions, it won’t necessarily perform better than MBAE or EMET against real-world threats.

While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs. It may be possible to rig Malwarebytes Anti-Exploit and EMET to work together, but you aren’t necessarily getting twice the protection — there’s a lot of overlap.

These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too.