How to disable ActiveX Security warning ?

[Arnold Peters]

On a computer with IE 6.0+SP1 under Win2000+SP4 I get occasionally warning popups with the text
"This page provides potentially unsafe information to an ActiveX control. Your current settings
prohibit running...."

Yes, I know it. But how do I permanently disbale the popup of this info dialog?

Arnold

 

[Vanguard]

On a computer with IE 6.0+SP1 under Win2000+SP4 I get occasionally warning
popups with the text
"This page provides potentially unsafe information to an ActiveX control.
Your current settings
prohibit running...."

Yes, I know it. But how do I permanently disbale the popup of this info
dialog?

Arnold

"Your current settings ..."

Well, change them if you want to never be warned that a site is downloading
and infecting your system with an AX control.

Internet Options -> Security -> Internet zone
Change whichever settings you want.

 

[Sid Knee]

"Your current settings ..."

Well, change them if you want to never be warned that a site is
downloading and infecting your system with an AX control.

Internet Options -> Security -> Internet zone
Change whichever settings you want.

Not that simple. As I understand Arnold, he *wants* ActiveX turned off
(in Internet Options -> Security -> Internet zone) for security reasons.

However, when you do that you are "punished" by having a warning pop-up
every damn time you hit a page with an ActiveX control (which is like
90% of pages). You then have to close the pop-up before proceeding. What
he wants to do is to stop the warning pop-up, not loosen his security.
He knows he's got ActiveX turned off: he doesn't need to be constantly
reminded. Unfortunately, this pop-up doesn't have the normal "do not
warn me again checkbox". I can't believe anyone gave this any serious
thought when they programmed it - it's completely senseless. Why give
people the option to de-activate ActiveX then nag them incessantly when
they take up that option? (Unless it's MS's way of promoting the use of
ActiveX despite security concerns).

And Arnold, I completely sympathise - I have the same problem and have
posted here and elsewhere several times but never got an answer (other
than the non-sequiteur of loosening up security again). I suspect there
isn't any other way to do it. Personally, I view this as a security bug
since it may lead to people opening their security more than they feel
they need, just to stop the annoyance.

 

[Vanguard]

Not that simple. As I understand Arnold, he *wants* ActiveX turned off (in
Internet Options -> Security -> Internet zone) for security reasons.

However, when you do that you are "punished" by having a warning pop-up
every damn time you hit a page with an ActiveX control (which is like 90%
of pages). You then have to close the pop-up before proceeding. What he
wants to do is to stop the warning pop-up, not loosen his security. He
knows he's got ActiveX turned off: he doesn't need to be constantly
reminded. Unfortunately, this pop-up doesn't have the normal "do not warn
me again checkbox". I can't believe anyone gave this any serious thought
when they programmed it - it's completely senseless. Why give people the
option to de-activate ActiveX then nag them incessantly when they take up
that option? (Unless it's MS's way of promoting the use of ActiveX despite
security concerns).

And Arnold, I completely sympathise - I have the same problem and have
posted here and elsewhere several times but never got an answer (other
than the non-sequiteur of loosening up security again). I suspect there
isn't any other way to do it. Personally, I view this as a security bug
since it may lead to people opening their security more than they feel
they need, just to stop the annoyance.

I added my ISP's home page and Macromedia's home page to the Restricted
Sites security zone list. This means that all AX options are disabled. No
popups. Got any other AX-rich sites that I could test because I'm not
seeing the popups you are complaining about.

 

[Sid Knee]

I added my ISP's home page and Macromedia's home page to the Restricted
Sites security zone list. This means that all AX options are disabled.
No popups. Got any other AX-rich sites that I could test because I'm
not seeing the popups you are complaining about.

I don't know about AX-rich but this site will always give me (two)
pop-ups on the page:

http://www3.sympatico.ca/deepak/cadcam/

This site is in my "Internet-Zone" i.e. it is not in my "Trusted" or
"Restricted" Sites.

