PM-S said:
Thank you for your response, Robert. I have included a few of the links that
I have come accross in the last day or two for your review. I also devided
into sites that won't work at all without the Active X and those that will.
Some examples of sites that won't work without the ActiveX:
-
http://www.capitalone.com
Won't work in what way? All that I see is a Shockwave Flash ad.
-
https://www.caremark.com/ (I don't see the Active X until after I log on)
I don't want to log on but I do see prompts with just the home page.
More Shockwave Flash. Hint: if you see lots of rapidly changing
complex images, right-click on it and see if you get a Flash command menu.
That's neat. If ActiveX is enabled you get a Shockwave Flash ad;
otherwise you just get a .gif banner ad.
There is a difference. If ActiveX is enabled they tell you your version
of Shockwave Flash. ; )
This one made me regret not having a script debugger installed
on this partition. That's another tool I should have mentioned
in my first reply obviously. And this was the only one I had to
resort to using FiddlerTool for. I think the issue is that the page
has a link to a non-cacheable diagnostic script called urchin.js (?)
which contains this routine:
<extract>
function _uFlash() {
var f="-",n=navigator;
if (n.plugins && n.plugins.length) {
for (var ii=0;ii<n.plugins.length;ii++) {
if (n.plugins[ii].name.indexOf('Shockwave Flash')!=-1) {
f=n.plugins[ii].description.split('Shockwave Flash ')[1];
break;
}
}
} else if (window.ActiveXObject) {
for (var ii=10;ii>=2;ii--) {
try {
var fl=eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash."+ii+"');");
if (fl) { f=ii + '.0'; break; }
}
catch(e) {}
}
}
return f;
}
</extract>
Notice the try ... catch above. That would be where
the prompt would be occurring I think.
Again, I expect that a script debugger would make this
analysis much simpler. E.g. I wouldn't have had to resort
to using FiddlerTool to see the source. ; }
More importantly though it would be much more comforting
actually seeing this code used. E.g. in case there was something
else being executed which I had overlooked.
More Macromedia Flash. (The Verisign Secured Seal at the bottom left.)
This one was hard to spot because it isn't coded conventionally.
E.g. often it is sufficient just to open View Source and do a find for .swf
This could be another example which would have been much easier
to identify using a script debugger. E.g. the HTML which renders the
Flash image is enclosed by <script> tags, so I would assume that
a script debugger might be invoked when it is rendered.
BTW here's a link to a blog page which discusses script debugging
in a bit more detail (courtesy Dave Massy [MSFT])
http://blogs.msdn.com/ie/archive/2004/10/26/247912.aspx
There are quite a few more but I thought that was a good start. I am not
familiar with any of the tools that you mentioned and they will each have to
be evaluated for the envioronment in which I work before I can install them
I have more control over my home system but still have to be careful of doing
things that could impact the other family members. Would you be able to
provide links to the sites that provide these tools so that I can start
gathering information on them? If not, I'll Google them and see what I come
up with.
Did I mention SysInternals? Oops. No I didn't. That's the site name
where you would get FileMon and RegMon. Actually it turns out I didn't
have to use them with these examples but they are both really useful tools
for many bits of analysis.
FiddlerTool has its own site and an affiliation with Microsoft
since it was written by Eric Lawrence, a Microsoft employee.
I am also unfamiliar with IMO and FWIW. Would you mind elaborating
on those a bit or pointing me to a site where I can get more familiar with
them?
New to newsgroups? ; ) Search keyword would be acronyms
http://www.freewarehof.org/acronyms.html
(Google web search for
IMO FWIW inurl:acronyms
)
Thanks again for the help.
Happy to help <w>
Robert
