"always ask before opening this type of file"

  • Thread starter Thread starter Ivan Bútora
  • Start date Start date
What you say makes sense, but on the other hand 238723 applies to IE 5.0,
thus it could be shdocvw.dll 5.00.2717.2400 or later, as long as it's IE
5.0. Who knows if it works for IE 5.01 or 5.5, but it doesn't for 6 SP1...
Ivan


Robert Aldwinckle said:
Robert's info about KB 238723 is relevant, but the patch there
cannot be applied to IE 6
Click to expand...

Ivan,

I have been assuming that by finding that that key and value do something
(even if it isn't exactly what you want) that you have proof that the code
which implemented that patch has been integrated into a later version of
the module. That is what is meant by this boilerplate phrase we always
see in descriptions of hotfixes:

<quote>
The English version of this fix should have the following file attributes
or later:
</quote>

Let me repeat that last "or later" for emphasis.
Clearly our IE6sp1 patched versions satisfy that criterion. ;)


I have actually tried looking at this issue before but was unsuccessful
then too. The tack that I took then was to look for some documentation
for Office developers concerning this key phrase:
"unsafe attachment"

Here is an article which hints at the machinery used to implement
a related feature in that product.

<title>KB290497 - OL2002: You Cannot Open Attachments</title>

Unfortunately I don't have Office installed on my main partition
so I haven't followed through with that analysis. I still think it might
provide some insight about how the same sort of list could be
implemented in Outlook Express and ultimately in Internet Explorer.

In case you have RegMon (freeware from SysInternals) what I would try
is to filter on only NOTFOUND while doing your testing.
You *might* see keys and values similar to the ones mentioned in the
above articles being tested and thus have a clue about specific ones
to try to investigate.


HTH

Robert
 
Thanks for this info.
for example, exefile or comfile have by default:
Click to expand...
d8 07 00 00
Click to expand...
(which would be a combination of some of these settings - I'm afraid I don't
understand exactly how this thing works mathematiclally - why are some of
the settings only four digits, and some eight digits? is this binary or
hexadecimal?)
Click to expand...

It's hexadecimal, and (in this case) shown lowest order byte first.
d8 07 00 00 could also be shown as 000007d8, and sometimes is!

Calculator, View; select Scientific. Now you can enter numbers in one
base and see them displayed in another :-)

d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40 +
10 + 08). Look up those values in the EditFlags documentation... the
07 above that is 0400 + 0200 + 0100 in the same list.
The point is that even if you change exefile to 00 01 00 00, and even if you
uncheck "confirm open before download" through folder options, you are still
prompted for download and the "always ask..." box is still grayed out.
Click to expand...

That's interesting, and I suspect that reflects an additional layer of
control that is particular to IE. I'm not familiar with that part of
the registry, though I expect it's documented somewhere.
I don't think this will have anything to do with Outlook, although Outlook
(post 2000 SR-1) also uses the EditFlags settings for level 3 attachments.
For example, with Outlook 2000 post-SR1 in Internet Mail Only mode, Outlook
has a default list of extensions that are considered level 1 (not
accessible) and level 2 (you must save them first), and the only thing you
can do is move some from level 1 to level 2 *or* from level 3 to level 2,
but you cannot do anything else.
Click to expand...

I suspect that's hard-coded as part of the relevant patch that's been
integrated into subsequent Outlook and OE, as selected by the Security
setting to block dangerous attachments. It's been criticized as being
over-zealous and inflexible (e.g. it blocks .pdf, which are often used
to send things such as invoices via email).
Here's a desc on EditFlags (bitwise):
Click to expand...

Ah! I'll leave the ones as per d8 07 00 00 quoted...
0008 The registry entries associated with this file class cannot
be edited. New entries cannot be added and existing
entries cannot be modified or deleted (e.g. exefile?)
0010 The registry entries associated with this file class cannot
be deleted
0040 Canonical verbs such as open and print cannot be
modified or deleted (a common setting)
0080 Canonical verbs such as open and print cannot be deleted.
0100 The description of the file class cannot be modified or deleted.
0200 The icon assigned to the file class cannot be modified
or deleted.
0400 The default verb cannot be modified (compare with 0080)
Click to expand...

....makes sense, but doesn't stop malware patching in anyway.

-- Risk Management is the clue that asks:
Click to expand...
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"
 
Something is wrong, because I have no such key as...

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

So, that can't be the one that governs what an .exe does when clicked to
download. It might be an override, though, I guess. Also...

d8 07 00 00

....that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
00000000 00000000. How are you matching it to this...?...

Here's a desc on EditFlags (bitwise):

0001 Exclude the file class.
0002 Show file classes, such as folders, that aren't associated
with a file name extension.
0004 The file class has a file name extension.
0008 The registry entries associated with this file class cannot
be edited. New entries cannot be added and existing
entries cannot be modified or deleted (e.g. exefile?)
0010 The registry entries associated with this file class cannot
be deleted
0020 No new verbs can be added to the file class.
0040 Canonical verbs such as open and print cannot be
modified or deleted (a common setting)
0080 Canonical verbs such as open and print cannot be deleted.

