The clicking sound that Windows plays when you click on a link in Internet Explorer or open a folder in Windows Explorer can get annoying. 

Here’s how to disable the sound in Windows XP:

1. Click Start > Control Panel > Sounds and Audio Devices
2. Click the Sounds tab
3. Scroll down the list under Program Events. Under the Windows Explorer section, highlight Start Navigation.
4. Under the Sounds box, select (None) > OK, close Control Panel

Here’s how to disable the sound in Windows Vista:

1. Click Start > Control Panel > Sound
2. Click the Sounds tab
3. Scroll down the list under Program. Under the Windows Explorer section, highlight Start Navigation.
4. Under the Sounds box, select (None) > OK, close Control Panel

You should no longer hear the clicking noise when you select links in Internet Explorer or open directories in Windows Explorer.

The  Internet Explorer nag  This page contains both secure and non-secure items. Do you want to display the nonsecure items is sooo annoying.

To disable this popup in IE6:

Tools > Internet Options > Security 

SANS has reported a Microsoft IE7 0-day expoit that is now in the wild. This vulnerability is not adderssed by the forthcoming December 2008 patch Tuesday releases, or by the MS08-073 patch that was released on 12-09-2008.

Analysis shows the current exploit checks for the following conditions:

The user has to be running Internet Explorer
The version of Internet Explorer has to be 7
The operating system has to be Windows XP or Windows 2003

SANS has not yet confirmed if other versions are affected (Internet Explorer 6 or Internet Explorer 7 on Microsoft Windows Vista).

ThreatExpert has a very nice overview of the modifications the exploit makes to compromised computers.

Additional Resources:

ZDNet Security Blog
Secunia Advisory

Yesterday I wrote about how to create eDirectory SSL certificates with alternate names to use across round robin DNS load balanced web servers.  Today I’ll discuss how to import the Organizational Root CA certificates into Internet Explorer to get rid of the Security Alert pop-ups.

To begin with, only a few Trusted Root Certification Authority certificates are included in Internet Explorer or any other web browser.  It wouldn’t be practical to include every CA, so the browser authors select a few of the most widely used CAs to include with their software. Unless you work for Verisign or another large CA, your organizations’s Root CA certificate is probably not going to be on this list, so we’ll have to import the certificate on each web browser that will need a secure SSL connection to the web server.

The following instructions were validated with Internet Explorer 6.  IE7 and other browsers may require different steps, but the concepts are the same.

To import the Organizational Root CA certificate from a web server

1) Browse to the https enabled web server
2) At the Security Alert popup, press View Certificate
3) Select the Certification Path tab
4) Highlight Organizational CA
5) Select View Certificate
6) Select Install Certificate – Next
7) Select Place all Certificates in the Following Store – Browse
8 ) Select Show Physical Stores
9) Expand Trusted Root Certification Authorities
10) Highlight Local Computer – OK – Next – Finish
11) Press OK when you are notified the import is successful
12) OK – OK – No
13) Close and reopen Internet Explorer. Verify the Security Certificate is from a trusted certifying authority. This means the CA is now trusted.

To import the Organizational Root CA certificate from a file

1) Obtain the certificate file from your administrator and save it locally
2) Right click the certificate and select Install Certificate – Next
3) Choose Place all certificates in the following store – Browse
4) Highlight Show Physical Stores
5) Expand Trusted Root Certification Authorities
6) Highlight Local Computer – OK – Next – Finish
7) Press OK when you are notified the import is successful
8 ) Open Internet Explorer. You should not receive the security alert when accessing the https enabled web server. This means the CA is now trusted.

Yesterday I wrote about problemswith license keys on Windows XP SP3 installations performed on media slipstreamed on Windows Vista machines.  Today I found Susan’s postthat describes how to fix RWW issues associated with an XP SP3 slipstreamed install – Specifically, not having the ability to enable in Internet Explorer the Terminal Server Redistributable Active X control that RWW needs in order to work.

The solution appears to be resetting IE once the XP SP3 slipstreamed installation is performed.  To reset IE:

Select Tools – Internet Options – Advanced.  Click the Reset button, and restart Internet Explorer.

Cert has a document that show some specific steps you can take to secure your Internet web browser.  Detailed instructions, including screen shots are provided, along with explanations of what you are configuring and what the potential ramifications are.

The document focuses on IE, Firefox, and Safari and includes supplemental reference links to additional content.  They also include links to configuring similar options for Opera, Mozilla SeaMonkey, Konqueror, and Netscape.

Found via ts/sci security blog.

When trying to uninstall Internet Explorer 7 on a Windows Server 2003 SP2 machine, the Remove button may not be visible in Add/Remove programs. Sometimes the button is visible, but clicking it displays the following:

“An error occurred while trying to remove Windows Internet Explorer 7. It may have already been uninstalled.
Would you like to remove Windows Internet Explorer 7 from the Add or Remove programs list?”

KB 948093 explains “This behavior occurs if Internet Explorer 7 was installed on Windows Server 2003 Service Pack 1. Service pack 2 was installed later than that.”

Microsoft’s resolution is to

1. Uninstall SP2 and reboot
2. Uninstall IE7 and reboot
3. Reinstall SP2 and reboot

Personally, if I was Microsoft I would have included step 4, go directly to Microsoft Update and apply all applicable patches and updates, then reboot again.

Suppose your Windows machine has a broken Internet Explorer – How are you supposed to get online to download patches and utilities to fix the problem? Use the built-in Windows FTP tool to download Firefox from a mirror site!

