HOME

TheInfoList



Click Here for Items Related To - Killbit
OR:
Killbit on:   [Wikipedia]   [Google]   [Amazon]

Killbit is a security feature in web browsers based on
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
's Trident engine (such as
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...
) and other ActiveX containers that respect the killbit (such as
Microsoft Office Microsoft Office, or simply Office, is the former name of a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a ma ...
). A killbit instructs an
ActiveX ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...
control container never to use a specific piece of
ActiveX ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...
software, whether third-party or Microsoft, as identified by its class identifier (CLSID). The main purpose of a killbit is to close security holes. If a vendor discovers that there is a security hole in a specific version of an ActiveX control, they can request that Microsoft put out a "killbit" for it. Killbit updates are typically deployed to Microsoft Windows operating systems via
Windows Update Windows Update is a Microsoft service for the Windows 9x and Windows NT families of operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Wind ...
.


Implementation

A flag in the
Windows Registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and u ...
identifies a CLSID as unsafe. The CLSID (a type of a
GUID A universally unique identifier (UUID) is a 128-bit label used for information in computer systems. The term globally unique identifier (GUID) is also used. When generated according to the standard methods, UUIDs are, for practical purposes, uni ...
) acts as a serial number for the software in question. It must exist for each piece of software that behaves as an ActiveX control. If an ActiveX container finds that the CLSID of a killbit entry matches the CLSID of the software, the software is blocked from running in the ActiveX container. If a vendor wants to release an updated version then they release it with a different CLSID. Internet Explorer's HTML application host also respects the killbit when processing the OBJECT tag in HTML, but not when processing scripts in HTML.


External links


Microsoft KB240797
''How to stop an ActiveX control from running in Internet Explorer'' (August 24, 2007)
Microsoft Technet
''The Kill-Bit FAQ'' Internet Explorer Microsoft Windows security technology {{security-software-stub