0100 The description of the file class cannot be modified or deleted.
0200 The icon assigned to the file class cannot be modified
or deleted.
0400 The default verb cannot be modified (compare with 0080)
0800 The commands associated with verbs cannot be modified.
1000 Verbs cannot be modified or deleted.
2000 The DDE-related entries cannot be modified or deleted.
8000 The content-type and default-extension entries cannot be
modified or deleted.

0001 0000 The file class's open verb can be safely invoked
for downloaded files (relevant to discussion?)
0002 0000 Do not allow the "Never ask me" check box to be enabled.
The user can override this attribute through
the File Type dialog box.
0004 0000 Always show the file class's file name extension,
even if the user has selected "Hide Extensions"
0010 0000 Don't add members of this file class to the Recent
Documents folder (useful?)

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
message |
| >Thanks for this info.
| >for example, exefile or comfile have by default:
|
| >d8 07 00 00
|
| >(which would be a combination of some of these settings - I'm afraid
I don't
| >understand exactly how this thing works mathematiclally - why are
some of
| >the settings only four digits, and some eight digits? is this binary
or
| >hexadecimal?)
|
| It's hexadecimal, and (in this case) shown lowest order byte first.
| d8 07 00 00 could also be shown as 000007d8, and sometimes is!
|
| Calculator, View; select Scientific. Now you can enter numbers in one
| base and see them displayed in another :-)
|
| d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40 +
| 10 + 08). Look up those values in the EditFlags documentation... the
| 07 above that is 0400 + 0200 + 0100 in the same list.
|
| >The point is that even if you change exefile to 00 01 00 00, and even
if you
| >uncheck "confirm open before download" through folder options, you
are still
| >prompted for download and the "always ask..." box is still grayed
out.
|
| That's interesting, and I suspect that reflects an additional layer of
| control that is particular to IE. I'm not familiar with that part of
| the registry, though I expect it's documented somewhere.
|
| >I don't think this will have anything to do with Outlook, although
Outlook
| >(post 2000 SR-1) also uses the EditFlags settings for level 3
attachments.
| >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
Outlook
| >has a default list of extensions that are considered level 1 (not
| >accessible) and level 2 (you must save them first), and the only
thing you
| >can do is move some from level 1 to level 2 *or* from level 3 to
level 2,
| >but you cannot do anything else.
|
| I suspect that's hard-coded as part of the relevant patch that's been
| integrated into subsequent Outlook and OE, as selected by the Security
| setting to block dangerous attachments. It's been criticized as being
| over-zealous and inflexible (e.g. it blocks .pdf, which are often used
| to send things such as invoices via email).
|
| >Here's a desc on EditFlags (bitwise):
|
| Ah! I'll leave the ones as per d8 07 00 00 quoted...
|
| >0008 The registry entries associated with this file class cannot
| > be edited. New entries cannot be added and existing
| > entries cannot be modified or deleted (e.g. exefile?)
| >0010 The registry entries associated with this file class cannot
| > be deleted
| >0040 Canonical verbs such as open and print cannot be
| > modified or deleted (a common setting)
| >0080 Canonical verbs such as open and print cannot be deleted.
| >0100 The description of the file class cannot be modified or
deleted.
| >0200 The icon assigned to the file class cannot be modified
| > or deleted.
| >0400 The default verb cannot be modified (compare with 0080)
|
| ...makes sense, but doesn't stop malware patching in anyway.
|
|
| >-- Risk Management is the clue that asks:
| "Why do I keep open buckets of petrol next to all the
| ashtrays in the lounge, when I don't even have a car?"
| >----------------------- ------ ---- --- -- - - - -
 
I also remain confused about how the d8 07 00 00 translates into the
individual settings.
I probably also need to do some studying on the "binary values" in the
Registry, since I really don't get the whole layout, especially once you
type in many numbers, then there are some numbers appearing on the left, and
some numbers or weird symbols on the right... Should I buy one of those
books in the Windows Registry? Which one would you recommend?

As for the registry key you mentioned, PCR, indeed, such a key was
non-existent on my system, too. I got this key from KB 238723, which applies
to IE 5. However, if you create this key, and set the value
"AlwaysPromptWhenDownload" to 1, then indeed you are always prompted for all
files (and the "always ask..." checkbox is disabled). Paradoxically, in KB
238723, it says that if you set the registry key as described above, and
apply the patch for shdocvw.dll, then IE won't force the prompt anymore for
..exe, and others. (Maybe they made a mistake and they meant set the value to
0 instead of 1?) Anyway, this setting does not help for IE 6. It would be
interested if someone with IE 5.0 tried this setting, or even someone with
IE 5.5 (Bill in Co?)
My conclusion seems to be that IE has forced prompts defined for certain
file extensions in shdocvw.dll. It would certainly be nice if there was a MS
KB article which would confirm this, and discuss exactly what extensions
fall into this category. There are such articles for MS Outlook. (By the
way, as far as I know .pdf files in Outlook are level 3 attachments, and can
be opened directly from the e-mail.)
Is there a way to request from MS that they publish a KB article clarifying
the issue?

