Making Internet Explorer 9 Better – Improve your Brower Security

The Internet Explorer (IE) series of browsers has always made use of a proprietary Microsoft technology called “ActiveX”. ActiveX is involved in things like displaying PDF files and Flash based videos. Although ActiveX is not supported by any other browser, Microsoft has continued its use in Internet Explorer 9.

Unfortunately, security holes in ActiveX have been a recurring problem and over the years they have been a major route for malware infections.  Although it has been possible to disable ActiveX in IE in previous versions, it is a rather complex procedure based on Internet zones and lacks selectivity. For IE9, Microsoft has added a new feature called “ActiveX filtering” that provides much finer grained configuration. With this feature, you can go on the Internet with ActiveX disabled. You can then enable it for any sites that require it and that you consider safe. It is now much easier to select specific sites.

ActiveX Filtering is off by default, meaning that ActiveX controls will natively work within Internet Explorer 9 just as they did in previous versions of the browser. To enable ActiveX Filtering, click Tools, Safety, and then ActiveX Filtering. No window will pop-up, but by making this selection you have enabled the feature. To see that this is so, open Tools, Safety again and verify that the ActiveX Filtering choice is now checked.

Of course, disabling ActiveX will cause some sites to stop working properly, notably Flash-driven sites like YouTube. When this happens, you will see a small blue circle with a line through it in the IE 9 One Box (address bar), and if you mouse over this control, it will report that “Some content is filtered on this site” in a tooltip.

Contrary to the message, if you click the Turn off ActiveX Filtering button, IE 9 will not turn off ActiveX Filtering. It will instead turn off ActiveX Filtering for that site only. This is an important distinction, obviously, and it gives you a site-by-site way to re-enable ActiveX controls.

At this point, IE 9 will display a normal notification (at the bottom of the browser window) asking you if you’d like to enable the control. Choose Allow to do so.

Enabling ActiveX controls on a site-by-site basis is probably the safe choice. You know, for example, that YouTube and MSN are most likely “safe” in that they’re not actively trying to hijack your system. But some people may prefer to enable ActiveX Filtering but then want to re-enable certain controls (like Flash) across all sites. There are a couple of ways to do this, but the simplest may be to open the Manage Add-ons interface (Tools, Manage Add-ons), and then navigate to Toolbars and Extensions and then the ActiveX control in question. Then, right-click the control and choose “More Information.”

In this window, there is a button called Allow on all sites. If you click this, ActiveX Filtering will remain enabled, but that control will work on every single site you visit.

This interface will also provide a way to see which sites you’ve OK’d for particular controls, when ActiveX Filtering is enabled. And if you’ve enabled the control on a site inadvertently, or would otherwise like to disable it on a site by site basis, you can do so from here.

While I understand the value of ActiveX, even given the ongoing evolution of the web, I still feel that disabling ActiveX controls across the board and then re-enabling them on a site by site basis is advisable. Yes, it’s a bit ponderous, but it’s also more secure. For this reason, I applaud Microsoft for adding ActiveX Filtering to IE 9, and recommend that all readers enable this feature as soon as possible.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: