Re: How to prevent my information from being accessed by webpages



Ant wrote:

"Sebastian G." wrote:

Ant wrote:
Error messages (e.g. 404) don't appear in my IE without OK-ing an
ActiveX prompt.
Interesting. How did you get such a configuration?

By tweaking the registry values under ...\Internet Settings\Zones\0


And which exactly? I configured everything possible for the Local Zone, including everything from IE's GUI as well as all group policies.

Many people would find that a nuisance when performing some normal
day-to-day operations but I tend not to operate normally.


I know, even the SCM msc applet hicks up when deactivating scripting for the local zone.

Still I couldn't reproduce your finding that the Help Message Generator COM Controls from MSIE's internal resource pages could not be instantiated.

Instantiation already happens before it tries to apply its policies.

Perhaps limiting ActiveX in *all* zones would stop it.


No, that won't help either: The problem is that the instantiation is done by the COM Server (typically running in the DCOM Server Service), and it has its own policies and configuration. And its default policy is to automatically download, install and update every control it stumbles upon.

I've yet to see a control instantiated that I haven't explicitly allowed.


LOL? Even the list view in Windows Explorer is implemented by a COM Control.
.