ie 7 phishing filter

I just noticed the first time page in IE 7 is http://runonce.msn.com/runonce2.aspx which allows user to enable the phishing filter from a client-side javascript? Could a malicious website turn it off through javascript?

Hard to explain, but have you seen about:blank? Well there's another HTML page like that except not called :blank which links in with a DLL file. In fact, the page you see http://runonce.msn.com/runonce2.aspx can only be viewed in IE7 and is linked in with that DLL file, so it's pretty secure still.
And ASPX is Active Server Page Extended... so it's actually server side :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Howard" wrote in message

I just noticed the first time page in IE 7 is http://runonce.msn.com/runonce2.aspx which allows user to enable the phishing filter from a client-side javascript? Could a malicious website turn it off through javascript?

I disagree. this javascript calls an active x object (oShellHelper) to enable the phishing filter. I actaully watched my browser to connect to runonce.com.com so it's not a local dll. that page is written in aspx but the script that enables the phishing filter is javascript and it's client side.
oShellHelper.CustomizeSettings(vchkSQM, vchkPhishing, vLocale);
<OBJECT id="oShellHelper" classid="clsid:64AB4BB7-111E-11d1-8F79-00C04FC2FBE1" VIEWASTEXT> <!-- <i>Something failed!</i>--> </OBJECT>
Have you seen websites that bypasses IE6 SP2's popup blocker? One of microsoft's website uses an activex call to bypass the popup blocker, i think it's windows update. Spammer are able to call the same activex object, since it's installed on every computer and it's digitally signed.
Howard
"Zack Whittaker (R2 Mentor)" wrote in message

Hard to explain, but have you seen about:blank? Well there's another HTML page like that except not called :blank which links in with a DLL file. In fact, the page you see http://runonce.msn.com/runonce2.aspx can only be viewed in IE7 and is linked in with that DLL file, so it's pretty secure still.
And ASPX is Active Server Page Extended... so it's actually server side :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Howard" wrote in message I just noticed the first time page in IE 7 is http://runonce.msn.com/runonce2.aspx which allows user to enable the phishing filter from a client-side javascript? Could a malicious website turn it off through javascript?

Seriously? Microsoft really weren't thinking when they did that one. What happened to their "Trustworthy Computing" initiative, eh?
"Howard" wrote in message

I disagree. this javascript calls an active x object (oShellHelper) to enable the phishing filter. I actaully watched my browser to connect to runonce.com.com so it's not a local dll. that page is written in aspx but the script that enables the phishing filter is javascript and it's client side.
oShellHelper.CustomizeSettings(vchkSQM, vchkPhishing, vLocale);
OBJECT id="oShellHelper" classid="clsid:64AB4BB7-111E-11d1-8F79-00C04FC2FBE1" VIEWASTEXT !-- <i>Something failed!</i>-- /OBJECT
Have you seen websites that bypasses IE6 SP2's popup blocker? One of microsoft's website uses an activex call to bypass the popup blocker, i think it's windows update. Spammer are able to call the same activex object, since it's installed on every computer and it's digitally signed.
Howard
"Zack Whittaker (R2 Mentor)" wrote in message Hard to explain, but have you seen about:blank? Well there's another HTML page like that except not called :blank which links in with a DLL file. In fact, the page you see http://runonce.msn.com/runonce2.aspx can only be viewed in IE7 and is linked in with that DLL file, so it's pretty secure still.
And ASPX is Active Server Page Extended... so it's actually server side :o)
-- Zack Whittaker Microsoft Beta (Windows Server R2 Beta Mentor) » ZackNET Enterprises: www.zacknet.co.uk » MSBlog on ResDev: http://msblog.resdev.net » ZackNET Forum: www.zacknet.co.uk/forum » VistaBase: www.zacknet.co.uk/vistabase » This mailing is provided "as is" with no warranties, and confers no rights. All opinions expressed are those of myself unless stated so, and not of my employer, best friend, mother or cat. Let's be clear on that one!
--- Original message follows --- "Howard" wrote in message I just noticed the first time page in IE 7 is http://runonce.msn.com/runonce2.aspx which allows user to enable the phishing filter from a client-side javascript? Could a malicious website turn it off through javascript?