No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object (a file loaded with Internet Explorer) are all an attacker needs to control your system and steal your data. Antivirus software cannot defend your network against these IE exploits and with the recent release of Metasploit Framework 2.0, a collection of tools for developing and testing exploit code, it seems that malicious hacking is about to reach new heights. The bad news is that you cannot remove IE without crippling your operating system. The good news is that you can disable IE and move to a different browser.
Before you disable Internet Explorer remember, even though the automatic update feature in Windows XP is not affected Microsoft does require IE in order to manually use their Windows Update website,.
Also, disabling IE does not remove it, which means the updates provided by Windows Update will still need to be installed.
Two methods for disabling IE
Several simple, popular methods exist to disable IE. Here are a couple. Before you take any of these steps, download another browser, and test it on your current configuration. I highly recommend Mozilla's Firefox. After you install a new browser, answer "Yes" when it asks whether to make it your default browser.
One way to remove the ability to browse with IE is to use XP's set program access and defaults utility.
Click on the Start button
Click on set program access and defaults
Select the Custom pull down list
Deselect the enable access to this program checkbox for Internet Explorer
Click ok
The second way is to add a bogus proxy server to IE's Internet Settings. Follow these steps:
In IE, go to Tools>>Internet Options.
On the Connections tab, click the LAN Settings button.
In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
Enter 0.0.0.0 in the Address text box.
Enter 80 in the Port text box, and click OK.
If you are in charge of a domain controller for a company, you can restrict Internet settings via Group Policy. Follow these steps:
On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
On the Group Policy tab, click Edit.
Expand User Configuration to set restrictions on a per-user basis.
Expand Windows Settings, and expand Internet Explorer Maintenance.
Select Connection, and double-click Proxy Settings.
Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
Expand Administrative Templates, and expand Windows Components.
Select Internet Explorer, and double-click Disable Changing Proxy Settings.
Select Enabled, and click OK.
Remember that Enabled sets a restriction, Disabled prevents a restriction from applying to a group of users (even if you enable it for a broader category of users), and Not Configured doesn't set the restriction.
Please note that adding a bogus proxy server to your Internet settings will not affect Automatic Windows Update from connecting and updating your operating system.