Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Internet Explorer Microsoft

Microsoft Adds Selective ActiveX Filtering to IE9 94

Posted by Roblimo from the yet-another-icon-in-the-address-bar dept.
An anonymous reader writes "A post on the IE blog details the new ActiveX filtering feature in the IE9 release candidate. Microsoft's Herman Ng writes, 'ActiveX Filtering in the IE9 Release Candidate gives you greater control over how Web pages run on your PC. With ActiveX Filtering, you can turn off ActiveX controls for all Web sites and then turn them back on selectively as you see fit. While ActiveX controls like Adobe Flash are important for Web experiences today for videos and more, some consumers may want to limit how they run for security, performance, or other reasons.' My favorite quote from the article is one of the image captions: 'ActiveX content may prevent you from having a good experience viewing a Web site'"
This discussion has been archived. No new comments can be posted.

Microsoft Adds Selective ActiveX Filtering to IE9 More

Microsoft Adds Selective ActiveX Filtering to IE9

Comments Filter:

  • Re:Flash? (Score:2, Interesting)

    by Anonymous Coward on Monday February 28, 2011 @11:46PM (#35344568)

    For all browsers, except for IE, Flash uses NPAPI. However, Microsoft switched to ActiveX with IE6. I've always wondered if one over the other allowed for different exploits in the different version.

  • Re:Flash? (Score:5, Interesting)

    by shutdown -p now ( 807394 ) on Monday February 28, 2011 @11:56PM (#35344626) Journal

    Both extensibility models run non-sandboxed native code on your machine. In either case, security is zero.

  • How Slashdot perceives things (Score:2, Interesting)

    by bonch ( 38532 ) on Tuesday March 01, 2011 @12:09AM (#35344678)

    Slashdotters on Google Native Client: "Native code running in the browser is the future! I can't believe this. It's amazing! Google rocks."

    Slashdotters on ActiveX: "Haha, even Microsoft is adding a way to turn off ActiveX. It sucks. Look at that caption saying it can interfere with a webpage! Hahaha! Who ever thought native code in the browser was a good idea?"

  • Re:Flash? (Score:4, Interesting)

    by LO0G ( 606364 ) on Tuesday March 01, 2011 @01:36PM (#35348852)

    Not quite. IE used to allow the installation of arbitrary *signed* binaries (in the internet zone).

    Back when the ActiveX plugin model was created (1996), the internet was a very different place.

    The signing requirement was thought to make a difference (since it blocked arbitrary binaries). What Microsoft didn't realize was that the bad guys just had to find a control with a security vulnerability in it (and there are thousands of controls with security vulnerabilities), host it on their site and ask the browser to load the vulnerable control - the signing requirement wasn't as useful as people though.

    Because of this, Microsoft has steadily increased the restrictions on ActiveX controls, adding things like site lock (an ActiveX control can indicate that it only works on a particular site), running the ActiveX controls in a sandbox, adding a killbit list to block vulnerable controls, etc..

    The IE team can't get rid of ActiveX controls because of the staggering number of sites that rely on them (apparently the South Korean banking industry is completely dependant on ActiveX controls not to mention the number of intranet sites that depend on them).

Slashdot Top Deals

This file will self-destruct in five minutes.

Close