As a follow up to two separate stories I wrote on vulnerable ActiveX controls affecting high-profile Web sites, here’s a quick primer on configuring Internet Explorer to handle ActiveX controls in a safe way.
These recommendations come from the US-CERT (Computer Emergency Response Team) and have been modified slightly for IE 7, the most up-to-date version of Microsoft’s browser.
Start by selecting Tools then Internet Options…
Select the Security tab. The Internet zone is where all sites initially start out. The security settings for this zone apply to all the Web sites that are not listed in the other security zones. US-CERT recommends the High security setting be applied for this zone. By selecting the High security setting, several features including ActiveX, Active scripting and Java will be disabled. With these features disabled, the browser will be more secure. Click the Default Level button and then drag the slider control up to High.
For more fine-grained control over what features are allowed in the zone, click the Custom Level button. Here you can control the specific security options that apply to the current zone. Default values for the High security setting can be selected by choosing High and clicking the Reset button to apply the changes.
Ensure that all default settings related to ActiveX Controls are disabled or set to be approved by an Administrator.