IE Security/Turning off ActiveX


With well over 90% of the browser market for several years Internet Explorer has become the number one target for anyone trying to break into your computer. With every would be cracker trying to find ways to exploit the holes in the IE code it has become just about impossible for Microsoft to quickly patch every hole in the code before someone finds a way to exploit it and gain access to more computers and more personal data.

The situation is made worse by those novice computer users who don't know enough to install the patches that are available because the crackers can then use those computers to launch attacks on other computers which are better protected.

A lot of these attacks are aimed at previously unknown holes in the implementation of Microsoft's proprietary scripting language ActiveX. There is only one sure solutions to plug these holes (including those for which Microsoft is yet to produce a patch) since even if you switch to a different browser, IE is so tied into the way that Windows allows you to access the internet that it is impossible to completely remove IE from your computer and still have internet access (although there are a few programs out there that will remove part of it for you). That one solution is to turn off ActiveX support in your browser.


To turn off ActiveX you first need to go to the Tools menu and select Internet Options to bring up the Internet Options dialog box. Alternatively you can get to this from the Control Panel without opening IE.

The option that you need to change is accessed via the Security tab. On this page select Internet and then the Custom Level button.

Next change the selected option in each of the following to Disable.

Under no circumstances should you have any of these five options set to anything other than disable.

Of course there will be web sites that fail to function correctly in IE with the options set this way. Your alternatives if this happens to sites that you really want to visit are to either use a different browser to access these sites (or to do all of your web browsing) or to put those sites that you know and trust into the Trusted Sites zone.

To place a site into the trusted zone (and hence allow ActiveX to run for that particular site) select the Trusted Sites option on the Security tab. A Sites... button will appear and you should select that. Next copy the domain name (the http://.../ portion of the content of the address bar - up to that third slash) and paste it into the input field in the trusted sites window. Once you have done that the Add button will then become available and can be selected to add the site to the trusted zone.

Be careful about which sites that you add to the trusted zone to allow ActiveX to run. Only include those sites that you really know well and trust and which have been so badly designed that they need ActiveX to work properly. Unless you are positive about the security of the specific site it is just not worth the risk. Better yet try to convince the site owner to change their site so that it will function without ActiveX.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow