Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » ActiveX   (RSS)
Tuesday, December 01, 2009 2:56 AM

Understanding the Protected Mode Elevation Dialog

Internet Explorer 7 introduced Protected Mode, a feature which helps ensure that the browser and its add-ons run with a minimal set of permissions. Code running inside the “Low Rights” process doesn’t have permission to write to your user-profile’s folders
Posted by EricLaw | 6 Comments
Friday, November 27, 2009 8:37 PM

The JVM Install Prompt

Many years ago, Microsoft developed an implementation of a Java Virtual Machine to run Java content. Internet Explorer 5 included code that would download and install the JVM (if needed) when a user encountered Java content on the web. After some time,
Posted by EricLaw | 1 Comments
Filed under: , ,
Saturday, October 10, 2009 4:51 PM

Understanding DEP/NX

Despite being one of the crucial security features of modern browsers, Data Execution Prevention / No Execute (DEP/NX) is not well understood by most users, even technical experts without a security background. In this post, I’ll try to provide some insight
Posted by EricLaw | 4 Comments
Thursday, July 16, 2009 6:03 PM

Protecting ActiveX Controls

When evaluating the security of Internet Explorer’s ActiveX support, there are two threats to consider: · Malicious controls · Malicious websites To mitigate the threat of malicious ActiveX controls (malware), features like the IE8 SmartScreen Filter
Posted by EricLaw | 0 Comments
Filed under: ,
Tuesday, June 30, 2009 11:29 PM

The Privacy Impact of Add-ons: New APIs for IE8

By default, when starting a new session using IE8's InPrivate Browsing feature, toolbars and Browser Helper Objects are disabled. This is done to help protect the user's privacy: many toolbars and extensions maintain their own navigation/search/etc history
Posted by EricLaw | 0 Comments
Wednesday, June 17, 2009 2:29 PM

Building Safer ActiveX controls: DOM Bridging

Over on the BlueHat blog, security researcher Manuel Caballero wrote up an interesting post on how Silverlight avoids exposing unsecured private browser APIs to abuse from RIA content. Anyone building ActiveX controls that take untrusted input should
Posted by EricLaw | 0 Comments
 
Page view tracker