Under Internet-Zone, I have the all AX settings *fully disabled* i.e. :

- D/L signed AX
- D/L unsigned AX
- Init & Script AX not marked as safe
- Script AX marked as safe

(In my Trusted-Sites these are either enabled or set to prompt.
In my Restricted-Sites all AX and just about everything else is disabled).

An interesting thing about your comment and my experience is that it
would suggest that if you have AX disabled in the Internet-Zone, you get
the pop-up for sites in that zone but the same setting in the Restricted
Zone would not produce a pop-up for sites in that zone. That is, that IE
doesn't bother to warn you for Restricted-Zone sites. Not a hell of a
lot of use though if you want to disable AX for all but Trusted-Zone sites.

This is not a problem unique to a few peoples setups nore is it recent.
A Google search will return many hits of people complaining in various
online groups dating back 3 or 4 years.

Incidentally in my Googling around, I came up with a potential
workaround. there is a little program called "ptfb" (Push The Freakin'
Button) which can be set to answer/close pop-up windows automatically so
that might help.

 

[Vanguard]

I don't know about AX-rich but this site will always give me (two) pop-ups
on the page:

http://www3.sympatico.ca/deepak/cadcam/

This site is in my "Internet-Zone" i.e. it is not in my "Trusted" or
"Restricted" Sites.

Under Internet-Zone, I have the all AX settings *fully disabled* i.e. :

- D/L signed AX
- D/L unsigned AX
- Init & Script AX not marked as safe
- Script AX marked as safe

(In my Trusted-Sites these are either enabled or set to prompt.
In my Restricted-Sites all AX and just about everything else is
disabled).

An interesting thing about your comment and my experience is that it would
suggest that if you have AX disabled in the Internet-Zone, you get the
pop-up for sites in that zone but the same setting in the Restricted Zone
would not produce a pop-up for sites in that zone. That is, that IE
doesn't bother to warn you for Restricted-Zone sites. Not a hell of a lot
of use though if you want to disable AX for all but Trusted-Zone sites.

This is not a problem unique to a few peoples setups nore is it recent. A
Google search will return many hits of people complaining in various
online groups dating back 3 or 4 years.

Incidentally in my Googling around, I came up with a potential workaround.
there is a little program called "ptfb" (Push The Freakin' Button) which
can be set to answer/close pop-up windows automatically so that might
help.

I also tried active-x.org which won't display anything on their home page if
AX is disabled.

As far as your test site goes, and after adding "*.sympatico.ca" to the list
of sites in the Restricted Sites security zone (and after disabling
PopUpCop), there were no popups when visiting that page. Of course, since
it relies on AX to even paint the page, the page is blank. In the status
bar for IE, it shows "Done" on the left (nothing else to retrieve for the
page) and "Restricted Sites" on the right (because the domain is blacklisted
in the Restricted Sites security zone). Nope, no popups and, nope, not even
the infobar shows up in IE. AX is disabled and there are no prompts. If I
remove that domain from the sites list in the Restricted Sites security
zone, its AX controls can run to retrieve the page content and the page
paints normally.

So disabling AX in the settings for the security zone in which the domain is
rendered will affect whether or not AX gets downloaded and/or used, and the
settings will decide whether you see the infobar prompt or not.

 

[Sid Knee]

As far as your test site goes, and after adding "*.sympatico.ca" to the
list of sites in the Restricted Sites security zone (and after disabling
PopUpCop), there were no popups when visiting that page. Of course,
since it relies on AX to even paint the page, the page is blank. In the
status bar for IE, it shows "Done" on the left (nothing else to retrieve
for the page) and "Restricted Sites" on the right (because the domain is
blacklisted in the Restricted Sites security zone). Nope, no popups
and, nope, not even the infobar shows up in IE. AX is disabled and
there are no prompts. If I remove that domain from the sites list in
the Restricted Sites security zone, its AX controls can run to retrieve
the page content and the page paints normally.