Happy New Year! And long live Windows 98! :))


Something is wrong, because I have no such key as...

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

So, that can't be the one that governs what an .exe does when clicked to
download. It might be an override, though, I guess. Also...

d8 07 00 00

....that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
00000000 00000000. How are you matching it to this...?...

Here's a desc on EditFlags (bitwise):

0001 Exclude the file class.
0002 Show file classes, such as folders, that aren't associated
with a file name extension.
0004 The file class has a file name extension.
0008 The registry entries associated with this file class cannot
be edited. New entries cannot be added and existing
entries cannot be modified or deleted (e.g. exefile?)
0010 The registry entries associated with this file class cannot
be deleted
0020 No new verbs can be added to the file class.
0040 Canonical verbs such as open and print cannot be
modified or deleted (a common setting)
0080 Canonical verbs such as open and print cannot be deleted.

0100 The description of the file class cannot be modified or deleted.
0200 The icon assigned to the file class cannot be modified
or deleted.
0400 The default verb cannot be modified (compare with 0080)
0800 The commands associated with verbs cannot be modified.
1000 Verbs cannot be modified or deleted.
2000 The DDE-related entries cannot be modified or deleted.
8000 The content-type and default-extension entries cannot be
modified or deleted.

0001 0000 The file class's open verb can be safely invoked
for downloaded files (relevant to discussion?)
0002 0000 Do not allow the "Never ask me" check box to be enabled.
The user can override this attribute through
the File Type dialog box.
0004 0000 Always show the file class's file name extension,
even if the user has selected "Hide Extensions"
0010 0000 Don't add members of this file class to the Recent
Documents folder (useful?)

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
message |
| >Thanks for this info.
| >for example, exefile or comfile have by default:
|
| >d8 07 00 00
|
| >(which would be a combination of some of these settings - I'm afraid
I don't
| >understand exactly how this thing works mathematiclally - why are
some of
| >the settings only four digits, and some eight digits? is this binary
or
| >hexadecimal?)
|
| It's hexadecimal, and (in this case) shown lowest order byte first.
| d8 07 00 00 could also be shown as 000007d8, and sometimes is!
|
| Calculator, View; select Scientific. Now you can enter numbers in one
| base and see them displayed in another :-)
|
| d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40 +
| 10 + 08). Look up those values in the EditFlags documentation... the
| 07 above that is 0400 + 0200 + 0100 in the same list.
|
| >The point is that even if you change exefile to 00 01 00 00, and even
if you
| >uncheck "confirm open before download" through folder options, you
are still
| >prompted for download and the "always ask..." box is still grayed
out.
|
| That's interesting, and I suspect that reflects an additional layer of
| control that is particular to IE. I'm not familiar with that part of
| the registry, though I expect it's documented somewhere.
|
| >I don't think this will have anything to do with Outlook, although
Outlook
| >(post 2000 SR-1) also uses the EditFlags settings for level 3
attachments.
| >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
Outlook
| >has a default list of extensions that are considered level 1 (not
| >accessible) and level 2 (you must save them first), and the only
thing you
| >can do is move some from level 1 to level 2 *or* from level 3 to
level 2,
| >but you cannot do anything else.
|
| I suspect that's hard-coded as part of the relevant patch that's been
| integrated into subsequent Outlook and OE, as selected by the Security
| setting to block dangerous attachments. It's been criticized as being
| over-zealous and inflexible (e.g. it blocks .pdf, which are often used
| to send things such as invoices via email).
|
| >Here's a desc on EditFlags (bitwise):
|
| Ah! I'll leave the ones as per d8 07 00 00 quoted...
|
| >0008 The registry entries associated with this file class cannot
| > be edited. New entries cannot be added and existing
| > entries cannot be modified or deleted (e.g. exefile?)
| >0010 The registry entries associated with this file class cannot
| > be deleted
| >0040 Canonical verbs such as open and print cannot be
| > modified or deleted (a common setting)
| >0080 Canonical verbs such as open and print cannot be deleted.
| >0100 The description of the file class cannot be modified or
deleted.
| >0200 The icon assigned to the file class cannot be modified
| > or deleted.
| >0400 The default verb cannot be modified (compare with 0080)
|
| ...makes sense, but doesn't stop malware patching in anyway.
|
|
| >-- Risk Management is the clue that asks:
| "Why do I keep open buckets of petrol next to all the
| ashtrays in the lounge, when I don't even have a car?"
| >----------------------- ------ ---- --- -- - - - -
 
PCR said:
Something is wrong, because I have no such key as...

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

So, that can't be the one that governs what an .exe does when clicked to
download. It might be an override, though, I guess.
Click to expand...

That was the idea. Ivan seems to have an unusual symptom which
could be explained if that hotfix option was in place. Even if it was
not active I was thinking that toggling it on and off might be a way
of effecting a repair of his (anomalmous?) symptom.

Also...

d8 07 00 00

...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
00000000 00000000. How are you matching it to this...?...
Click to expand...

