It is strongly recommended to do not browse the web being logged on as an administrator. You can create a restricted user account on your computer for this.
This will prevent the computer from damages caused by scripts on malicious sites.
Keeping an eye on the best practices, Microsoft has come up with a range of changes done on the default settings of the Internet Explorer browser.
The changes that were implemented are as below:
URL Security Zones
The Enhanced Security of Internet Explorer determines the required level of security for any web page by categorizing its URL into security zones based on its origin. Web pages from remote servers fall under the Internet security zone.
If the server has been known to deliver malicious content, the web pages on that server are categorized under Restricted site zone. The websites from trusted servers are categorized as Trusted site Zones.
Only the scripts, ActiveX, etc., on Trusted sites are allowed to be executed. Only under extreme conditions, when necessary, the categorization of sites should be changed manually.
The advanced settings under the Internet Explorer browser are the default values for components that have been known to cause harm to the system through malicious sites. These include settings related to browsing, Java, security, and multimedia.
Some of the options that come under the purview of advanced settings and are "Disabled" by default are:
• Enable third-party browser extension
• JIT compiler for Virtual Machine.
The features that are enabled are:
• Check for server certificate revocation,
• Empty Temporary Internet Files folder when browser is closed.
The advanced tab can be reached at by clicking on Internet Options -> Advanced.
By default the Home Page is set to a system decided location. This can be changed through the General Tab of the Internet Options windows.
It is always a best practice to read emails from Outlook Express in plain text format. By default the behavior of Outlook Express is to send and receive emails in plain text. It is always a best practice not to change these settings. Furthermore, make sure that the emails are sent and received through a limited user account from the server and not the administrator account.