How Internet Explorer Protected Mode helps prevent unwanted software? Why do you need to enable IE Protected Mode in all security zones of the browser?
Internet Explorer Protected Mode
The protected mode in Internet Explorer helps protect from websites that try to install programs or save files on your PC. It’s a security feature in Internet Explorer versions 7, 8, and the upcoming version 9. All of the security zones of Internet Explorer uses protected mode, except the Trusted and Intranet zones.
Protected mode will display a warning when a webpage try to install or save software and files, or if a webpage try to execute some software, outside of Internet Explorer and protected mode.
How Protected Mode Displays Warnings
You are maybe visiting a website that will try to run particular software in your computer such as Microsoft Data Access Components (MDAC) such as Remote Data Services Data Control or other software that is integrated in IE or system: If protected mode is not enabled or the computer uses IE6 or earlier version of IE which does not have protected mode feature, the website can use particular software such controls or add-ons that could be vulnerable, to send and retrieve data from or to the server and the target computer. This kind of incidents often occurs when a webpage is malicious or if the website has been hacked or compromised.
IE Protected mode, if enabled prevents such scenario from happening by blocking and displaying the warning. Another warning that protected mode can display is when a webpage try to install an add-on: In the above screenshot, it’s a rogue website that tries to install rogue software or add-on. With protected mode enabled, the malicious or unsafe action in IE is prevented.
Why Protected Mode is Off, when You Did Not Disable It
The Internet Explorer in Vista and Windows 7 operating systems includes User Account Control (UAC) feature. Disabling UAC also disables protected mode of IE. If you want to use protected mode which is recommended, you should not turn-off UAC in Windows.
You can determine if protected mode is disabled when you see the information bar that says it is disabled, or if the status bar of IE shows “Protected Mode: Off": To enable the security feature in Internet Explorer, simply double-click “Protected Mode: Off" icon in the status bar to bring up Internet Security settings window, and then put a check in the box before “Enable Protected Mode" then click OK button. Restart the browser to apply the changes.
Windows customers who try to disable protected mode in IE will receive a warning, as well:
How to Take Advantage of Protected Mode in Ie?
As mentioned earlier, protected mode is not enabled by default in Intranet and Trusted Sites zone of IE. This is not recommended settings anymore because there is a finding that protected mode can be bypassed due to vulnerability. To prevent this from happening, install the security updates and fixes for Windows and its components such as Internet Explorer, Office, etc. Use an antivirus and firewall programs to protect the computer while browsing the Internet, downloading and executing files. Also, change the settings of Internet Explorer by enabling protected mode on all types of zones: Trusted, Intranet, Internet and Restricted Sites zones.
Other actions that you should consider to take:
- Disable or uninstall add-ons in the browser that you don’t use or could be use by malicious or compromised websites to infecting the computer.
- Take advantage of InPrivate Browsing in Internet Explorer when surfing the Internet. This feature can prevent storing of data in your computer.
Use InPrivate Filtering in IE to prevent websites to spy on your browsing habits.
If possible, consider using firewall software or any security software that can block sites in serving or retrieving files or data without your consent. An example of this firewall software is Outpost Firewall Pro that provides web-control or protection when browsing the Internet or retrieving or viewing e-mail messages.
- Secure the settings of IE, even if you are not using it because the system and some software for Windows use the settings of IE's Internet Options, or other configurations.
Image credits: Screenshot taken by the author. http://upload.wikimedia.org/wikipedia/commons/b/b7/Internet_Explorer_9_wordmark.svg By Microsoft Corporation (This vector image was created with Inkscape.) [Public domain], via Wikimedia Commons