Highlight the key(s) and
choose Edit | Delete.
You have now unmarked the ActiveX object.
The ActiveX control does not have to use the registry to mark a control safe for scripting/initialization. The
control can be marked by using the IObjectSafety interface. If the ActiveX control has used this
interface, the web browser will IE query the control instead of using the registry keys.
Performing Dangerous Actions via ActiveX Controls
ActiveX controls are built to help users install software or interact with web applications,
but they often perform actions that are not safe. When deploying ActiveX controls,
dangerous actions should always be avoided, especially activities that allow remote
modification to registry keys, file deletion, passwords, and file execution. In general,
ActiveX controls should not be used to perform the following actions:
??? Read, modify, or delete ?¬? les or registry keys on the local computer
??? Read, modify, or delete ?¬? les or registry keys on the local computer??™s network
??? Transfer private information, such as private keys, passwords, or documents
??? Execute ?¬? les
??? Close the host applications
??? Consume excessive resources
??? Install (or uninstall) software
??? Invoke objects (such as the CreateObject method)
Preventing ActiveX Controls on IE
With all the security issues around ActiveX and the complexity required to secure it, you
may want to ensure that ActiveX controls are never run on a user??™s system.
Pages:
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372