Overview

The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with Service Pack 2 (SP2) in three distinct environments:

Information about the security features in SP2 was included as an appendix to the previous version of this guide. This information has now been integrated throughout the guide, and thoroughly tested templates for Windows Firewall security settings (Windows Firewall replaced the Internet Connection Firewall in SP2) are provided. Information is also provided about closing ports, Remote Procedure Call (RPC) communications, memory protection, e-mail handling, Web download controls, spyware controls, and much more.
This guide is primarily intended for consultants, security specialists, systems architects, and IT planners who plan application or infrastructure development and the deployment of Windows XP workstations in an enterprise environment. It is not intended for home users, but for individuals whose job roles include the following:

Download Windows XP Security Guide v2.1 (.zip)

Summary: This allows you to be administrator but run any program (ex: IE) in non Admin mode, protecting you from spyware & viruses properly. Keep in mind we’re using ONLY tools created by Microsoft, no 3rd party here.

Step 1. Install the MS Util “Drop My Rights” from here.
If you want to read (too much) about the utility here.

Step 2. Choose to install it to your WinDir folder (often C:\Windows\ ), do not create a special folder for it!

Step 3. When you want to run a program (or website) you can’t trust (IE) simply set your icon’s Target (found in the icon properties) to something like this

%windir%\DropMyRights.exe “c:\some\app.exe” n

The “n” is the privilege mode, you can choose from:
* “n” is normal non-admin user mode (best choice)
You still are yourself minus the admin privileges. Keep in mind that “n” mode still gives IE (spyware, virus) power over your personal files (read, delete), but prevents the spyware/virus from installing or infecting anything. You should always surf this way 24/7.

* “c” is for paranoid mode
Most things work, there is no read/write access to your files (this includes favorites) so you are protected from most anything.

* “u” is for super paranoid mode but most things won’t work correctly.
if you want to access a truly dangerous site then you want this setting

Step 4. (Optional) If you want to add a (MS created) toolbar to IE that shows your current privileges check here.

Side Notes:
- If you want to install an app you get from the web, save it to your PC first, you won’t be able to install it from within IE in protected mode (this is a good thing)

- Any application that the 1st application launches will use the same restrictive rights (ex: while in IE you click a PDF or Media Player, they will run in the same restricted mode).

- Windows Vista 2006 will have official support for this natively and will run IE in reduced mode by default

If you don’t want to change to a new browser I think that the above guide will help you secure IE so that spyware, adaware and all of that shit won’t infect your computer. The article was found on theSpoke.net. Maybe some people might find it useful…