I don't normally post alerts like these below where they state something NEEDED has to be disabled unless they are critical, and this one is. Notice there is no M$ links regarding this issue.
Since many if not most 'big' sites use ActiveX, disabling it can cause problems at these sites, and since it's not a good idea to put any sites in your "Trusted zones" or sites except for maybe sites like your personal ban*king and related sites(1), those of you that are for some reason still not running *SpywareBlaster, *SpyBot (and others that block harmful ActiveX), REALLY NEED to INSTALL THEM now! Also, many AV software programs will block bad ActiveX. Most people have IE's "Privacy" setting area set to only "Medium" which is NOT good. This will allow a lot of bad ActiveX (among many other things) to be placed on your PC. That area should be set to "High". Yes, it's a pain with sites that insist on force-feeding you their #$%$@ Cookie even when it's not technically needed, but all you have to do is double-click that red "-" at lower right of the IE browser window (which denotes a blocked Cookie(s) and in the window that pops up double-click the MAIN URL, that's the MAIN URL ONLY, and dot the area to "Always allow this site to use Cookies" and IE will remember that. An example of when you DO NOT need to do this is http://www.nasa.gov/ . I just went there to check on the shuttle launch and you'll see that red "-" sign I mentioned above. The site still functions without allowing it (but it may be needed for the Flash version). Notice when you double-click that red "-" sign you see only ONE URL and it's theirs. Now go to http://cnn.com/ for a good example of a site that tries to load all sorts of bad unnecessary garbage Cookies on your PC! Now double-click that red "-" sign you'll see all sorts of BS! I show SEVEN Cookies, and note how the last 5 of them are adware tracking Cookies! (SpywareBlaster will block these). If for example this was a site that demanded you needed to accept a Cookie for the site to function, or if it was a site where you had to order something, you would ONLY, that's ONLY accept the Cookie from the MAIN ROOT domain/URL!! *SpywareBlaster & SpyBot are both free. http://www.javacoolsoftware.com/spywareblaster.html http://www.safer-networking.org/en/download/ Note that with all of these type programs, they MUST be setup CORRECTLY in order to block ALL of the bad things. With SpywareBlaster you have to go to ALL of the areas, check the boxes, and click "Enable all protection". With SpyBot, "TeaTimer" must be enabled (go to "Resident" under "Tools" and check BOTH boxes), and you have to go to the "Immunize" area and enable BOTH areas there so that both show the green check marks. (1) Personally I don't even trust personal ban*king sites or ANY site for that matter because they too will try and load you up with garbage! If you place one of those sites in the "Trusted sites" area, that means all ActiveX and bad Cookies could then be loaded on your PC without warning, (depending on the way you have the "Trusted sites" area setup). This is under the "Security" tab in Internet Options for IE. -Clint TITLE: Internet Explorer HTML Help ActiveX Control Memory Corruption SECUNIA ADVISORY ID: SA20906 VERIFY ADVISORY: http://secunia.com/advisories/20906/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: A vulnerability in Internet Explorer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the HTML Help ActiveX control (hhctrl.ocx) when handling the "Image" property. This can be exploited to cause a memory corruption by setting an overly long string multiple times for the property. Successful exploitation may allow execution of arbitrary code. The vulnerability has been confirmed on a fully patched system running Windows XP SP2 with Internet Explorer 6.0. Other versions may also be affected. SOLUTION: Disable the "Run ActiveX controls and plug-ins" setting for all but trusted sites. ORIGINAL ADVISORY: http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
