Disable ActiveX Controls That Are Under Attack

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Disable ActiveX Controls That Are Under Attack
Illustration: Mark Matcho
There are lots of chinks in Windows' security armor, but undoubtedly among the biggest are the ActiveX controls used by Windows and Internet Explorer. These powerful bits of code, which can be as sophisticated as small applications, add functions such as file conversion and video playback to the Web pages you view. But they're also quite useful to baddies, who can employ them to break into your computer and force it to download spying programs or other types of malware.

Of late, evildoers have been finding ways to compromise ActiveX controls well in advance of Microsoft's fixes for the problems, meaning that even users who install patches immediately are sometimes at risk for weeks at a time. Recently, for instance, villains discovered that they could use an ActiveX control called ADODB.connection to hit computers with drive-by downloads of malicious software. Even PCs running the new IE 7 are vulnerable---and at press time, no fix existed.

There is one remaining way to protect yourself against an at-risk ActiveX vulnerability: Set a "kill bit" for it. By making a small change to the Registry, a kill bit prevents an ActiveX control from loading. If a vulnerable control isn't running when you stumble upon a malicious Web site, your PC's chances of getting hit with unwelcome software are drastically reduced.

To set a kill bit, you need to know an internal Windows code called the CLSID, which identifies the problematic ActiveX control. Security experts and organizations such as CERT, the security research center at Carnegie Mellon University, often publish the CLSIDs of ActiveX controls that bad guys are actively exploiting. For instance, you can find the CLSID of ADODB.connection at Handler's Diary.

Once you have the CLSID, you can tweak your Registry to protect your PC from attacks aimed at that particular ActiveX control.

First, back up your Registry (for instructions, see "Step-By-Step: Care and Feeding of the Windows Registry." Then open a Registry editor (to use Windows XP's version, go to Start, click Run, type in Regedit, and click OK). Drill down to the folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility. Right-click ActiveX Compatibility in the left pane, and choose NewKey. Change the name of the new key to the CLSID, surrounded by curly brackets--the keystroke characters { and }, also known as braces or set symbols.

Then right-click the key you just entered in the left pane, and choose New, DWORD Value. Name the new entry Compatibility Flags, double-click that entry, change its value to 400, and make sure that the radio button labeled hexadecimal is selected. Click OK and you're done.

Be aware that setting a kill bit may disable useful functions in your browser, and may make it difficult to use some Web sites. You should restrict your use of kill bits to occasions when a serious ActiveX vulnerability has been made public, and no patch to fix the problem yet exists. Once a patch becomes available, you can delete the kill bit setting in the Registry---which will immediately reactivate the ActiveX control---and then update Internet Explorer at Microsoft Update.

Andrew Brandt is a contributing editor for PC World. E-mail him at privacywatch@pcworld.com.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon