|Internet Explorer Data Sheet
|Knowledge Base on ThiefWare and other
WhenU w/ SaveNow
Microsoft Internet Explorer
- [Click here]
for Microsoft Internet Explorer settings or read the whole page to get more background and
- [Click here]
for Smart Tag disabling code.
We do not yet consider
Internet Explorer (a.k.a. IE or MSIE) ThiefWare though it came close to earning that label
in 2001. IE provides a security risk for all users by including ActiveX controls. ActiveX
allows for hidden automatic software downloads and hidden installations should your
specific computer be configured that way. The informed user community and the Webmaster
community would be elated if Microsoft would help put a stop to this ActiveX nonsense.
But, we shouldn't hold our breath on that one.
The comments area below outlines a way
to set higher security levels for ActiveX controls. ActiveX set to these security settings
should be enough to prevent automatic hidden installations of ThiefWare (a.k.a. drive-by
downloads). ActiveX is a programming language that executes within Internet Explorer.
Unfortunately this programming environment allows hackers and ThiefWare open access to
your computer when settings are set to allow ActiveX to run unfettered.
With that said you still need to be wary of software bundles as ThiefWare
can be hidden within a software bundle installation. Installers run independently of the
MSIE browser. If you download a software bundle willingly, but do not verify whether or
not it has ThiefWare included, you run the risk of having ThiefWare installed. Certain
free software bundles are popular venues of deceiving people into installing unwanted
software. Just be sure to verify the source of the software download and educate your kids
of the risks of file sharing programs that are often loaded with ThiefWare.
SOFTWARE NAMEActiveX within Internet Explorer Browser
SUPPLIER NAME / URLMicrosoft / www.microsoft.com
AD TYPESActiveX can install any type of adware, or ThiefWare programs.
Although Microsoft does not currently distribute their own form of advertising within their browser,
in 2001 Microsoft planned to release MSIE with Smart Tags. The general Webmaster community
did not approve and immediately went into an uproar regarding the Smart Tag links. Microsoft that
time decided it was in their best interests to listen to the Webmaster's complaint.
See articles about the problems that would be caused by Smart Tags:
- Ratio Corp. opposes Microsoft Smart Tags
and lodges complaint with the United States Attorney General
Tags link to another Microsoft controversy
DISTRIBUTION METHODDirect download of Internet Explorer w/ ActiveX and/or
bundled with Microsoft Windows OS.
AFFECTED BROWSERSMicrosoft Internet Explorer, all versions from 4.0 and up.
EASE OF DIRECT REMOVALUninstalling is not an option for people using a
computer loaded with Microsoft's operating system (Windows98, Windows2000, WindowsME, WindowsXP SP1
& SP2, and other Windows OS versions). MSIE is integrated into the Windows OS. Apple computer
users do not need to keep MSIE installed on their computers, but should install another browser
before removing IE. UNIX, LINUX, FREEBSD, and other UNIX flavor computers do not run MSIE natively.
since neither browser runs hidden ActiveX controls**. Hidden ActiveX controls can auto download various
software or even malicious viruses if a site owner employed such methods.
* We no longer mention Netscape as a
browser replacement since Netscape is simply a Mozilla browser rebranded. Mozilla is the pure form of
** Mozilla does have a plugin available for ActiveX. Even though the Mozilla ActiveX environment is
a bit more secure, we still do not recommend installing it due to security issues (Mozilla notes this
precaution in their FAQ's). The Mozilla ActiveX plugin is a seperate installation program—NOT included
with Mozilla's installer.
Although not currently a problem, Microsoft did provide an HTML work-around. It involves the Webmaster
inserting the following line of code (below) between the header tags at the top of the HTML code.
Disable Smart Tags parsing on web pages for IE (prevent parsing tag):
<meta name="MSSmartTagsPreventParsing" content="True">
We feel this should not be necessary. The Web site owner should have the option of opt-in instead
of being told they have to opt-out by adding this tag to every page.
OTHER COMMENTSFor those that want to use MSIE, set ActiveX controls to
prompt you for permission or disable them.
ActiveX has been exploited by Gator partner sites to install Gator
(Claria's ThiefWare application) onto your computer. If you are wondering how Gator or
another ThiefWare application got onto your computer without your knowledge, this might be
the reason. eZula's TopText has been reported to have been installed with the same
technique. Other spyware applications may also utilize ActiveX to auto-install their
software. This happens when a Web site deliberately uses an ActiveX component to
run from it's Web server and execute via MSIE. The ActiveX is programmed to download and
save the application to your computer. It possible do that without your knowledge unless
you change your settings within MSIE.
The reason it happens is that many users have a low security setting for
ActiveX controls and do not realize these low security settings allow ActiveX to do
various activities on your computer without letting you know before hand. They act on
auto-pilot without user prompts.
Microsoft Internet Explorer Settings
To make IE give you prompts and feedback, set the following controls:
- Look under main menu item: Tools
- Go to: Internet Options
- Select: Security tab
- Select icon: Internet
- For Internet Zone, click button: Custom
- Click: Settings
- ~ Security Settings window pops up ~
- Under ActiveX Controls and Plugins
change these settings:
||Download signed ActiveX
||Download unsigned ActiveX
||Initialize and script ActiveX
controls not marked as safe
||Run ActiveX controls and
||Script ActiveX controls marked
safe for scripting
Setting everything to Disable for ActiveX controls could be
done. However, this will stop Flash from working on your MSIE browser and various sites
that you visit will stop working if those sites make heavy use of Flash.
Unfortunately with these settings above you end up getting OK-cancel
popup warnings for sites with Flash which is a drawback. Netscape, Opera, and other
browsers do not have the same vulnerability because they do not use ActiveX.
The difference between signed and unsigned or
marked safe and not marked as safe regarding ActiveX does not
clearly designate whether or not the ActiveX programs are actually safe. Who's the safety
inspector and what are their safety standards. Is it Microsoft? If it is, Microsoft
doesn't really have a great track record when it comes to security. After all the United
State Homeland Security recommends users to not use Microsoft Internet Explorer due to a
high amount of security holes within their browser and email software mainly due to the
It should not be necessary to disable everything in the security window nor
would you want to do that because so much of the web relies on various functions. But if
you don't know what to expect from a site and the site puts up an ActiveX control, you can
deny it from running if you can't trust the site.
Those settings above will help protect you substantially and alert you to
any ActiveX that would normally sneak up on you and install software onto your computers.
Why should you care?
If ActiveX can sneak programs onto your computer, ActiveX could also sneak Viruses onto
your computer from Web sites. Changing your security settings for ActiveX should minimize
that threat to you.
Switch to Another Browser
However, the best solution is to simply not use MSIE. Do yourself a favor and use another
browser. Mozilla is Free and has a
complete browser and email software package that is much more secure than MSIE with
OutLook Express. Mozilla's package is quite comparable if not better than Microsoft's
Internet Explorer browser with OutLook Express email client. Mozilla can also import your
email address book so you don't need to re-enter all of your address book email addresses.
The Bookmarks Manager can import MSIE's Favorites links (see this page).
Mozilla is our browser and email software of preference since 2002. We especially
appreciate the Tabs for browsing feature for handling browser windows.
As was stated earlier, the Opera browser is a good alternative too. See the
Opera browser here.
WhenU w/ SaveNow
Microsoft Internet Explorer