Tool to fix IE nags and restrictions


M

Mayayana

| > IE MD is an HTA powered by VBScript.
|
| The doctor is ill. :)
|
| I guess it's that combination of IE and VB that gives me the running
heebies.

:) You don't like VBScript? I think it gets a bad
reputation because it's mainly used by system
administrators. Most non-tech. people don't know
about it. And it's been used to produce viruses.
As a result VBS files are often treated by AV with
even more suspicion than EXE files. (You do
realize that if you enable script in your browser
you're taking a risk with every webpage?)

Ironically, if the tool were an EXE you would have
little way of knowing what's in it.
 
Ad

Advertisements

M

Mayayana

| Why has it all of a sudden become a common practice of cross-posting
| between a win-98 group and XP / Windows7 groups?
|

I actually borrowed the link from the earlier post about
Firefox, but....

|
| Will this tool run on windows 98?
|

...yes, it does run on Win98. It was originally written
for Win98. It runs on any Windows version that can run
an HTA, which is anything with IE5 or later. (It could
even run on Win95 with IE4 if the file extension is changed
to HTML, but IE4 on Win95 has very few problems, with
the notable exception of ISP advertising on the IE GUI.)

Some of the settings are not relevant to Win98/IE5, but
many of them are.

I didn't intend to clog the group or post spam. I'm just
trying to share a potentially handy tool, so that others
don't have to reinvent the wheel. But I will think twice next
time. I had no idea that so many people would get so
angry about being offered free code and utilities. :)
 
D

Dave \Crash\ Dummy

Mayayana said:
| One option that I don't see immediately available is making Zone 0
| settings visible. Do you have any clues?

That's in there, under the misc. settings, near the bottom. But in my
experience there's a bug or change in Windows 7. It works with IE5-8
on XP. I haven't tested on Vista. When I try it with IE8 on Win7 I
find that it makes the computer icon visible for the local zone, but
it doesn't work when clicked!

Also see the "Setting Security Options" window. You probably already
know about this, but Zone 0 is normally overridden by Local Machine
Lockdown. It can also be overridden by Group Policy settings. And in
some cases it's overriden by HKLM settings. Yet in all cases, what
you see on the Security tab is only your own HKCU settings coming
from:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0

So even accessing the Security tab settings for Zone 0 is a mixed
blessing.

It's all explained in the "Setting Security Options" window. There's
also a utility there to change all 8 possible settings at once. (The
visible one plus the other 7 that could be the values actually in
effect.) IE settings have become so convoluted that I decided it was
easiest to just write my scripts to change any security zone value in
all 8 possible locations.

The 8-setting function might also be useful as template code, but
it's a bit tricky to work it out. For convenience the functions use a
simple Registry class, which itself wraps a more involved Registry
class that uses the WMI StdRegProv. (StdRegProv is so poorly designed
that I like to keep at least 1 class interface between my code and
the StdRegProv functions. :)

When you click the button for the 8-value setting it calls
ButSetSec_click. That calls SetIESecVal8 in the main class. That
calls SetIESecurityValue in the IERegFuncs class, which calls
Registry functions in the WMI class. SetIESecurityValue demonstrates
the basic operation.

I'm glad you asked about that. I just found a typo that would cause
the 8-value setting to fail. Where it was like this:

Public Sub SetIESecVal8(sVal, iVal, sZone, DType) SetIESecurityValue
sVal, iVal, sZone, DataType End Sub

when it should have been like this:

Public Sub SetIESecVal8(sVal, iVal, sZone, DType)
CReg.SetIESecurityValue sVal, iVal, sZone, DataType End Sub

( I've been searching for typos and bugs for days, but it's a big
code base and I missed that one. An updated version has been
uploaded.)
Yes, I should have specified. I mean for IE8 on Windows 7. The fixes
that worked with IE6 on Windows 2000 don't work here. This has been less
of a problem for me with the availability of HTA, which is like a local
HTM zone with NO restrictions!
 
M

Mayayana

| One option that I don't see immediately available is making Zone 0
| settings visible. Do you have any clues?

That's in there, under the misc. settings, near the
bottom. But in my experience there's a bug or change
in Windows 7. It works with IE5-8 on XP. I haven't
tested on Vista. When I try it with IE8 on Win7 I
find that it makes the computer icon visible for the
local zone, but it doesn't work when clicked!

Also see the "Setting Security Options" window. You
probably already know about this, but Zone 0 is normally
overridden by Local Machine Lockdown. It can also
be overridden by Group Policy settings. And in some cases
it's overriden by HKLM settings. Yet in all cases, what
you see on the Security tab is only your own HKCU
settings coming from:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0

So even accessing the Security tab settings for Zone 0
is a mixed blessing.