"cquirke" explained that. (Edited below. I think that the last bit might
be easier to think of as
| Ah! I'll leave the ones as per 00 00 07 d8 quoted...
Click to expand...
instead of what was written. Then realize that he is listing the bits
from low-order to high. Also instead of listing "bits" he is listing their
powers-of-2 equivalents in hex. So for example if we take the hex string
07d8 and convert it to binary we get: 11111011000; group that
into 4-bit nibbles for clarity: 0111 1101 1000; now you can see
that this is the sum (in hex) of 400 + 200 + 100 + 080 + 040 + 010 + 008
and these are the only bits which he left an explanation for.

BTW here is an MSDN page which contains the same information
and some more detail

<
http://msdn.microsoft.com/library/d...sics_extending/fileassociations/fileassoc.asp >



....
(e-mail address removed)
message ....
| It's hexadecimal, and (in this case) shown lowest order byte first.
| d8 07 00 00 could also be shown as 000007d8, and sometimes is!
|
| Calculator, View; select Scientific. Now you can enter numbers in one
| base and see them displayed in another :-)
|
| d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40 +
| 10 + 08). Look up those values in the EditFlags documentation... the
| 07 above that is 0400 + 0200 + 0100 in the same list.
|
| >The point is that even if you change exefile to 00 01 00 00, and even
if you
| >uncheck "confirm open before download" through folder options, you
are still
| >prompted for download and the "always ask..." box is still grayed
out.
Click to expand...

| >Here's a desc on EditFlags (bitwise):
|
| Ah! I'll leave the ones as per d8 07 00 00 quoted...
|
| >0008 The registry entries associated with this file class cannot
| > be edited. New entries cannot be added and existing
| > entries cannot be modified or deleted (e.g. exefile?)
| >0010 The registry entries associated with this file class cannot
| > be deleted
| >0040 Canonical verbs such as open and print cannot be
| > modified or deleted (a common setting)
| >0080 Canonical verbs such as open and print cannot be deleted.
| >0100 The description of the file class cannot be modified or
deleted.
| >0200 The icon assigned to the file class cannot be modified
| > or deleted.
| >0400 The default verb cannot be modified (compare with 0080)
Click to expand...
....


HTH

Robert
---
 
In addition to what I said...
....if it is indeed hardcoded in shdocvw.dll, I must say I don't like such a
policy very much - the registry itself has a way to disable the checkbox
through EditFlags, so what's the point in hardcoding things and thus
limiting the usefulness of the registry? What MS could have done was that
when installing, IE 6 would modify the EditFlags settings accordingly. In
such case the "advanced" user could always go back to the registry and
customize the behaviour...

------------
Something is wrong, because I have no such key as...

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

So, that can't be the one that governs what an .exe does when clicked to
download. It might be an override, though, I guess. Also...

d8 07 00 00

....that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
00000000 00000000. How are you matching it to this...?...

Here's a desc on EditFlags (bitwise):

0001 Exclude the file class.
0002 Show file classes, such as folders, that aren't associated
with a file name extension.
0004 The file class has a file name extension.
0008 The registry entries associated with this file class cannot
be edited. New entries cannot be added and existing
entries cannot be modified or deleted (e.g. exefile?)
0010 The registry entries associated with this file class cannot
be deleted
0020 No new verbs can be added to the file class.
0040 Canonical verbs such as open and print cannot be
modified or deleted (a common setting)
0080 Canonical verbs such as open and print cannot be deleted.

0100 The description of the file class cannot be modified or deleted.
0200 The icon assigned to the file class cannot be modified
or deleted.
0400 The default verb cannot be modified (compare with 0080)
0800 The commands associated with verbs cannot be modified.
1000 Verbs cannot be modified or deleted.
2000 The DDE-related entries cannot be modified or deleted.
8000 The content-type and default-extension entries cannot be
modified or deleted.

0001 0000 The file class's open verb can be safely invoked
for downloaded files (relevant to discussion?)
0002 0000 Do not allow the "Never ask me" check box to be enabled.
The user can override this attribute through
the File Type dialog box.
0004 0000 Always show the file class's file name extension,
even if the user has selected "Hide Extensions"
0010 0000 Don't add members of this file class to the Recent
Documents folder (useful?)