So disabling AX in the settings for the security zone in which the
domain is rendered will affect whether or not AX gets downloaded and/or
used, and the settings will decide whether you see the infobar prompt or
not.

If I'm understanding you correctly, that would suggest that to have AX
disabled by default for all sites other than those specifically allowed
in "Trusted-Sites" I would have to add all those sites to the Restricted
list - which is obviously impractical - or face the pop-up. Which means
we are back to square one. The fact that the pop-up doesn't occur for
sites on the restricted list is an interesting curiousity but really a
non-sequiteur.

Also, on that test site, when I get the information pop-up ... which
warns me that AX is disabled and that the page *might* not display
correctly (my emphasis) ... I manually close the pop-up. At that time
the page is not blank as you have found but displays mostly normally (so
it doesn't, apparently, "rely on AX to even paint the page" as you contend).

And this is typical of my experience. Most pages display perfectly well
without AX. A few have minor display issues, not normally a problem.
Occasionally a page has things that simply don't work with AX disabled.

 

[Vanguard]

If I'm understanding you correctly, that would suggest that to have AX
disabled by default for all sites other than those specifically allowed in
"Trusted-Sites" I would have to add all those sites to the Restricted
list - which is obviously impractical - or face the pop-up. Which means we
are back to square one. The fact that the pop-up doesn't occur for sites
on the restricted list is an interesting curiousity but really a
non-sequiteur.

Why would you enter millions of sites, most you would never know about or
visit, in the Restricted Sites zone rather than enter a couple dozen of the
ones that you really do trust in the Trusted zone? You trust a lot fewer
sites than you distrust. If you have any sites listed in the Restricted
Sites zone, only those added by 3rd party anti-malware programs, like
SpywareBlaster, should you bother to include in this list (as a safety net)
or just the few you hit that you want to thereafter throttle their potency.

Add all the sites you trust to the Trusted Sites zone. You have what, maybe
2 dozen, if that, for truly trusted sites?

Configure the Internet security zone to set to *Disabled* the option
"Automatic prompting for ActiveX controls". Instead of getting the popup in
the middle of the window that you have to close to get out of the way,
you'll instead see the drop-down infobar under the toolbars. Far less
intrusive to your browsing. Some sites know that this setting will remove
the popup window to alert you to the download attempt and remind you to
check for the yellow infobar (where you right-click if you decide to permit
the download).

After setting the above, perform the following test (this assumes that you
have not already downloaded their AX control). Navigate to
http://www.pestpatrol.com and click on the Free Spyware Scan button. On the
next page, click the Scan Now button. CA attempts to download their AX
control which runs locally to download the signatures and runs locally to
scan your drive. When you click on that Scan Now button, the next page
displays but you see the infobar show up under the toolbars. Rather than
have a popup appear in the middle of the window which is infuriating because
it interferes with your navigation, you lose all of one row in the page to
show the infobar (where you can right-click to permit the AX download).

Next test. Also set to Disabled the the option "Download signed ActiveX
controls" in the Internet security zone (the option "Download UNsigned
ActiveX controls" should already be disabled). Redo the PestPatrol online
scan above. You get the infobar but now there is no right-click option to
download the AX control (because downloads have been disabled).

So you can get rid of the interferring popup and replace it with the much
less intrusive drop-down infobar. Whether you have the option using the
infobar to proceed to download the AX control (since you might hit a site
where you want their AX control) then just right-click on the infobar. If
you don't want to ever download any AX controls at any site other than those
in the Trusted Sites zone, then you can configure IE that way, too. While
you cannot totally get rid of any alert or prompt regarding AX controls
(since that is Microsoft's bent), the infobar really isn't that intrusive.
Often I don't even notice it is there unless I really am trying to get the
AX control and ponder why the download doesn't proceed, like I'm at
Macromedia trying to get their newest Flash player which is an AX control.