It's all explained in the "Setting Security Options" window.
There's also a utility there to change all 8 possible settings
at once. (The visible one plus the other 7 that could be
the values actually in effect.) IE settings have become so
convoluted that I decided it was easiest to just write my
scripts to change any security zone value in all 8 possible
locations.

The 8-setting function might also be useful as template
code, but it's a bit tricky to work it out. For convenience
the functions use a simple Registry class, which itself wraps
a more involved Registry class that uses the WMI StdRegProv.
(StdRegProv is so poorly designed that I like to keep at
least 1 class interface between my code and the StdRegProv
functions. :)

When you click the button for the 8-value setting it calls
ButSetSec_click. That calls SetIESecVal8 in the main class.
That calls SetIESecurityValue in the IERegFuncs class, which
calls Registry functions in the WMI class. SetIESecurityValue
demonstrates the basic operation.

I'm glad you asked about that. I just found a typo that
would cause the 8-value setting to fail. Where it
was like this:

Public Sub SetIESecVal8(sVal, iVal, sZone, DType)
SetIESecurityValue sVal, iVal, sZone, DataType
End Sub

when it should have been like this:

Public Sub SetIESecVal8(sVal, iVal, sZone, DType)
CReg.SetIESecurityValue sVal, iVal, sZone, DataType
End Sub

( I've been searching for typos and bugs for days, but it's
a big code base and I missed that one. An updated version
has been uploaded.)
 
M

Mayayana

| I also disable Java because that IS
| pretty much a sealed executable. Flash too,

Yes. I don't even have either of those installed.
I don't understand what you mean by disabling VBScript
while allowing javascript, though. In IE? They're functionally
the same thing. The only options are to enable or disable
script.
 
L

Lostgallifreyan

| I also disable Java because that IS
| pretty much a sealed executable. Flash too,

Yes. I don't even have either of those installed.
I don't understand what you mean by disabling VBScript
while allowing javascript, though. In IE? They're functionally
the same thing. The only options are to enable or disable
script.
I don't use IE, but I think Opera and Firefox will let both get switched
independently. I think IE v6 might have.
 
Ad

Advertisements

M

Mayayana

| > I don't understand what you mean by disabling VBScript
| > while allowing javascript, though. In IE? They're functionally
| > the same thing. The only options are to enable or disable
| > script.
| >
| >
| >
|
| I don't use IE, but I think Opera and Firefox will let both get switched
| independently. I think IE v6 might have.

Actually VBScript is a Microsoft invention. Netscape
had javascript in the 90s and MS was competing with
IE. They came up with their own "jscript", which was
essentially javascript, and added VBScript as a second
option. The original VBScript books talk about it as a
web scripting langauge that "will soon be widely supported".
But none of the other browser companies ever added
support.

In IE, VBS and JS are functionally equivalent. They're just
two optional script languages. In all other browsers VBS is
not recognized. (Unless you count the IE wrappers like
Maxthon.)

In the late 90s MS created the Windows Script Host,
a GUI scripting tool to replace the dated DOS batch files,
for use by tech. support, sys. admins, etc. WSH added one
critical method that greatly expanded scripting: the ability
to load COM objects. WSH supports VBS and JS by default.
Again, both are roughly equivalent in the WSH context.

With IE5, MS came out with HTAs ("HTML Application").
An HTA is basically a webpage with no security restrictions
except one: It can only be run locally. (Anything like disabling
script that you set for IE does not apply if you change the
file extension to .hta.)

So HTAs combine the extensive programming power of
unrestricted script (VBS or JS) with the incredibly flexible
ability of script in IE to respond dynamically in a webpage.
The result is the ability to make something very similar to
compiled software. But it's easier; the code is just script
and the GUI is just a webpage. (It's basically "cloud apps",
with the added advantages that it works better, and that
it's not in the cloud. :)

So VBS and JS are the same in terms of risk. They
carry inherent risk in the browser because they provide
programmability. They carry more risk in IE online because
they can be used to script ActiveX controls, which are
essentially compiled software programs. They carry risk
in Windows because they contain executable code -- like
a .bat or .exe file.

The meaning of "VB" depends on the context. VB is a
programming language for writing compiled software. VBA
is very similar, but used in MS Office. VBScript looks a lot
like a subset of VB, but it's script, which is a whole different
animal. (Like C++ vs javascript.) VB.Net is a VB-ish
language for writing .Net assemblies. Four VBs. What they
all share is little more than a similarity in terms of syntax.
 
D

dadiOH

thanatoid said:
I really don't care, because I haven't used IE since 2001. And
WHAT exactly did you download? There is nothing called "Internet
Explorer Doctor" anywhere to be found on the net. Or I am
getting REALLY senile?
Try "IE MD" which is the name given by Mayayana.

