Extreme Protection – Disabling ActiveX

Quite a few problems with malware come from malicious bits of code hidden in what’s known as ActiveX controls. Some web sites use this feature to add functionality. Other web sites hide malicious code inside ActiveX controls that can take control of your computer. You can’t really tell good ActiveX controls from bad ones.

One way to deal with suspicious ActiveX controls and to increase the security of your computer is to completely disable ActiveX for all sites. It’s an extreme measure and the downside is that some websites will no longer work.

To disable ActiveX:

  • Start up Internet Explorer (if you haven’t already)
  • Look on the bottom right corner for the word Internet, double click on it internet
  • Highlight "Internet"
  • Set the security level to High
  • Click OK
  • See this screenshot:
    security-high

Some web sites this will affect are Facebook and MySpace. This is a good thing because Facebook and MySpace will publish ActiveX code written by unknown people. Even if you lose some functionality it’s a good thing to block code from people you don’t trust (and that the Facebook or MySpace companies don’t really trust).

If you come across a legitimate web site that no longer works because of this change, such as your bank’s web site, you need to decide if you trust them. In the case of a bank then you most probably do trust them and you can add them as an exemption.

Follow these steps (after the previous steps) to exempt an important web site that you trust:

  • Open the web page you want to allow to allow ActiveX code
  • Highlight the address and copy it (Control C, or right click and select Copy).
    E.g.  address
  • On the bottom right corner of Internet Explorer you’ll see the word "Internet". Double click on this. internet
  • Click on the "Trusted Sites" icon (large green tick)
  • Click on the Sites button
    trusted
  • Paste the address you copied (it might already be here)
  • Uncheck the option called "Require server verification (https:)"
  • Click Add
    trustedsites
  • Click Close, then OK again

Be wary of what pages or sites you’re exempting. What you’re in effect doing is trusting the author of any code found on that sites. Social sites such as Facebook and MySpace allow anyone to publish code, and this makes it a playground for writers of malicious code.

As stated at the beginning of this article, it’s an extreme measure that will increase the security of Internet Explorer. Increasing security always decreases convenience and these days with so many talented people out there trying to steal money online it’s definitely worth considering.

One thought on “Extreme Protection – Disabling ActiveX”

Leave a Reply

Your email address will not be published. Required fields are marked *