2
I have IE 6 on my family PC. Since I'm using Firefox, I don't intend to upgrade to IE 7. I'd like to block anyone using IE 6 as it is not secure. How to do this. I have seen my cousins typing iexplore and opening IE though I have told them to use Firefox!
darthvader
Posted 2009-07-31T23:48:05.467
Reputation: 3 709
5
Change the proxy information for IExplorer so that it cannot connect to the Internet.
Set the proxy server to 127.0.0.1 and leave the Bypass check box empty.
Doing this means that even if something else spans IE it will still not be able to connect to the Internet.
Jim McKeeth
Posted 2009-07-31T23:48:05.467
Reputation: 4 907
Chrome Browser is one of those applications as well. Just an FYI – Kelbizzle – 2010-02-26T17:30:38.870
6
Also watch out for unrelated applications that use IE proxy settings, like iTunes, which when using 127.0.0.1 will fail with vague error messages of doom. http://support.apple.com/kb/TS1490
– Kevin L. – 2009-08-01T01:32:25.263I would go for this. Works well! – darthvader – 2009-08-03T07:14:07.523
23
Not upgrading to IE7 (or IE8 for that matter) still leaves you insecure even if you never use it. There are many portions of windows that still use the IE rendering engine and system files that will remain vulnerable unless you upgrade. There's also 3rd party software that uses the IE rendering engine.
Johannes's answer about adding the Deny flag to iexplore.exe might work for preventing people from running the full browser. But don't delude yourself into thinking that makes you safe while you've still got the vulnerable IE6 core on the machine.
Ryan Bolger
Posted 2009-07-31T23:48:05.467
Reputation: 3 351
1+1. Good point. Better even upgrade to IE 8. – Joey – 2009-08-01T00:05:57.187
Really, he should do both. Keep the engine patched and up to date and prevent other users from using the browser. – Ryan Bolger – 2009-08-01T00:08:06.560
2Well, I'm a happy IE8 user here. Personally I don't see much of a point in actively trying to stand in other people's habits way. – Joey – 2009-08-01T00:13:01.850
1If he's in charge of support, I think it's ok for him to shape the environment. – hyperslug – 2009-08-01T00:45:07.743
1Come on now. This is a bit extreme. IE6 had security issues, but you are acting like your computer is going to go up in flames if someone even opens it. I used it for years until IE7 came out and never ONCE had a security breach. Just lock down the browser settings by putting it in high security mode and you will be fine. – JohnFx – 2009-08-01T02:21:20.967
JohnFx: I used to run a VM here for browsershots.org which was (a) XP and (b) did nothing else than opening web pages and taking screenshots of the browser, among those was IE 6. Recently my university's account was suspended because according to them I was sending out Spam. Took me a while to find out that not my Win 7 machines were affected but rather the VM silently running in background. It is a security risk and bad things do happen, even without explicitly running downloaded programs. – Joey – 2009-08-01T09:18:21.780
In addition, the type of person who would deliberately not upgrade IE6 to newer versions is generally the same type of person who would also ignore critical updates to IE6 for the same reasons. And that is what you have to worry about. So advocating the upkeep of the latest version of IE is effectively an attempt to protect the Internet at large from the next cog in a bot army. – Ryan Bolger – 2009-08-01T15:22:37.337
9
You can change the permissions on iexplore.exe and remove the execute permission:
This can be found1 in the file's properties > Security > Advanced > Change permissions. There you have to uncheck "Include inheritable permissions from this object's parent" and then you can edit the permissions for the appropriate user.
The user will then get the following message box when attempting to run the program:
Ryan is correct, though. You really should upgrade the browser since it is a core component of Windows and can be exploited (or used in other applications) without explicitly running the browser. You may prevent this by keeping mshtml.dll from running, but I suspect this will cause much more harm than good.
1 The screenshots and instructions here work on Windows 7, however this should look nearly identical on XP or other legacy Windows versions.
Joey
Posted 2009-07-31T23:48:05.467
Reputation: 36 381
1+1 thorough, accurate, pictures. Wish I could give you +1 for correct footnote styling. – hyperslug – 2009-08-01T00:47:36.937
+1 for detailed explanation. Would be helpful after migrating to Vista or 7 – darthvader – 2009-08-03T07:17:26.580
Works the same in XP, hence the footnote. – Joey – 2009-08-03T07:57:23.363
4
You should probably upgrade IE6 to IE8 anyway as the rendering engine is a standard Windows component and can't really be removed so there is still a possible security risk in having it around. Also, if they manually run IE8 it's not such a big deal as running IE6.
Mike McQuaid
Posted 2009-07-31T23:48:05.467
Reputation: 3 639
7Why do you have IE6 on your family PC? Why don't you just upgrade it so that your cousins can use iexplore more securely? – Nathan Fellman – 2009-08-03T08:26:33.963