--

dadiOH
____________________________

dadiOH's dandies v3.06...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
 
D

Dave \Crash\ Dummy

Mayayana said:
| > I don't understand what you mean by disabling VBScript | >
while allowing javascript, though. In IE? They're functionally | >
the same thing. The only options are to enable or disable | > script.
| > | > | > | | I don't use IE, but I think Opera and Firefox will
let both get switched | independently. I think IE v6 might have.
With IE5, MS came out with HTAs ("HTML Application"). An HTA is
basically a webpage with no security restrictions except one: It can
only be run locally. (Anything like disabling script that you set for
IE does not apply if you change the file extension to .hta.)

So HTAs combine the extensive programming power of unrestricted
script (VBS or JS) with the incredibly flexible ability of script in
IE to respond dynamically in a webpage. The result is the ability to
make something very similar to compiled software. But it's easier;
the code is just script and the GUI is just a webpage. (It's
basically "cloud apps", with the added advantages that it works
better, and that it's not in the cloud. :)
<snipped>

I use HTA extensively for local applications, including some pretty
fancy stuff, as well as some quicky tables.
 
T

thanatoid

True. I disable VBS in mine, I'd like to do that to
JavaScript too but I use that myself, and it's worth the
risk. I used to like the BASIC language, still do in its
influence on Lua and Psion OPL, but so many of the recent
forms popularised means to write bad code, bloated code,
and I found disabling it the easiest choice to make. I also
disable Java because that IS pretty much a sealed
executable. Flash too, I distrust, same reason, plus it's
very definitely exploited to do dodgy things. A system can
crash by flash just because too much of it is on a page, it
doesn't have to be malicious to do more harm than most
genuinely malicious code can do.
I use ScriptSentry, and while it catches all scripts (of various
kinds) when I mess around offline, it has yet to warn me against
a script on a webpage. But then again, I use OB1 99.5% of the
time.

In the past, I just had all vbs files removed from the win
directory, but that impedes you from doing certain things
offline which are useful.

And when you are using a full-featured browser, there are many
more way to mess you up than a vbs script. Curse the damn WWW.



--
"Well, Steve, I think there's more than one way of looking at
it. I think it's more like we both had this rich neighbor named
Xerox and I broke into his house to steal the TV set and found
out that you had already stolen it."
Bill Gates to Steve Jobs, around 1983
 
Ad

Advertisements

T

thanatoid

Nah,that's *way* too easy :)
You are SO amusing.

From the first result which I suppose gave you a big hard-on.
(And the ONLY relevant one, unless you need to get something
removed from your asshole):

"Access Denied - JSWare

   You may have arrived at this page if you are using "download
helper" software such as Download Accelerator, Free Download
Manager, etc. JSWare.net is designed to be accessible to all
without requiring cookies, Java, ActiveX, Flash, etc. Even
script is not used at JSWare (except as needed with Internet
Explorer to remedy IE-specific problems). But "download helper"
software is not welcome. Please use a normal browser for
downloading files.

   Further explanation /here/."

Of course, "here" leads to the same page. And I am NOT using a
download manager.


--
There's nothing here to attract existing fans of either bands.
Instead, all [Rhino's compilation] "Total" does is to reinforce
the idea that Joy Division/New Order was a hugely exciting
source of music between 1978 and 1990 and New Order has been a
pitiful shadow of their once-visionary selves ever since.
John Meagher, The Irish Independent
 
L

Lostgallifreyan

FileHound
Nice. I'll try that. I hated ReGet, etc. I usually use WGET now,
commandline... Or, when I need something that is not only polite and
ruthless, like Edward Woodward in the Equaliser, but acts a bit more Daniel
Craig's James Bond, I use Net Transport, that can do multisegmented downloads
for best speed where individual lines are limited in bandwidth by the server,
or where a line keeps breaking down. In these cases, WGET will always get
there, no matter what, but not fast. FileHound looks like it might not do
multisegments, but it does look nice, and might replace WGET for me if it
works as clean as it looks.
 
D

David H. Lipman

From: "Lostgallifreyan said:
Nice. I'll try that. I hated ReGet, etc. I usually use WGET now,
commandline... Or, when I need something that is not only polite and
ruthless, like Edward Woodward in the Equaliser, but acts a bit more Daniel
Craig's James Bond, I use Net Transport, that can do multisegmented downloads
for best speed where individual lines are limited in bandwidth by the server,
or where a line keeps breaking down. In these cases, WGET will always get
there, no matter what, but not fast. FileHound looks like it might not do
multisegments, but it does look nice, and might replace WGET for me if it
works as clean as it looks.
WGET will work as fast as the bandwidth allows. It also can emulate any User-Agent and
Referrer string.

