Disable ActiveX How and Why
Part 1
Because:
The simplest, most effective way to secure a computer is:
Disable Unnecessary ActiveX Content.
But first, What is Active X?
ActiveX is a collection of
programs that provides much of the interactive content seen on modern
Web Sites. ActiveX allows a Web Site to load small programs on to
your computer, providing a video viewer for example. Sometimes this
is useful, but there is obvious abuse potential. Most people know
it's a bad idea to run an unknown program from an unknown source, but
thanks to ActiveX, just clicking on a link will do the same thing.
Nowadays ActiveX is the source of many if not most Web viruses and
spyware1.
The best way to prevent this malware from entering your computer in
the first place,is: disable Active X whenever feasible.
Open Windows Explorer:under tools choose Internet options.
1. Select Security from the tabs at the top, you will see (Fig 1):
Fig.
1: Internet Options-Security Tab
2. Choose
Internet Zone
3.Set security slider to High. (If there is no slider hit Default then set the slider to High)
4 Make sure you hit apply. (At this point, you could return to the browser and your computer will probably never get a virus from the Web, but many sites will no longer work--you might try it as an experiment though. Most people will want to partially restore the functionality so go on to the next step—see endnote 2)
5. Go to Custom Level a Long scrolling list appears: Fig. 2 shows three sections of this list. Enable the three items shown2.
Fig.
2: Security Settings
Hit OK
to exit; hit OK
again to exit the Internet options box
of Fig. 1 (The security slider
will no longer be there). Close Internet Explorer then re-open it to
make sure all settings take effect(you don't have to restart your
computer);You can restore the default setting later if you choose:
just hit the default
button of fig 1.
The
main side effect is that most
on-line
banking
and shopping services, also the Microsoft
update service
will
no longer work as “Internet zone” sites because they use
activeX. To allow these sites to work, you must label them as
“Trusted sites”. It is fairly easy to do this:
1.
Again, open Windows Explorer under tools
chose
Internet
options,,,
2.
Select
Security from
the tabs at the top.
This time however hit Trusted Sites and you will see(Fig 3):
Fig.
3: Internet Options Trusted Zone
Next hit the
button labeled “Sites”; that takes you to a list of the
“Trusted Sites”(Fig 4). If you haven't modified security
settings before, the list will probably be empty. You must add three
websites to this list to get Microsoft update to work:
Fig.
4: Trusted Sites List
Concerning the
check box labeled “Requires server verification (https) for all
sites in this zone:”: The https prefix on a site address means
that the site uses a secure transmission mode suitable for banking
etc. The Microsoft Update doesn't use this mode;you must clear the
check box to add the Microsoft Update site addresses. After you have
successfully added the Microsoft Update addresses, you may go back
and restore the check box; this restricts future additions to the
secure protocol. If you go to a website, say a banking site and you
can't get it to work ,then open the Trusted Sites window(hit
tools,Internet options...), Usually the site's address is already in
the upper box of Fig 4 If not, then copy the websites address from
the address bar and paste it to the “Add
this website to the zone” box,
It seems that all three of the entries in the “Websites box”
are required for windows update to work.
The main pitfall is that several weeks from now you may open a site that contains activeX, the site won't work and you will tear your hair out trying to figure out why it doesn't work ; you forgot about the activeX being disabled(happens to me sometimes) You will just have to remember to check the banner at the top informing you that the activeX's don't work, then add the site to the trusted zone.
Sometimes you may have to go back to Fig 1 and temporarily reset the security slider to Medium high to get a download to work—Adobe Reader is one example they use too much activeX there. Just remember to restore the High security levels when through.
Another side-effect is that Adobe Flash player and other on-line media programs won't work unless you make the site trusted. You may go to a Television news channel website for example; there will be no video on the TV news viewers : only a misleading message saying something like::
“your Flash Player plugin is out of date;click here to download a new one”
It will do you no good to download a new flash player—the only cure is to enable activeX for that website. For that reason you will probably have to forget about sites like Utube unless you want to make them trusted—obviously a bad idea.
Another issue concerning certain internet flagging programs such as Norton 360.: These programs that flag internet sites with warnings about reported virus's will no longer post those warnings. That's because they use Active X to implement the feature:I don't know of a workaround for this so you will have to make a decision on whether to block active content as described here or not. Here's my opinion Active X blocking as described here does not affect the virus scanning and other features. I have Norton 360 installed on a computer with active X blocked as described here and don't miss the internet flags because (1):Google and other major search services do that anyway. (2) the feature can only report a malware issue after they have been discovered and reporteded(window of vulnerability). During this time of vulnerability computers worldwide will have been infected--maybe yours. I find it best to block the active content because that's the main malware portal these days.
1If you doubt the statement: type activex along with terms like virus,spyware,malware etc.into Google or Google News.(or any other search)
2Brief
Explanation of the three items:
File download:
Enabling
allows Web sites to download files at your request. You could
disable but it's hard to use the Internet without file downloads,
Fortunately, (unlike activeX)when you click on a file download a box
appears asking open,run or save; that gives you a chance to think
about it.
Submit non-encrypted form data:
This
procedure occurs anytime you type into one of those little text
boxes(the basic Google search for example) You could choose
prompt but the prompts get
very annoying. (if you choose disable, hardly anything works) Just
remember: don't type sensitive information into any
part of any website
unless that website uses https and you trust that website.
Active
Scripting (I had to think
about this one):
Effectively, choosing disable shuts
down javascript(actually,
it also shuts down activeX and a few other things but but we have
already done that). Javascript is
very widely used (Google Images won't work if you choose disable)
and currently believed safe--as far as file security goes. It's
possible however for a prankster to make your browser do strange
things with javascript, and you never know what the hackers will
come with next. (Many Web Pages display popup -like windows with
this setting enabled—even with the ie8 popup blocker). As an
experiment, you might try prompt;if
you don't mind the constant prompting, then leave it that way.
Disable ActiveX How and Why