Learn two ways to disable Internet Explorer

學習兩種禁用IE的方法

作者：Michael Mullins CCNA, MCP
翻譯：endurer

關鍵字：網頁瀏覽器 | 安全威脅 | 微軟Windows | 安全管理

Takeaway: Internet Explorer's laundry list of vulnerabilities and Firefox's growing popularity have made many users consider their browser alternatives. If you've had enough of dealing with IE's security flaws and decided to make a switch, learn two ways you can disable IE for your users. 概述： Internet Explorer的缺陷細目清單和火狐的日漸流行已經使一些使用者考慮他們的瀏覽器替代品。如果你已經疲於應付IE的安全漏洞並決定轉換，學習兩個可以為你的使用者們禁用IE的方法罷。 《endurer注： 1。laundry list  n. 細目清單 2。had enough of  vbl.受夠了,再忍受不住了》

Microsoft's Internet Explorer (IE) has long been a favorite target of hackers, and the frequent discovery of vulnerabilities over the years has only offered more incentive. In fact, Microsoft is

currently researching a new, unpatched flaw that could put users at risk of a cyberattack.

微軟的Internet Explorer (IE)向來是hacker們喜歡的物件，常年頻繁的缺陷發現提供了更多的刺激。實際上，微軟正在研究一個可置使用者於網路攻擊危險的新的、未打補丁的漏洞。
《over the years  prep.這些年來,在這幾年中》

In addition, the growing popularity of the Firefox browser has offered computer users a browser alternative—one that

millions of users have opted to try. While not immune to its own security issues, the default installation of Firefox is rather secure, and it doesn't support ActiveX controls, a common culprit of security issues.

另外，火狐的日漸流行已經為計算機使用者提供了瀏覽器替代品--上百萬的使用者已經選擇了嘗試。儘管本身存在安全問題，但火狐的預設安裝是比較安全的，並且它不支援ActiveX控制元件，這個安全問題的共同的罪魁禍首。
《opt to do sth. 選擇做某事》

So if you've had enough of dealing with IE's security flaws, how do you disable or remove Internet Explorer? If you're running Windows 2000 or XP, there's good news and bad news.

所以如果你已經疲於應付IE的安全漏洞，你怎樣禁用和移除IE？如果你正使用Windows 2000或XP,那麼有一個好訊息和一個壞訊息。

The bad news is that you can't remove IE without crippling your operating system. However, the good news is that you can disable IE for your users and move to a different browser.

壞訊息是你不能無損作業系統地移除IE。然而，好訊息是你可以為你的使用者們禁用IE並轉向不同的瀏覽器。

Several simple, popular methods exist to disable IE. The easiest way to remove users' ability to browse with IE is to add a bogus proxy server to IE's Internet Settings.

已經有一些簡單、常見的的禁用IE的方法了。移除使用者使用IE瀏覽的功能更容易的方法是在IE的Internet選項中新增一個偽代理伺服器。

Follow these steps:

步驟如下：

1. In IE, go to Tools | Internet Options.
   在IE中，工具 | Internet選項
   
2. On the Connections tab, click the LAN Settings button.
   在“連線”選項卡，點選“區域網設定”按鈕。
   
3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
   在對話方塊中，在“代理伺服器”節中選定下列選擇框：為LAN使用代理伺服器（這些設定不會應用於撥號或VPN連線）。
   
4. Enter 0.0.0.0 in the Address text box.
   在地址文字框中輸入：0.0.0.0
   
5. Enter 80 in the Port text box, and click OK.
   在埠文字框中輸入：80，然後擊點“確定”按鈕。

Please note that adding a bogus proxy server to your Internet settings won't affect Automatic Windows Update from connecting and updating your operating system.

請注意：新增一個偽代理伺服器到Internet選項中將不影響Windows系統的自動更新功能。

You can also restrict Internet settings via Group Policy. Follow these steps:

你也可以通過組策略限制Internet選項。步驟如下：

1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
   在域控制器上右擊包含你的域使用者的“組織單位”（Organizational Unit，OU），選擇“屬性”。
   
2. On the Group Policy tab, click Edit.
   在組策略選項卡上點選“編輯”。
   
3. Expand User Configuration to set restrictions on a per-user basis.
   展開使用者配置來設定在個別使用者為基礎的限制。
   
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
   展開Windows設定，和“Internet Explorer維護”。
   
5. Select Connection, and double-click Proxy Settings.
   選擇“連線”，雙擊“代理伺服器設定”。
   
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
   選定使用代理伺服器設定選擇框，新增0.0.0.0 到 HTTP entry，點選“確認”。
   
7. Expand Administrative Templates, and expand Windows Components.
   展開管理模板，和Windows元件。
   
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
   選擇Internet Explorer，雙擊禁止改變代理伺服器設定。
   
9. Select Enabled, and click OK.
   選擇可用，點選“確認”。
   

Remember that Enabled sets a restriction, Disabled prevents a restriction from applying to a group of users (even if you enable it for a broader category of users), and Not Configured doesn't set the restriction.

記住：使可用設定限制，禁用則防止限制應用到一個使用者組（你甚至能使它對更大的使用者類可用），而不配置則不設定限制。

Before you take any of these steps, download another browser, and test it on your current configuration. I highly recommend Mozilla's Firefox. After you install a new browser, answer Yes when it asks whether to make it your default browser.
在你做這些步驟前，下載其它瀏覽器，在當前配置下測試。我強烈推薦Mozilla的火狐。你安裝新的瀏覽器後，當它詢問是否設為預設瀏覽器時，回答“是”。

Final thoughts

最後總結

No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object (a file loaded with Internet Explorer) are all an attacker needs to control your system and steal your data. Microsoft designed IE for functionality—not security. And antivirus software can't defend your network against IE exploits.
不論微軟釋出多少補丁，ActiveX和瀏覽器幫助物件（一個隨IE裝載的檔案）是攻擊者控制你的系統和竊取你的資料所需要的全部。微軟設計IE以多功能性--不是安全性。反病毒軟體不能防衛你的網路免於IE漏洞利用。
《1。no matter  不論...
2。defend against  防衛...以免於》

Windows security isn't about eliminating security holes—it's about managing risk and user functionality. All operating systems have vulnerabilities, but Windows' popularity makes it the target of choice for most black hats.
Windows安全不在於消除安全漏洞——而在於管理風險和使用者功能。所有作業系統都有缺陷，但Windows的流行使它成為大多數黑帽子選擇的物件。
《be about  從事於》