Nothing can replace WGET. I use...
GNU Wget 1.13.1 built on mingw32.
 
L

Lostgallifreyan

WGET will work as fast as the bandwidth allows. It also can emulate any
User-Agent and Referrer string.

Nothing can replace WGET. I use...
GNU Wget 1.13.1 built on mingw32.
Hell yeah, I'd never throw it out. :)
I use this in a batch file:
SET UA="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.1.4322)"

Never needed the referrer, though I imagine some pages demand one to match
their expectations. Usually better to have none, as most just look for ANY
referrer as proof of offsite linkage.

I noticed that Easynews connectionc can start slowly, and if they do not rise
to about 300 KB/s they'll fall to around 42 KB/s and not recover. When I'm
impatient I abort, and restart WGET. (Using -c to continue, resume...) I
haven't looked at WGET in enough detail to see if it can detect this problem
and auto-retry to persist in seeking fast server lines, but if it can, it
proves itself yet again. For some things, multisegment down load is crucial
though. The problems solved by that are easily solved by any program that can
download multiple files, but if ONE big file is causing trouble,
multisegmenting is the only way to get multiple lines to that file. As far as
I know, WGET can only do one line at a time, no matter what. But I often use
up to four instances, each with its own list. :) That makes fast work most
times on Easynews...
 
D

David H. Lipman

From: "Lostgallifreyan said:
Hell yeah, I'd never throw it out. :)
I use this in a batch file:
SET UA="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.1.4322)"

Never needed the referrer, though I imagine some pages demand one to match
their expectations. Usually better to have none, as most just look for ANY
referrer as proof of offsite linkage.

I noticed that Easynews connectionc can start slowly, and if they do not rise
to about 300 KB/s they'll fall to around 42 KB/s and not recover. When I'm
impatient I abort, and restart WGET. (Using -c to continue, resume...) I
haven't looked at WGET in enough detail to see if it can detect this problem
and auto-retry to persist in seeking fast server lines, but if it can, it
proves itself yet again. For some things, multisegment down load is crucial
though. The problems solved by that are easily solved by any program that can
download multiple files, but if ONE big file is causing trouble,
multisegmenting is the only way to get multiple lines to that file. As far as
I know, WGET can only do one line at a time, no matter what. But I often use
up to four instances, each with its own list. :) That makes fast work most
times on Easynews...
WGET is a core component in my Multi-AV Scanning Tool.
I use it with KiXtart scripts for downloading malware in batch mode. Even Apple targeted
malware that requires an Apple related User-Agent or those that require a Refferal string
and often with a local proxy.

--execute=http_proxy=http://PROXY_SERVER:PROXY_PORT_#/

I don't have an EasyNews account but multiple "other" NSP accounts and I'm not sure how
you are using it with a NSP account.
 
Ad

Advertisements

L

Lostgallifreyan

I don't have an EasyNews account but multiple "other" NSP accounts and
I'm not sure how you are using it with a NSP account.
Easynews have a web service. It's recently been erratic, and on large files,
WGET would be more helpful if it could handle multi-segmented downloads, or
detect a slow line and force a new connection till it was satisfied by the
service it got. (Retrying up to ten times perhaps, count to be reset any time
a good line was lost to another bad one, so that only if things were
deparately bad would it quit flogging a dead horse).

(Re referrers and user-agents, several browsers can change those, and
Proxomitron is especially good. I'm going to reinstate that here after some
absence because it's so much better at cookie filtering than most browsers,
and is browser independent too.)
 
J

James D Andrews

Mayayana embroidered on the monitor :
I posted this in the IE group, but not many people
go there, so I'm posting here as well.

Announcing: An updated version of a free tool.
The IE MD (Internet Explorer Doctor)
SNIP

I have an Internet Explorer doctoring program. It's called Firefox.

--
-There are some who call me...
Jim


"Facts are the enemy of truth."
- Don Quixote - "Man of La Mancha"
 
C

Char Jackson

Mayayana embroidered on the monitor :

SNIP

I have an Internet Explorer doctoring program. It's called Firefox.
FYI, there's already a popular web browser by that name.
 
Ad

Advertisements

T

thanatoid

FYI, there's already a popular web browser by that name.
Are you trolling, or are you really THAT humor-sense deprived?



--
There's nothing here to attract existing fans of either bands.
Instead, all [Rhino's compilation] "Total" does is to reinforce
the idea that Joy Division/New Order was a hugely exciting
source of music between 1978 and 1990 and New Order has been a
pitiful shadow of their once-visionary selves ever since.
John Meagher, The Irish Independent
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top