Correct me if I'm wrong: Once a BHO is loaded/enabled in IE, the BHO can do whatever it wants, including making outbound connections. When IE is added to Jetico's trusted list, BHO loaded by IE are also trusted. Jetico does not give a warning when Apple quicktime BHO is downloading a trailer from http://www.apple.com/trailers/ . Are there any firewalls that filter/monitor BHO outbound connections?
Welcome to Wilders forum, As a BHO is a plugin/extension to your browser, some firewalls will warn you of the change to the browser when these are installed, but to monitor the actions of the BHO once installed,.. no,.. I have not come across a firewall capable of this due to the fact the BHO becomes part of the browser. There are programs that can tell you which/what BHO are installed: one such program (which can easily disable/enable these if/when needed:- http://www.definitivesolutions.com/bhodemon.htm Maybe this will/not help. Please let us know your finding/opinion.
Hello Stem and Muscle, If running IE6, click on IE's Tools > Manage Add-ons. BHO's are listed and can be disabled/re enabled. Same holds true of ActiveX objects. Regards - Charles
Hi, thank your for your replies. I have just tried BHODemon. It gives a warning when a new BHO is installed, but (if correct) it can not stop the installation of it. BHODemon also does not show ActiveX Controls, like QuickTime, which is (if correct) able to download .mov files by itself when loaded by IE. Some info about BHODemon: Even if a BHO can be disabled, it can do harm before it is disabled, so I'm looking for other better solutions. I just found that ZoneAlarm is able to monitor "components" of programs. This includes some or maybe all BHO loaded in IE. But unfortunately this feature isn't very userfriendly when using IE, because of the large amount of DLL's used by IE. So it will give a large amount of messages/warnings. Another program is AntiHook. It's features: This program is able to monitor and halt the execution of BHO's It will give messages like:
What is mean with "Even if a BHO can be disabled (later), it can do harm before it is disabled, so I'm looking for other better solutions." is: If some malicious program wishes to send outbound data, and a personal firewall is installed, it can not directly access to outside because the firewall will notice it. But it can send outbound data by installing a BHO of itself and then executing IE. If you then afterwards disable the BHO, it is already to late, because the BHO has already send the outbound data. What I'm looking for is a personal firewall that can filter/stop/monitor BHO network connections. If this solution isn't available on the market, then I'll look for a solution that is able to stop the execution of a BHO. But since we don't know if a good personal firewall solution exist, I'm still looking for it.
As I mentioned, I do not know of any way a firewall can detect such activity, due to the way the BHO becomes part of the browser. http://www.pcflank.com/art36.htm
WinPatrol free or WinPatrol PLUS will alert you to the installation of BHOs and many other things, and enable you to disable or remove them http://www.winpatrol.com/ You could also configure your browser not to allow BHO etc installs. In internet explorer go to tools - internet options - advanced and uncheck the third party browser extensions Spywareblaster will block many ActiveX componets from installing