Dumb insolence

Discussion in 'other anti-malware software' started by Checkout, Feb 12, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    http://www.security-pro.co.uk/YaBBImages/info.gif When you go to a web page and receive something like, "ActiveX controls are not enabled.  This page may not function correctly" - does the web site know that ActiveX controls (or JavaScript or cookies or Flash animations) are disabled, or is this purely a message from the browser you use?  I think the first case is true but I'm not certain.

    So, is there any software which will block all the above (and more) but lie through its teeth and tell the web page, "Yeah, fine, return code 0"?  I know there are some cookie eaters which perform more-or-less this way but....   ;)
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Some pages detect you don't have everything enabled to use the page correctly just send you to a page saying "Please enable blah blah blah".  They might track how many people who can't view the page correctly, but that is about all this will amount to.  If they even do that....

    The error is an an annoying browser error only, and nothing is sent back to the site about this.  I really wish I knew how to shut that thing off with a simple setting, but I know that some pop-up software can possibly control these.  I don't know which ones can, but i'm sure someone has used a couple that can.

    The error comes from two things:
    -Java not enabled
    -ActiveX not enabled(signed, or unsigned)

    Now in my settings I do enable java on the highest security level in the internet zone, but javascript along with unsignged activeX is disabled.  So when I see the error it means the page wanted me to load an unsigned ActiveX control.

    So its not that annoying for me, but for those of you who don't permit java in the internet zone its a pain when viewing some sites.
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    The message is client-side only - it doesn't send anything to the server.

    I think there is some registry key that can disable the message, but I'm not sure...maybe some searching on the net will help...
     
  4. Eagle1

    Eagle1 Security Expert

    Joined:
    Feb 10, 2002
    Posts:
    206
    Location:
    Rio Rancho NM - Nevis, West Indies
    There is no way to disable the pop up warning in IE when active-x or java are disabled. At least not that I have found looking for the past year. I spoke with MS about it and they indicated the pop up warning is hard coded. Although I don't want to believe them I think that is likely the case. I've just learned to tolerate the pop up warning. The only way to avoid it is to enable and use a third party software application for control.  I've chose not to go that route because that's just another resource user I can do without.

    I don't enable either of these for any site and manually seek and download all MS updates so as to avoid using the "trusted sites" zone of IE which I also don't trust to function securely. If a site requires either of these in order to be viewed it's just not viewed by me.

    To be frank it wouldn't surprise me that MS would hard code it.  They probably hope most will get annoyed with the constant warning and keep active-x enabled.
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Ahmad and all - I vaguely remember some kind of way to set two of the settings so that you wouldn't get a warning of some type all the time, but since I don't disable JS or ActiveX, I really didn't pay that much attention to it - so I don't even know if addresses quite what you're asking about - but I'll go back there and ask if anyone remembers it. Pete
     
  6. Liquid_Fish

    Liquid_Fish Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    81
    I think they are right that the message you get is client side,  but there is a way for Web sites to find out which ActiveX controls you have installed.

    Check out the "Analyse you connection" link on the following web page

    http://privacy.net/

    At the every bottom is shows you all the ActiveX junk you have on your machine.
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Here are some of the replies I got:

    "IE Tools|Internet Options|Advanced tab, uncheck "Disable script debugging" and "Display a notification about every script error" under Browsing"

    "If it's the active x warning, there is a little program called "ptfb" (push the freaking button: »www.botteronet.com/tamrof/archive/util..[?]) that will let you disable the warning."

    That's all i got. I already had my settings that way, haven't had a chance to check out that little program. Pete
     
  8. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    hehehehe. I remember Ahmad's "displeasure" with that prompt from a thread at the old VOP forums.
    This doesn't solve it entirely, but it seems to keep that warning from popping up so often.
    Disable ActiveX, but keep "Run administrator controls and plug-ins" enabled. As far as I can tell, that only applies to shockwave/flash and nothing else.
     
  9. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    The trouble with disabling ActiveX is that, without it, you can't use Windows Update - and the way patches are flowing out for IE and OE these days, it's a pretty necessary service.

    ...Or does anyone know where these fixes can be downloaded?   o_O
     
  10. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    If it's windows 98, you can try http://www.microsoft.com/windows98/downloads/corporate.asp.
    I'm not sure how up-to-date that page is though (in fact it may never be updated again since M$ is stopping support for 9:cool:. There may be links to other versions of windows from that page somewhere. Don't bother looking for Windows Me. For some unknown reason, they've never made a similar page for that one.
    I usually just put windowsupdate.microsoft.com in the trusted zone. Haven't had a problem doing it like that yet.
     
  11. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Windows Update Web Site

    Thanks for the pointer, Mike.
     
  12. Emoticon Man

    Emoticon Man Registered Member

    Joined:
    Apr 26, 2004
    Posts:
    12
    Location:
    Salinas, CA, USA, Earth, Sol System
    Maybe this is just a technicality, but I don't think that PTFB disables it as so much it automatically closes it when it does appear.
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Try the Microsoft Security Bulletins download page for any security-related patches. I avoid Windows Update due to the IE-only requirement (IE is blocked from any Internet access on my machine) and privacy issues (Microsoft keeps a record of your software serial numbers and IP address).

    I would also suggest that those finding the ActiveX-related popups frustrating may find an alternative browser a good solution (like Firefox or Opera). Not only can you forget about ActiveX completely but you avoid the IE patching treadmill (the others do get patches but less often as fewer vulnerabilities turn up), get better security (Firefox/Opera have a more security-conscious design and are not integrated into the Windows shell so a vulnerability in their code is less likely to create a general Windows security issue) and improved ease-of-use (with features like tabbed browsing, mouse gestures and one-letter search-engine access - e.g. typing "g wilders" will do a Google search for wilders, "e wilders" will do an Ebay search).
     
Thread Status:
Not open for further replies.