A couple versions ago I looked at Secure IE from Winferno Software and was unkind to it. As I said at the time, it largely just automated settings in Internet Explorer you could make on your own and for free.
I met some resistance at the time from colleagues who felt that the product could still be a convenience for users who would be intimidated by the IE settings. With that in mind and with the passage of time and feature advances in Secure IE I thought it was time to look again. After all, as you may have heard, there have been a couple of alleged security problems in Internet Explorer recently.
I tested the Preview Edition of Secure IE 2004. Its certainly more polished and has more features than the one I dismissed some time ago. I can see that perhaps unsophisticated users are better off with Secure IE and its much more rigorous defaults, but thats not the complete picture. Windows XP Service Pack 2 is just around the corner and will make considerable improvements in the security of Internet Explorer, but it doesnt do users of Windows 2000 or Windows 9x any good. Those users might need the extra protection of Secure IE. Incidentally, Winferno says Secure IE works well in an SP2 environment.
The bottom line about Secure IE is the same as with the previous version. Most of what it does could be done for free in standard Internet Explorer just by clicking the right buttons in Tools-Internet Options on the Security tab. It irks me that someone should sell this as a separate product, but I need to be more open-minded about it. I know perfectly well that end users dont understand this stuff and need their hands held. If Secure IE does the job for just $29.99, perhaps its money well-spent.
And theres plenty more to recommend it. I ran it through a series of known IE vulnerabilities, some of which still work after the recent set of patches, although none of them appears to be serious. None of them worked in Secure IE. Many of these attacks, for example, rely on Javascript URLs, which Secure IE 2004 specifically blocks.
Secure IE replaces the standard access to Internet Explorer with a browser program that has more features, such as tabbed browsing. Mozilla advocates rave about tabbed browsing, but Ive never gotten the point. I always have several browser windows open. I can switch between them by alt-tabbing or clicking on the taskbar. In fact, the ability to switch between browsers using the same alt-tab mechanism that I already use with other programs seems superior to me. How are tabs better? But maybe you see it differently, so the feature is there in Secure IE.
Secure IE has a good approach to many of the “blocking” features. Much like IE in many ways, you can use the list of trusted sites to override inconvenient security settings for known sites you trust. This works, for example, with popup blocking and with ActiveX controls. By default, popups and ActiveX controls are blocked, but you can override this by adding a site to the Trusted Sites list. A short list of well-known ActiveX controls, including Flash and the Acrobat Reader, are allowed by default.
Because it replaces the actual browser shell, IE enhancements you might want, such as the Google Toolbar, dont work in Secure IE. I installed it, and (as I expected) it modified the regular IE on the system, even though I had made Secure IE the default browser.
Next Page: A free alternative to Secure IE.
Page 2
Like I said, if Secure IE does the job for just $29.99, perhaps its money well-spent. But theres an alternative. If youre open to the idea of not using the orthodox Internet Explorer, even with XP Service Pack 2, then perhaps you should just save the $29.99 and start using Mozilla or Firefox. Ive been using Firefox on and off for a few weeks now, and theres a lot to like about it.
There are definitely a lot of little problems, just as there are with Secure IE (for example, neither of them print as well as Internet Explorer), but its free and is being actively developed and youre actually more likely to fly under the radar of IE-specific attacks than you are with Secure IE. Of course, with Secure IE youre much more likely to have good luck with those sites that demand Internet Explorer, and if you need to run an ActiveX control you can.
Theres a lot more to Secure IE that I havent covered, and if youre interested you should read through the product page on Winfernos site. I suppose I would rather have a novice user running Secure IE than regular IE in XP SP1, but advanced users can protect themselves just fine with XP SP2.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:
More from Larry Seltzer