 

[Sid Knee]

Why would you enter millions of sites, most you would never know about
or visit, in the Restricted Sites zone rather than enter a couple dozen
of the ones that you really do trust in the Trusted zone? You trust a
lot fewer sites than you distrust. If you have any sites listed in the
Restricted Sites zone, only those added by 3rd party anti-malware
programs, like SpywareBlaster, should you bother to include in this list
(as a safety net) or just the few you hit that you want to thereafter
throttle their potency.

It's taken a long time to get there but ...

You were the one that raised the issue of the restricted sites zone - I
never did and couldn't see why it was relevant (and said so). I simply
pointed out that to use it in the manner you were suggesting would
involve adding millions of sites and was impractical. I certainly didn't
suggest that I thought it was a serious consideration ... a point on
which you now appear to agree (although you've turned it round on me).

Add all the sites you trust to the Trusted Sites zone. You have what,
maybe 2 dozen, if that, for truly trusted sites?

As I noted earlier in the thread this is *exactly* how I have my machine
setup.

Configure the Internet security zone to set to *Disabled* the option
"Automatic prompting for ActiveX controls". Instead of getting the
popup in the middle of the window that you have to close to get out of
the way, you'll instead see the drop-down infobar under the toolbars.
Far less intrusive to your browsing. Some sites know that this setting
will remove the popup window to alert you to the download attempt and
remind you to check for the yellow infobar (where you right-click if you
decide to permit the download).

If you mean "Automatic prompting for ActiveX controls" literally, I have
no setting labelled in those words either under the <Security> tab or
under the advanced settings.

As I said earlier in the thread the following Security settings for
Internet-Zone are all set to "disabled" (not enabled or prompt)

- D/L signed AX
- D/L unsigned AX
- Init & Script AX not marked as safe
- Script AX marked as safe

these are the only AX settings that I can find.


Incidentally, what version of windows are you running? (I'm on Win2K Pro).

 

[Vanguard]

If you mean "Automatic prompting for ActiveX controls" literally, I have
no setting labelled in those words either under the <Security> tab or
under the advanced settings.

- Tools -> Internet Options -> Security tab
- Select "Internet" security zone.
- Click the Custom Level button (might say "Medium" or another string if you
are using a preset level). It is the left one of the two buttons within the
"Security level for this zone" section within the Security panel.
- First section is titled ".NET Framework-reliant components"
- Second section is titled "ActiveX controls and plug-ins"
The first option in the second section is titled "Automatic prompting for
ActiveX controls". Set to Disable. Now you'll get the infobar drop-down
instead of the popup window.

For me, the About dialog in Internet Explorer says that I am using version
6.0.2900.2180.xpsp_sp2_gdr.050301-1519. Maybe you are using an older
version of IE. Probably depends on whatever version of Windows that you
use. I have Windows XP.

 

[Sid Knee]

- Tools -> Internet Options -> Security tab
- Select "Internet" security zone.
- Click the Custom Level button (might say "Medium" or another string if
you are using a preset level). It is the left one of the two buttons
within the "Security level for this zone" section within the Security
panel.
- First section is titled ".NET Framework-reliant components"
- Second section is titled "ActiveX controls and plug-ins"
The first option in the second section is titled "Automatic prompting
for ActiveX controls". Set to Disable. Now you'll get the infobar
drop-down instead of the popup window.

Nope ... I don't have "Automatic prompting for ActiveX controls". I have
only those options that I previously stated.

For me, the About dialog in Internet Explorer says that I am using
version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519. Maybe you are using an
older version of IE. Probably depends on whatever version of Windows
that you use. I have Windows XP.

Well, there's the answer. Your IE is the XP-specific version. Mine is
the (latest) version for Win2K - fully updated via Windows Update (shows
as 6.0.2800.1106 SP1 Q823353)

Looks like MS finally provided some relief from this pest but didn't
bother to support earlier OS's.