Friday, July 08, 2005

more on IE Security

I came across this interesting KB, How to stop an ActiveX control from running in Internet Explorer, at MS TechNet which mentions the Compatibility Flags key controling the activation/execution of Active-X controls in Internet Explorer. The key is

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

The article directs setting the Flag to COMPAT_EVIL_DONT_LOAD = 0x00000400
Pretty descriptive name, eh?
All the flags are listed at COMPAT Enumerated Type (Internet Explorer - COM)

This seems to be effective even on machines w/o XP-SP2 which added the HelperObject Manager. I need to look and see if that tool is simply setting these keys.


Blogger Allan Wolff said...

Some general overview articles which discuss the general state of affairs with browsers:

"Is It Time to Ditch IE?" at

"No safe Web Browser" at CNET
or print form at
or at,39024650,39197843,00.htm

12:56 PM  
Blogger Allan Wolff said...

So having found Art Manion's piece which I referenced in the comment above, I went to the MS-IE blog and what should I find but a post about it with sixty (count 'em) comments so far!

1:00 PM  
Blogger Allan Wolff said...

Many of the comments at the IE blog are typical rants against MS, but there are a few reasoned comments both ways. Notable is this one from Paul at Grayhats Security: (
"The reasons that Firefox doesn't have as many vulnerabilities as IE are:
1) It is not as old as Internet Explorer
2) It doesn't have nearly as many features as IE has
3) It doesn't use the object html tag" (some posts doubts about this)

I also like this comment from someone else:
"And since you are all 'OPEN SOURCE IS GREAT' fanboys, why are you complaining to Microsoft? Since surely if you are so awesomely open source, then you use Linux or BSD, and you never touch Microsoft."

1:17 PM  

Post a Comment

<< Home