I’ve suggested this to the laity for years but often relented because I knew that being so restrictive would break 90% of the Web. But after spending this year cleaning trojans from many machines and finding XPSP2 a bit disappointing, I have decided to insist on it.
There is a tool (I wonder why this wasn’t added to IE6 in XPSP2?!?) that lets you to quickly build a whitelist of safe sites where you can allow all the bells and whistles to work while still filtering out all the garbage. With this tool, which works in Internet Explorer 5 and higher, you can turn off all scripting, Java and ActiveX for all the Web and only turn it on for the small fraction of sites that you actually care about and need. I didn’t know about this tool until recently. It’s a pain to build a whitelist manually which was why I didn’t insist on such tight security for my customers these last few years. Maybe this tool will make my case for me.