Tools that are used to make web pages more powerful and versatile can also make computers more vulnerable to attacks. These are some examples of web tools:
- ActiveX - Technology created by Microsoft to control interactivity on web pages. If ActiveX is enabled on a web page, an applet or small program must be downloaded to gain access to the full functionality.
- Java - Programming language that allows applets to run within a web browser. Examples of Java applets include a calculator or a page-hit counter.
- JavaScript - Programming language developed to interact with HTML source code to allow websites to be interactive. Examples include a rotating banner or a pop-up window.
- Adobe Flash - Multimedia tool used to create interactive media for the web. Flash is used for creating animation, video, and games on web pages.
- Microsoft Silverlight - Tool used to create rich, interactive media for the web. Silverlight is similar to Flash with many of the same features.
Attackers might use any of these tools to install a program on a computer. To prevent these attacks, most browsers have settings that force the computer user to authorize the downloading or use of these tools.
ActiveX Filtering
When browsing the web, some pages may not work properly unless you install an ActiveX control. Some ActiveX controls are written by third parties and may be malicious. ActiveX filtering allows web browsing without running ActiveX controls.
After an ActiveX control has been installed for a website, the control runs on other websites as well. This may degrade performance or introduce security risks. When ActiveX filtering is enabled, you can choose which websites are allowed to run ActiveX controls. Sites that are not approved cannot run these controls, and the browser does not show notifications for you to install or enable them.
To enable ActiveX Filtering in Internet Explorer 9, use the following path, as shown in Figure 1:
Tools > ActiveX Filtering
To view a website that contains ActiveX content when ActiveX filtering is enabled, click the blue ActiveX Filtering icon in the address bar, and click Turn off ActiveX Filtering.
After viewing the content, you can turn ActiveX filtering for the website back on by following the same steps.
Pop-up Blocker
A pop-up is a web browser window that opens on top of another web browser window. Some pop-ups are initiated while browsing, such as a link on a page that opens a pop-up to deliver additional information or a close-up of a picture. Other pop-ups are initiated by a website or advertiser and are often unwanted or annoying, especially when multiple pop-ups are opened at the same time on a web page.
A pop-up blocker is a tool that is built into a web browser or operates as a standalone program. It enables a user to limit or block most of the pop-ups that occur while browsing the web. The pop-up blocker built into Internet Explorer is turned on by default when the browser is installed. When a web page is encountered that contains pop-ups, a message is displayed that a pop-up has been blocked. A button in the message can be used to allow the pop-up once, or change the pop-up blocking options for the Web page.
To turn off the pop-up blocker in Internet Explorer, use the following path:
Tools > Pop-up Blocker > Turn off Pop-up Blocker
To change the settings of the pop-up blocker in Internet Explorer, use the following path:
Tools > Pop-up Blocker > Pop-up Blocker settings
The following Pop-up Blocker settings can be configured, as shown in Figure 2:
- Add a website to allow pop-ups from it
- Change notifications when blocking pop-ups
- Change the level of blocking. High blocks all pop-ups, Medium blocks most automatic pop-ups, and Low allows pop-ups from secure sites.
SmartScreen Filter
In Internet Explorer, the SmartScreen Filter, shown in Figure 3, detects phishing websites, analyzes websites for suspicious items, and check sites and downloads a list of sites and files that are known to be malicious. SmartScreen Filter is turned on by default when Internet Explorer is installed. To turn off SmartScreen Filter, use the following path:
Tools > SmartScreen Filter > Turn off SmartScreen Filter
To analyze the current web page, use the following path:
Tools > SmartScreen Filter > Check this website
To report a suspicious web page, use the following path:
Tools > SmartScreen Filter > Report unsafe website