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
message |
| >Thanks for this info.
| >for example, exefile or comfile have by default:
|
| >d8 07 00 00
|
| >(which would be a combination of some of these settings - I'm afraid
I don't
| >understand exactly how this thing works mathematiclally - why are
some of
| >the settings only four digits, and some eight digits? is this binary
or
| >hexadecimal?)
|
| It's hexadecimal, and (in this case) shown lowest order byte first.
| d8 07 00 00 could also be shown as 000007d8, and sometimes is!
|
| Calculator, View; select Scientific. Now you can enter numbers in one
| base and see them displayed in another :-)
|
| d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40 +
| 10 + 08). Look up those values in the EditFlags documentation... the
| 07 above that is 0400 + 0200 + 0100 in the same list.
|
| >The point is that even if you change exefile to 00 01 00 00, and even
if you
| >uncheck "confirm open before download" through folder options, you
are still
| >prompted for download and the "always ask..." box is still grayed
out.
|
| That's interesting, and I suspect that reflects an additional layer of
| control that is particular to IE. I'm not familiar with that part of
| the registry, though I expect it's documented somewhere.
|
| >I don't think this will have anything to do with Outlook, although
Outlook
| >(post 2000 SR-1) also uses the EditFlags settings for level 3
attachments.
| >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
Outlook
| >has a default list of extensions that are considered level 1 (not
| >accessible) and level 2 (you must save them first), and the only
thing you
| >can do is move some from level 1 to level 2 *or* from level 3 to
level 2,
| >but you cannot do anything else.
|
| I suspect that's hard-coded as part of the relevant patch that's been
| integrated into subsequent Outlook and OE, as selected by the Security
| setting to block dangerous attachments. It's been criticized as being
| over-zealous and inflexible (e.g. it blocks .pdf, which are often used
| to send things such as invoices via email).
|
| >Here's a desc on EditFlags (bitwise):
|
| Ah! I'll leave the ones as per d8 07 00 00 quoted...
|
| >0008 The registry entries associated with this file class cannot
| > be edited. New entries cannot be added and existing
| > entries cannot be modified or deleted (e.g. exefile?)
| >0010 The registry entries associated with this file class cannot
| > be deleted
| >0040 Canonical verbs such as open and print cannot be
| > modified or deleted (a common setting)
| >0080 Canonical verbs such as open and print cannot be deleted.
| >0100 The description of the file class cannot be modified or
deleted.
| >0200 The icon assigned to the file class cannot be modified
| > or deleted.
| >0400 The default verb cannot be modified (compare with 0080)
|
| ...makes sense, but doesn't stop malware patching in anyway.
|
|
| >-- Risk Management is the clue that asks:
| "Why do I keep open buckets of petrol next to all the
| ashtrays in the lounge, when I don't even have a car?"
| >----------------------- ------ ---- --- -- - - - -
 
Colorado is no mad experimentalist, and even regrets his recent upgrade
from IE5 to IE5.5. Aldwinkle has better read cquirke than I. Apparently,
the bytes in
d8 07 00 00 must first be reversed to
00 00 07 d6. After that, the ones cquirke chose do make sense.

Still, I think this Registry key is the wrong one to play with.
Somewhere in that Badour .reg is the right key(s) that determines what a
..exe will do. This one just overrides that, but not in the way you want
to. This can only put further restrictions on it. You want to take some
off. Theoretically, you want to...

(a) Remove Registry key(s) that govern what happens when you click to
download an .exe.
(b) Replace them with Registry keys that mirror those of a file type
that does behave as you wish, perhaps .zip.
(c) Hope that Shdocvw.dll really has nothing to do with it or won't
care.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| I also remain confused about how the d8 07 00 00 translates into the
| individual settings.
| I probably also need to do some studying on the "binary values" in the
| Registry, since I really don't get the whole layout, especially once
you
| type in many numbers, then there are some numbers appearing on the
left, and
| some numbers or weird symbols on the right... Should I buy one of
those
| books in the Windows Registry? Which one would you recommend?
|
| As for the registry key you mentioned, PCR, indeed, such a key was
| non-existent on my system, too. I got this key from KB 238723, which
applies
| to IE 5. However, if you create this key, and set the value
| "AlwaysPromptWhenDownload" to 1, then indeed you are always prompted
for all
| files (and the "always ask..." checkbox is disabled). Paradoxically,
in KB
| 238723, it says that if you set the registry key as described above,
and
| apply the patch for shdocvw.dll, then IE won't force the prompt
anymore for
| .exe, and others. (Maybe they made a mistake and they meant set the
value to
| 0 instead of 1?) Anyway, this setting does not help for IE 6. It would
be
| interested if someone with IE 5.0 tried this setting, or even someone
with
| IE 5.5 (Bill in Co?)
| My conclusion seems to be that IE has forced prompts defined for
certain
| file extensions in shdocvw.dll. It would certainly be nice if there
was a MS
| KB article which would confirm this, and discuss exactly what
extensions
| fall into this category. There are such articles for MS Outlook. (By
the
| way, as far as I know .pdf files in Outlook are level 3 attachments,
and can
| be opened directly from the e-mail.)
| Is there a way to request from MS that they publish a KB article
clarifying
| the issue?
|
| Happy New Year! And long live Windows 98! :))
|
|
| | Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (e-mail address removed)
| message | | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <[email protected]>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|
 
