Secure IE 2004 Can Make Safe Browsing Easier

By Larry Seltzer  |  Posted 2004-07-22 Print this article Print

Opinion: IE replacement doesn't do much for expert users, but could save some novices from their own misbehavior. Or should those users just get Mozilla and be done with it?

A couple versions ago I looked at Secure IE from Winferno Software and was unkind to it. As I said at the time, it largely just automated settings in Internet Explorer you could make on your own and for free. I met some resistance at the time from colleagues who felt that the product could still be a convenience for users who would be intimidated by the IE settings. With that in mind and with the passage of time and feature advances in Secure IE I thought it was time to look again. After all, as you may have heard, there have been a couple of alleged security problems in Internet Explorer recently.

I tested the Preview Edition of Secure IE 2004. Its certainly more polished and has more features than the one I dismissed some time ago. I can see that perhaps unsophisticated users are better off with Secure IE and its much more rigorous defaults, but thats not the complete picture. Windows XP Service Pack 2 is just around the corner and will make considerable improvements in the security of Internet Explorer, but it doesnt do users of Windows 2000 or Windows 9x any good. Those users might need the extra protection of Secure IE. Incidentally, Winferno says Secure IE works well in an SP2 environment.

The bottom line about Secure IE is the same as with the previous version. Most of what it does could be done for free in standard Internet Explorer just by clicking the right buttons in Tools-Internet Options on the Security tab. It irks me that someone should sell this as a separate product, but I need to be more open-minded about it. I know perfectly well that end users dont understand this stuff and need their hands held. If Secure IE does the job for just $29.99, perhaps its money well-spent.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. And theres plenty more to recommend it. I ran it through a series of known IE vulnerabilities, some of which still work after the recent set of patches, although none of them appears to be serious. None of them worked in Secure IE. Many of these attacks, for example, rely on Javascript URLs, which Secure IE 2004 specifically blocks.

Secure IE replaces the standard access to Internet Explorer with a browser program that has more features, such as tabbed browsing. Mozilla advocates rave about tabbed browsing, but Ive never gotten the point. I always have several browser windows open. I can switch between them by alt-tabbing or clicking on the taskbar. In fact, the ability to switch between browsers using the same alt-tab mechanism that I already use with other programs seems superior to me. How are tabs better? But maybe you see it differently, so the feature is there in Secure IE.

Secure IE has a good approach to many of the "blocking" features. Much like IE in many ways, you can use the list of trusted sites to override inconvenient security settings for known sites you trust. This works, for example, with popup blocking and with ActiveX controls. By default, popups and ActiveX controls are blocked, but you can override this by adding a site to the Trusted Sites list. A short list of well-known ActiveX controls, including Flash and the Acrobat Reader, are allowed by default.

Because it replaces the actual browser shell, IE enhancements you might want, such as the Google Toolbar, dont work in Secure IE. I installed it, and (as I expected) it modified the regular IE on the system, even though I had made Secure IE the default browser.

Next Page: A free alternative to Secure IE.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel