Secure IE 2004 Can Make Safe Browsing Easier

Opinion: IE replacement doesn't do much for expert users, but could save some novices from their own misbehavior. Or should those users just get Mozilla and be done with it?

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

A couple versions ago I looked at Secure IE from Winferno Software and was unkind to it. As I said at the time, it largely just automated settings in Internet Explorer you could make on your own and for free.

I met some resistance at the time from colleagues who felt that the product could still be a convenience for users who would be intimidated by the IE settings. With that in mind and with the passage of time and feature advances in Secure IE I thought it was time to look again. After all, as you may have heard, there have been a couple of alleged security problems in Internet Explorer recently.

I tested the Preview Edition of Secure IE 2004. Its certainly more polished and has more features than the one I dismissed some time ago. I can see that perhaps unsophisticated users are better off with Secure IE and its much more rigorous defaults, but thats not the complete picture. Windows XP Service Pack 2 is just around the corner and will make considerable improvements in the security of Internet Explorer, but it doesnt do users of Windows 2000 or Windows 9x any good. Those users might need the extra protection of Secure IE. Incidentally, Winferno says Secure IE works well in an SP2 environment.

The bottom line about Secure IE is the same as with the previous version. Most of what it does could be done for free in standard Internet Explorer just by clicking the right buttons in Tools-Internet Options on the Security tab. It irks me that someone should sell this as a separate product, but I need to be more open-minded about it. I know perfectly well that end users dont understand this stuff and need their hands held. If Secure IE does the job for just $29.99, perhaps its money well-spent.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

And theres plenty more to recommend it. I ran it through a series of known IE vulnerabilities, some of which still work after the recent set of patches, although none of them appears to be serious. None of them worked in Secure IE. Many of these attacks, for example, rely on Javascript URLs, which Secure IE 2004 specifically blocks.

Secure IE replaces the standard access to Internet Explorer with a browser program that has more features, such as tabbed browsing. Mozilla advocates rave about tabbed browsing, but Ive never gotten the point. I always have several browser windows open. I can switch between them by alt-tabbing or clicking on the taskbar. In fact, the ability to switch between browsers using the same alt-tab mechanism that I already use with other programs seems superior to me. How are tabs better? But maybe you see it differently, so the feature is there in Secure IE.

Secure IE has a good approach to many of the "blocking" features. Much like IE in many ways, you can use the list of trusted sites to override inconvenient security settings for known sites you trust. This works, for example, with popup blocking and with ActiveX controls. By default, popups and ActiveX controls are blocked, but you can override this by adding a site to the Trusted Sites list. A short list of well-known ActiveX controls, including Flash and the Acrobat Reader, are allowed by default.

Because it replaces the actual browser shell, IE enhancements you might want, such as the Google Toolbar, dont work in Secure IE. I installed it, and (as I expected) it modified the regular IE on the system, even though I had made Secure IE the default browser.

Next Page: A free alternative to Secure IE.