Thanks for that URL & for untwisting d8 07 00 00. I think Bútora is
having no symptoms, but just wants to have a .exe install directly from
a site, instead of having to download it first.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| | > Something is wrong, because I have no such key as...
| >
| > HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| > Explorer\Restrictions
| >
| > So, that can't be the one that governs what an .exe does when
clicked to
| > download. It might be an override, though, I guess.
|
| That was the idea. Ivan seems to have an unusual symptom which
| could be explained if that hotfix option was in place. Even if it
was
| not active I was thinking that toggling it on and off might be a way
| of effecting a repair of his (anomalmous?) symptom.
|
|
| > Also...
| >
| > d8 07 00 00
| >
| > ...that is a hex DWORD, with 7 bits set, in binary: 11011000
00001101
| > 00000000 00000000. How are you matching it to this...?...
|
| "cquirke" explained that. (Edited below. I think that the last bit
might
| be easier to think of as
| > | Ah! I'll leave the ones as per 00 00 07 d8 quoted...
| instead of what was written. Then realize that he is listing the bits
| from low-order to high. Also instead of listing "bits" he is listing
their
| powers-of-2 equivalents in hex. So for example if we take the hex
string
| 07d8 and convert it to binary we get: 11111011000; group that
| into 4-bit nibbles for clarity: 0111 1101 1000; now you can see
| that this is the sum (in hex) of 400 + 200 + 100 + 080 + 040 + 010 +
008
| and these are the only bits which he left an explanation for.
|
| BTW here is an MSDN page which contains the same information
| and some more detail
|
| <
|
http://msdn.microsoft.com/library/d...sics_extending/fileassociations/fileassoc.asp >
|
|
|
| ...
| > (e-mail address removed)
| > message | ...
| > | It's hexadecimal, and (in this case) shown lowest order byte
first.
| > | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| > |
| > | Calculator, View; select Scientific. Now you can enter numbers in
one
| > | base and see them displayed in another :-)
| > |
| > | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 +
40 +
| > | 10 + 08). Look up those values in the EditFlags documentation...
the
| > | 07 above that is 0400 + 0200 + 0100 in the same list.
| > |
| > | >The point is that even if you change exefile to 00 01 00 00, and
even
| > if you
| > | >uncheck "confirm open before download" through folder options,
you
| > are still
| > | >prompted for download and the "always ask..." box is still grayed
| > out.
|
| <Outlook stuff snipped>
|
| > | >Here's a desc on EditFlags (bitwise):
| > |
| > | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| > |
| > | >0008 The registry entries associated with this file class cannot
| > | > be edited. New entries cannot be added and existing
| > | > entries cannot be modified or deleted (e.g. exefile?)
| > | >0010 The registry entries associated with this file class cannot
| > | > be deleted
| > | >0040 Canonical verbs such as open and print cannot be
| > | > modified or deleted (a common setting)
| > | >0080 Canonical verbs such as open and print cannot be deleted.
| > | >0100 The description of the file class cannot be modified or
| > deleted.
| > | >0200 The icon assigned to the file class cannot be modified
| > | > or deleted.
| > | >0400 The default verb cannot be modified (compare with 0080)
| ...
|
|
| HTH
|
| Robert
| ---
|
|
 
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/assets/images/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| | Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (e-mail address removed)
| message | | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <[email protected]>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|
 
Chris, I have not looked at those keys yet but I can tell you that many of the
Dword Keys have to be reversed to read them properly. In other words they read
right to left. Take a look and see if that makes a difference in this case.

--
George (Bindar Dundat ©) MS-MVP

For Windows Troubleshooting Tips see;
http://aumha.org/win4/a/tshoot.htm

|
| >Thanks for this info.
| >for example, exefile or comfile have by default:
|
| >d8 07 00 00
|
| >(which would be a combination of some of these settings - I'm afraid I don't
| >understand exactly how this thing works mathematiclally - why are some of
| >the settings only four digits, and some eight digits? is this binary or
| >hexadecimal?)
|
| It's hexadecimal, and (in this case) shown lowest order byte first.
| d8 07 00 00 could also be shown as 000007d8, and sometimes is!
|
| Calculator, View; select Scientific. Now you can enter numbers in one
| base and see them displayed in another :-)
|
| d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40 +
| 10 + 08). Look up those values in the EditFlags documentation... the
| 07 above that is 0400 + 0200 + 0100 in the same list.
|
| >The point is that even if you change exefile to 00 01 00 00, and even if you
| >uncheck "confirm open before download" through folder options, you are still
| >prompted for download and the "always ask..." box is still grayed out.
|
| That's interesting, and I suspect that reflects an additional layer of
| control that is particular to IE. I'm not familiar with that part of
| the registry, though I expect it's documented somewhere.
|
| >I don't think this will have anything to do with Outlook, although Outlook
| >(post 2000 SR-1) also uses the EditFlags settings for level 3 attachments.
| >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode, Outlook
| >has a default list of extensions that are considered level 1 (not
| >accessible) and level 2 (you must save them first), and the only thing you
| >can do is move some from level 1 to level 2 *or* from level 3 to level 2,
| >but you cannot do anything else.
|
| I suspect that's hard-coded as part of the relevant patch that's been
| integrated into subsequent Outlook and OE, as selected by the Security
| setting to block dangerous attachments. It's been criticized as being
| over-zealous and inflexible (e.g. it blocks .pdf, which are often used
| to send things such as invoices via email).
|
| >Here's a desc on EditFlags (bitwise):
|
| Ah! I'll leave the ones as per d8 07 00 00 quoted...
|
| >0008 The registry entries associated with this file class cannot
| > be edited. New entries cannot be added and existing
| > entries cannot be modified or deleted (e.g. exefile?)
| >0010 The registry entries associated with this file class cannot
| > be deleted
| >0040 Canonical verbs such as open and print cannot be
| > modified or deleted (a common setting)
| >0080 Canonical verbs such as open and print cannot be deleted.
| >0100 The description of the file class cannot be modified or deleted.
| >0200 The icon assigned to the file class cannot be modified
| > or deleted.
| >0400 The default verb cannot be modified (compare with 0080)
|
| ...makes sense, but doesn't stop malware patching in anyway.
|
|
| >-- Risk Management is the clue that asks:
| "Why do I keep open buckets of petrol next to all the
| ashtrays in the lounge, when I don't even have a car?"
| >----------------------- ------ ---- --- -- - - - -
 
I think the Badour .reg doesn't really have anything to do with this issue directly - it's only if somebody's .exe entry gets messed up for some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine forced prompts for certain extensions, but I am lead to the conclusion that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing worked. One of the things I did do was completely delete HKCR\.exe and HKCR\exefile, but that did nothing. I have *not* tried other extensions than .exe that fall into this category (such as .com, or probably some scripts).
It would be nice if somebody could confirm or specify what it is that disables the checkbox for certain extensions. If it's in the registry, where is it? If it's a file, which one, and which extensions does it control?
Another reason why I think that shdocvw.dll might determine this is that with Outlook 2000 SR-1, they also hardcoded certain extensions into one of Outlook's files, and what one could do afterwards in the registry was limited, as I had described it before, and as it's stated in MS KB articles.
I must say again that a better policy would have been to allow those things to be controlled by the registry, rather then hardcoding things into program files.
My question again: is it possible to request from MS that they clarify this, and if so, how?

Thanks,

Ivan


-----------------------
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/assets/images/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| | Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (e-mail address removed)
| message | | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <[email protected]>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|
 
Below is Badour's .reg. Hmm, it has those "EditFlags" in a different
key-- two different keys. But I suppose the ones you played with were
overriding these. Yet, I think the solution is somewhere in here. How
did you like the .zip download requestor? That had "Open" & "Save". I
think something below must be undone, but not all of it. Then, you must
discover what the Registry entries are for .zip, & put .exe entries
along side them.

REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:d8,07,00,00

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{86F19A00-42A0-
1069-A2E9-08002B30309D}]
@=""

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
I think the Badour .reg doesn't really have anything to do with this
issue directly - it's only if somebody's .exe entry gets messed up for
some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine
forced prompts for certain extensions, but I am lead to the conclusion
that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing
worked. One of the things I did do was completely delete HKCR\.exe and
HKCR\exefile, but that did nothing. I have *not* tried other extensions
than .exe that fall into this category (such as .com, or probably some
scripts).
It would be nice if somebody could confirm or specify what it is that
disables the checkbox for certain extensions. If it's in the registry,
where is it? If it's a file, which one, and which extensions does it
control?
Another reason why I think that shdocvw.dll might determine this is that
with Outlook 2000 SR-1, they also hardcoded certain extensions into one
of Outlook's files, and what one could do afterwards in the registry was
limited, as I had described it before, and as it's stated in MS KB
articles.
I must say again that a better policy would have been to allow those
things to be controlled by the registry, rather then hardcoding things
into program files.
My question again: is it possible to request from MS that they clarify
this, and if so, how?

Thanks,

Ivan


-----------------------
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/assets/images/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| | Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (e-mail address removed)
| message | | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <[email protected]>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|
 
I also remain confused about how the d8 07 00 00 translates into the
individual settings.
Click to expand...

It's to do with how the values are displayed. The x86 processor
stores binary values in memory from the least significant byte to the
most significant, so the order you get will vary on whether you read
this as a series of bytes, or as a larger binary value.

For example, let's store the hex value 0123456789ABCDEF in RAM:

0000 EF
0001 CD
0003 AB
0004 89
0005 67
0006 45
0007 23
0008 01

If we read these as the bytes stored in address 0000, 0001, 0002 etc.
then we would get the following...

0000 EF CD AB 89 67 45 23 01

....as the 8-byte string from address 0000, in hex. If we read that as
a series of 16-bit words, we would get...

0000 CDEF 89AB 4567 0123

....and as 32-bit long words...

0000 89ABCDEF 01234567

....so it's all a matter of data type structure. Some other processors
store binary numbers from most significant byte to least instead.
My conclusion seems to be that IE has forced prompts defined for certain
file extensions in shdocvw.dll
Click to expand...

It was possibly a belated/emergency clue, to improve safety. As to
why it's hard-coded rather than registry-controlled; let's just say
there are far too many ways for malware to write to the registry.

