Browser Security For the Lazy?

By eweek  |  Posted 2003-07-21 Print this article Print

A new Internet Explorer add-on makes it easy to change your security settings and others. Security Supersite Editor Larry Seltzer questions the value of that convenience, whatever the cost.

Internet Explorer may have eaten up the browser marketplace, but Im always seeing new third-party opportunities the platform creates. Im a big fan of the Google Toolbar and IE Booster.. The value of others, though, is doubtful.

Consider Winferno Softwares tool Secure IE 2003. According to the company it "works as a replacement shell for IE. It protects users accessing Web pages by intercepting cookies, Active X downloads, JavaScript, etc." In addition, it packs a variety of other features, such as a download accelerator, ad blocker and tabbed interface.

Now, I admit that I havent actually played with Winfernos product. Still, considering Secure IEs security side, I was just plain confused. Surely any Internet Explorer user can block these functions by using the Tools-Internet Options dialog box, also accessible as the Internet Control Panel. And I was right. Go to the security tab, make sure Internet is selected as the zone at the top, then click "Custom Level" at the bottom. It offers a list of many of these allegedly dangerous capabilities and options to block or mitigate them. On the Privacy tab you can find similar functions for blocking and managing cookies.

Just as with Secure IE, you can designate a specific site as trusted—unfettered by such restrictions—by adding it to the Sites list in the Trusted Sites zone back on the Security tab. You can also relax cookie restrictions easily for specific sites.
In addition, Secure IE intercepts and virus-scans all file downloads, but you need to have an antivirus scanner like Norton Anti-Virus 2003 or McAfee Virus Scan 7 already installed. In fact, when you download files they will be written to a local drive and scanned automatically.

When I questioned Winferno about this, the company agreed that every security feature of the product was already available in the IE menus. However, representatives argued that most users dont know how to use those menus, and customers will find Secure IE easier to use. I suppose its possible that some persons may find it easier to use. But how much easier can it possibly be?

Anyone who concludes from this column that users should go into their Tools-Internet Options menu and block things such as ActiveX would be mistaken. (Some readers may remember that ActiveX was the original Internet security scare. From the time Microsoft first released it, critics predicted widespread disaster as rogue controls wrought havoc on innocent users. Nothing of the sort has happened.)

Go block ActiveX and JavaScript and see the quality of your browsing experience. Youll find that many Web sites become much harder to read, even unreadable. This action will also turn off Flash (Winferno calls this a feature, and I guess thats a matter of opinion). Windows Update will be inaccessible, at least until you take the time to put into the trusted list.

As for Secure IEs other features, all can be found in other developers add-ons or even browsers, such as the tabbed interface enjoyed by Mozilla users. Ive reviewed download managers before. Some of them worked, some did little or nothing. However, theyre only useful if you download a lot of files from a broadband connection. Id add that such voluminous downloading can bring its own share of concerns; its usually the last thing a security-conscious Windows user wants to do. Downloads can often be more trouble than theyre worth.

For some, Secure IE may be worth looking into. At the same time, the products name makes it clear that the security features are the thrust of the product. With that in mind, if you want to disable a lot of useful browser capabilities, you can easily do it on your own without spending $29.95.

Do you think Secure IEs convenience is worth paying for? Drop me a line and give me your opinion.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel