ThiefWare · Microsoft Internet Explorer Data Sheet

Alerting the public to the unethical use of Internet technology and software

•	H o m e
•	Mission, What is ThiefWare?
•	TW Knowledgebase, Reports, Comments
•	Articles, View Points
•	ThiefWare Removal
•	ThiefWare Ad List
•	Disablers (RidText, etc.)
•	ThiefWare Screen Shots
•	Links to Resources/ TW Partner Sites
•	Contact ThiefWare.com, Add Your URL (listing)
•	ThiefWare Newsletter for Updates/Alerts
•	Site Map of ThiefWare.com

SpyZooka

Blast all sorts of ThiefWare (malware, keyloggers, and some of the most dangerous spyware) from your computer. Click here to find out more and get a free scanner.

Replace Gator
with

Robo Form

FREE Download! Need a Gator replacement to fill in forms? Looking for a Gator alternative that won't push popup ads and not track your movements on the net? Roboform does what Gator does (and better). Read more about it...

page located via: saving gator application to harddrive. installing spyware on hard drive - drive by downloads (drive-by). 180solutions thiefware and other spyware saved to your computer. microsoft internet explorer security settings msie activex protections.

Internet Explorer Data Sheet

Knowledge Base on ThiefWare and other Software

Knowledgebase HOME • Gator • WhenU w/ SaveNow • TopText (eZula)
EasyLinks (Surf+) • Flyswat • Microsoft Internet Explorer

[Click here] for Microsoft Internet Explorer settings or read the whole page to get more background and recommendations.
[Click here] for Smart Tag disabling code.

We do not yet consider Internet Explorer (a.k.a. IE or MSIE) ThiefWare though it came close to earning that label in 2001. IE provides a security risk for all users by including ActiveX controls. ActiveX allows for hidden automatic software downloads and hidden installations should your specific computer be configured that way. The informed user community and the Webmaster community would be elated if Microsoft would help put a stop to this ActiveX nonsense. But, we shouldn't hold our breath on that one.

The comments area below outlines a way to set higher security levels for ActiveX controls. ActiveX set to these security settings should be enough to prevent automatic hidden installations of ThiefWare (a.k.a. drive-by downloads). ActiveX is a programming language that executes within Internet Explorer. Unfortunately this programming environment allows hackers and ThiefWare open access to your computer when settings are set to allow ActiveX to run unfettered.

With that said you still need to be wary of software bundles as ThiefWare can be hidden within a software bundle installation. Installers run independently of the MSIE browser. If you download a software bundle willingly, but do not verify whether or not it has ThiefWare included, you run the risk of having ThiefWare installed. Certain free software bundles are popular venues of deceiving people into installing unwanted software. Just be sure to verify the source of the software download and educate your kids of the risks of file sharing programs that are often loaded with ThiefWare.

SOFTWARE NAME

ActiveX within Internet Explorer Browser

SUPPLIER NAME / URL

Microsoft / www.microsoft.com

AD TYPES

ActiveX can install any type of adware, or ThiefWare programs. Although Microsoft does not currently distribute their own form of advertising within their browser, in 2001 Microsoft planned to release MSIE with Smart Tags. The general Webmaster community did not approve and immediately went into an uproar regarding the Smart Tag links. Microsoft that time decided it was in their best interests to listen to the Webmaster's complaint.

See articles about the problems that would be caused by Smart Tags:

DISTRIBUTION METHOD

Direct download of Internet Explorer w/ ActiveX and/or bundled with Microsoft Windows OS.

AFFECTED BROWSERS

Microsoft Internet Explorer, all versions from 4.0 and up.

EASE OF DIRECT REMOVAL

Uninstalling is not an option for people using a computer loaded with Microsoft's operating system (Windows98, Windows2000, WindowsME, WindowsXP SP1 & SP2, and other Windows OS versions). MSIE is integrated into the Windows OS. Apple computer users do not need to keep MSIE installed on their computers, but should install another browser before removing IE. UNIX, LINUX, FREEBSD, and other UNIX flavor computers do not run MSIE natively.

Use Mozilla* or Opera since neither browser runs hidden ActiveX controls**. Hidden ActiveX controls can auto download various software or even malicious viruses if a site owner employed such methods.
* We no longer mention Netscape as a browser replacement since Netscape is simply a Mozilla browser rebranded. Mozilla is the pure form of the browser.

** Mozilla does have a plugin available for ActiveX. Even though the Mozilla ActiveX environment is a bit more secure, we still do not recommend installing it due to security issues (Mozilla notes this precaution in their FAQ's). The Mozilla ActiveX plugin is a seperate installation program—NOT included with Mozilla's installer.

LINK DISABLE METHOD (server-side)

Although not currently a problem, Microsoft did provide an HTML work-around. It involves the Webmaster inserting the following line of code (below) between the header tags at the top of the HTML code.

Disable Smart Tags parsing on web pages for IE (prevent parsing tag):

<meta name="MSSmartTagsPreventParsing" content="True">

We feel this should not be necessary. The Web site owner should have the option of opt-in instead of being told they have to opt-out by adding this tag to every page.

OTHER COMMENTS

For those that want to use MSIE, set ActiveX controls to prompt you for permission or disable them.

ActiveX has been exploited by Gator partner sites to install Gator (Claria's ThiefWare application) onto your computer. If you are wondering how Gator or another ThiefWare application got onto your computer without your knowledge, this might be the reason. eZula's TopText has been reported to have been installed with the same technique. Other spyware applications may also utilize ActiveX to auto-install their software. This happens when a Web site deliberately uses an ActiveX component to run from it's Web server and execute via MSIE. The ActiveX is programmed to download and save the application to your computer. It possible do that without your knowledge unless you change your settings within MSIE.

The reason it happens is that many users have a low security setting for ActiveX controls and do not realize these low security settings allow ActiveX to do various activities on your computer without letting you know before hand. They act on auto-pilot without user prompts.

Microsoft Internet Explorer Settings

To make IE give you prompts and feedback, set the following controls:

Look under main menu item: Tools
Go to: Internet Options
Select: Security tab
Select icon: Internet
For Internet Zone, click button: Custom Level
Click: Settings
~ Security Settings window pops up ~

Under ActiveX Controls and Plugins change these settings:

•	Download signed ActiveX controls	Prompt
•	Download unsigned ActiveX controls	Disable
•	Initialize and script ActiveX controls not marked as safe	Disable
•	Run ActiveX controls and plug-ins	Prompt
•	Script ActiveX controls marked safe for scripting	Prompt

Setting everything to “Disable” for ActiveX controls could be done. However, this will stop Flash from working on your MSIE browser and various sites that you visit will stop working if those sites make heavy use of Flash.

Unfortunately with these settings above you end up getting OK-cancel popup warnings for sites with Flash which is a drawback. Netscape, Opera, and other browsers do not have the same vulnerability because they do not use ActiveX.

The difference between “signed” and “unsigned” or “marked safe” and “not marked as safe” regarding ActiveX does not clearly designate whether or not the ActiveX programs are actually safe. Who's the safety inspector and what are their safety standards. Is it Microsoft? If it is, Microsoft doesn't really have a great track record when it comes to security. After all the United State Homeland Security recommends users to not use Microsoft Internet Explorer due to a high amount of security holes within their browser and email software mainly due to the ActiveX exploits.

It should not be necessary to disable everything in the security window nor would you want to do that because so much of the web relies on various functions. But if you don't know what to expect from a site and the site puts up an ActiveX control, you can deny it from running if you can't trust the site.

Those settings above will help protect you substantially and alert you to any ActiveX that would normally sneak up on you and install software onto your computers.

Why should you care?
If ActiveX can sneak programs onto your computer, ActiveX could also sneak Viruses onto your computer from Web sites. Changing your security settings for ActiveX should minimize that threat to you.

Switch to Another Browser
However, the best solution is to simply not use MSIE. Do yourself a favor and use another browser. Mozilla is Free and has a complete browser and email software package that is much more secure than MSIE with OutLook Express. Mozilla's package is quite comparable if not better than Microsoft's Internet Explorer browser with OutLook Express email client. Mozilla can also import your email address book so you don't need to re-enter all of your address book email addresses. The Bookmarks Manager can import MSIE's Favorites links (see this page). Mozilla is our browser and email software of preference since 2002. We especially appreciate the Tabs for browsing feature for handling browser windows.

As was stated earlier, the Opera browser is a good alternative too. See the Opera browser here.

Knowledgebase HOME • Gator • WhenU w/ SaveNow • TopText (eZula)
EasyLinks (Surf+) • Flyswat • Microsoft Internet Explorer

• • • back to top • • •