mailing list archives
Re: Microsoft signed software can be install software without pro mpting users
From: ACR () ALS CO UK (Alan Ramsbottom)
Date: Mon, 21 Feb 2000 22:51:41 -0000
From: "Juan Carlos Garcia Cuartango" <cuartango () teleline es>
I have prepared a demo in
"How to close the back door
Disable the "Download signed ActiveX" security option".
But this solution will also forbid other software manufacturers
to offer you their software in the clear way, that is :
asking before install. As usual, you can also disable
Disabling the specific control rather than all component download or jscript
might be preferable for some folk.
When Juan found the problem with the DHTML Edit control last year, someone
from MS intriguingly mentioned "classid revocation" as a means to disable a
specific control. We didn't get any useful details at the time, but some
info finally surfaced in the MS KB article Q240797.
NB: I've only tested this under W2K+IE5 and don't blame me if things break:
1) Run up a registry editor and go to:
2) Create a new key based on the CLSID of the Active Setup controls:
3) Under your new key, create the REG_DWORD value:
Compatibility Flags 0x00000400
This sets the "kill bit" for the Active Setup control i.e. stops it from
being run via IE. This can be reversed by deleting the value or the whole of
your new key.
PS: Does anyone know the definitions for the other flag bits?
- Re: Microsoft signed software can be install software without pro mpting users Alan Ramsbottom (Feb 21)