--------------- ----- ---- --- -- - - -
Click to expand...
Error Messages Are Your Friends
 
OK. Thanks.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
message |
| >I also remain confused about how the d8 07 00 00 translates into the
| >individual settings.
|
| It's to do with how the values are displayed. The x86 processor
| stores binary values in memory from the least significant byte to the
| most significant, so the order you get will vary on whether you read
| this as a series of bytes, or as a larger binary value.
|
| For example, let's store the hex value 0123456789ABCDEF in RAM:
|
| 0000 EF
| 0001 CD
| 0003 AB
| 0004 89
| 0005 67
| 0006 45
| 0007 23
| 0008 01
|
| If we read these as the bytes stored in address 0000, 0001, 0002 etc.
| then we would get the following...
|
| 0000 EF CD AB 89 67 45 23 01
|
| ...as the 8-byte string from address 0000, in hex. If we read that as
| a series of 16-bit words, we would get...
|
| 0000 CDEF 89AB 4567 0123
|
| ...and as 32-bit long words...
|
| 0000 89ABCDEF 01234567
|
| ...so it's all a matter of data type structure. Some other processors
| store binary numbers from most significant byte to least instead.
|
| >My conclusion seems to be that IE has forced prompts defined for
certain
| >file extensions in shdocvw.dll
|
| It was possibly a belated/emergency clue, to improve safety. As to
| why it's hard-coded rather than registry-controlled; let's just say
| there are far too many ways for malware to write to the registry.
|
|
| >--------------- ----- ---- --- -- - - -
| Error Messages Are Your Friends
| >--------------- ----- ---- --- -- - - -
 
PCR, I don't think playing around with values for an individual filetype will help. This affects not only exe, but also many others. For example ..reg. And regfile has EditFlags 00 00 00 00, or you can make it whatever you wish, such as 00 01 00 00, but IE will still force the prompt. (Try here: www.princeton.edu/~ibutora)
So my question now is: Is it possible to request from MS that they clarify where these things are set, what versions of IE are affected, what extensions, etc. How can one request from MS that they publish info about this in a KB article - this should not be a problem, should it?
BTW, there is a thread here which could be an interesting discussion:

IB


Below is Badour's .reg. Hmm, it has those "EditFlags" in a different
key-- two different keys. But I suppose the ones you played with were
overriding these. Yet, I think the solution is somewhere in here. How
did you like the .zip download requestor? That had "Open" & "Save". I
think something below must be undone, but not all of it. Then, you must
discover what the Registry entries are for .zip, & put .exe entries
along side them.

REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:d8,07,00,00

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{86F19A00-42A0-
1069-A2E9-08002B30309D}]
@=""

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
I think the Badour .reg doesn't really have anything to do with this
issue directly - it's only if somebody's .exe entry gets messed up for
some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine
forced prompts for certain extensions, but I am lead to the conclusion
that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing
worked. One of the things I did do was completely delete HKCR\.exe and
HKCR\exefile, but that did nothing. I have *not* tried other extensions
than .exe that fall into this category (such as .com, or probably some
scripts).
It would be nice if somebody could confirm or specify what it is that
disables the checkbox for certain extensions. If it's in the registry,
where is it? If it's a file, which one, and which extensions does it
control?
Another reason why I think that shdocvw.dll might determine this is that
with Outlook 2000 SR-1, they also hardcoded certain extensions into one
of Outlook's files, and what one could do afterwards in the registry was
limited, as I had described it before, and as it's stated in MS KB
articles.
I must say again that a better policy would have been to allow those
things to be controlled by the registry, rather then hardcoding things
into program files.
My question again: is it possible to request from MS that they clarify
this, and if so, how?

Thanks,

Ivan


-----------------------
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/assets/images/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| | Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (e-mail address removed)
| message | | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <[email protected]>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|
 
....
So my question now is: Is it possible to request from MS that they clarify
where these things are set, what versions of IE are affected, what
extensions, etc.
Click to expand...

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---
 
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291369
That makes it clear that there are extensions considered unsafe, and those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it better, I guess!

Ivan


....
So my question now is: Is it possible to request from MS that they clarify
where these things are set, what versions of IE are affected, what
extensions, etc.
Click to expand...

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---
 
Glad to see you have found what you wanted or are closer to it. OK, good
luck with it.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291369
That makes it clear that there are extensions considered unsafe, and
those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it
better, I guess!

Ivan


....
So my question now is: Is it possible to request from MS that they clarify
where these things are set, what versions of IE are affected, what
extensions, etc.
Click to expand...

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File
Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---
 
No, I don't actually want to execute files directly from a website - I just wanted to know how things are.
Thanks Robert, cquirke and PCR!


Glad to see you have found what you wanted or are closer to it. OK, good
luck with it.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291369
That makes it clear that there are extensions considered unsafe, and
those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it
better, I guess!

Ivan


....
So my question now is: Is it possible to request from MS that they clarify
where these things are set, what versions of IE are affected, what
extensions, etc.
Click to expand...

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File
Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---
 
You are welcome.

Absolutely, take care when clicking to download an .exe. Otherwise, go
examine cquirke's site to see what is in the offing!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
No, I don't actually want to execute files directly from a website - I
just wanted to know how things are.
Thanks Robert, cquirke and PCR!


Glad to see you have found what you wanted or are closer to it. OK, good
luck with it.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(e-mail address removed)
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291369
That makes it clear that there are extensions considered unsafe, and
those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it
better, I guess!

Ivan


....
So my question now is: Is it possible to request from MS that they clarify
where these things are set, what versions of IE are affected, what
extensions, etc.
Click to expand...

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File
Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---
 
Back
Top