This was found on the SANS Internet Storm Center web site:

To start FTP, click Start – Run and type cmd to launch a command prompt

From the command prompt window, type the following commands:

ftp ftp.osuosl.org

User: anonymous

Password: {your email address}

cd /pub/mozilla.org/firefox/releases/2.0.0.11/win32/en-US/

binary

mget *.exe

(say yes to getting Firefox Setup 2.0.0.11.exe)

quit

Now that you’re back to the command prompt, run this command, including the quotes as the file has spaces in the name:

"Firefox Setup 2.0.0.11.exe"

Thanks to William Stearns for these instructions! As newer versions of Firefox are released, replace the version number of Firefox Setup executable file with the appropriate numbers.

According to Wikipedia,

“HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.”

and

“Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page. Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user’s profile. The advertising industry has denied any other use of these profiles.”

The problem with third party cookies is they are set on your computer by web servers you likely had no intention of visiting, and are used to track your web surfing habits. Steve Gibson’s Security Now! podcast episode #119 has a very detailed discussion about why third party cookies are bad. He also describes how PayPal and DoubleClick have a relationship that allows DoubleClick to place third party cookies when you are logged into PayPal’s secure web site, and why that’s probably not a good thing for privacy.

When I setup a new computer or image I generally block all third party cookies. It’s easy to do in Internet Explorer 7:

Tools – Internet Options – Privacy – Advanced – Override Automatic Cookie Handling – Block Third Party Cookies

It’s not quite as easy to block third party cookies with Firefox 2.x. You’ll have to follow these steps:

1) In the Firefox address bar (where you type the web site address), type about:config

2) In the filter box type network.cookie.cookieBehavior

3) Right click network.cookie.cookieBehavior and select Modify

4) Change the value from 0 to 1

Some web sites may not work properly without the ability to accept third party cookies, so instead of totally disabling third party cookies you can use a hosts file to specify which web sites you never want your browser to access. According to mvps.org,

“The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a Hosts file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.”

You can manually edit your hosts file to add entries for web sites you don’t want to ever visit. Or, you can use a freeware hosts file mangement application such as HostsMan or HostsXpert.

To manually edit your hosts file in Windows XP,

1) Click start – run – notepad c:\windows\system32\drivers\etc\hosts

2) add the IP address and name of the offensive web site

3) Click file – save – exit

If you have Windows Vista’s UAC enabled you’ll have to follow these directions in order to edit your hosts file.

If you don’t want to update your own hosts file and would rather use one pre-populated with offensive web sites, you can download one from MVPS. You’ll probably need to restart your computer to ensure the hosts file is reloaded.

If you experience poor performance when using a large hosts file, try disabling the DNS Client service. To do this:

1) Click start – run - and type services.msc

2) Right click DNS Client and select stop

3) Once the service stops, right click on DNS Client again and select Properties

4) Change the startup type from Automatic to Manual and click OK

Certain computers were getting the “Click to Activate and use this Control” prompt when attempting to view reports generated by an .asp script on one of our software provider’s web server. Even after clicking the new window, the window was blank, as in a totally white browser window. Hitting the space bar or enter key didn’t make a difference.

Both Internet Explorer 6 and 7 users had this issue, but we also had users of both versions of the IE browser that did not get this error. All workstations were XPSP2, so I figured that wasn’t an issue.

I verified all browser security settings allowed for ActiveX controls to be run, and ran Microsoft Update to ensure all the IE browser updates were installed. Next I installed the latest versions of Java, Flash, Shockwave, and Adobe Acrobat Reader to make sure those weren’t an issue, but the problem persisted.

I decided to generate this report, and rather than trying to view it in a browser window, I saved it to my hard drive. It saved as a .htm file, and I opened it with notepad. In the file I saw the following line:

crystal files\activexviewer.cab#version=9,2,0,442

I wondered if IE was using the Crystal Reports Viewer, so I went into IE and viewed the installed add-ons, and saw an entry for Crystal Report Viewer Control 9. If I disabled this control and ran the report, I was told the necessary control was not available… so I had figured out which control was causing the issue. I decided the best thing to do would be to uninstall the control and redownload it.

KB 154850 shows how to remove an ActiveX control, but I couldn’t find the control listed in any of the locations they specified. I resorted to googling for the answer to how to remove the Crystal Reports Viewer Control, and came across this page, which pointed me in the correct direction.

Note that these steps were written for Crystal Reports Viewer 8:

To remove a corrupted, unrecognizable, or older version of the ActiveX Viewer:

1. Right-click the Internet Explorer icon, and click ‘Properties’.

2. Click the ‘Settings’ button.

3. Click the ‘View Objects’ button, right-click ‘Crystal Report Viewer Control’, and then click ‘Remove’.

4. Click ‘Yes’ when prompted to remove the control.

5. Close the ‘Downloaded Program Files’ dialog box, click ‘OK’ on the ‘Settings’ dialog box, and then click ‘OK’ on the ‘Internet Options’ dialog box.

6. Search the computer for the following files and manually deregister them:

CRViewer.dll
SwebRS.dll
SViewHLP.dll
ReportParameterDialog.dll
CSelexpt.ocx
XQViewer.dll

====================
NOTE:

Use the following steps to deregister these files:

1. Search for the DLL file.

2. On the ‘Start’ menu, click ‘Run’.

3. Type “regsvr32 \u” in the ‘Run’ box and then drag the DLL file to the ‘Run’ box. The contents of the ‘Run’ box look similar to the following:

regsvr32 \u c:\myfiles\myDLL.dll

Unfortunately for me, none of the .dll files listed above were present on my machine. Plus, the \u is incorrect – it should be /u to unregister a .dll file.

On a hunch I searched my computer for crview*.*, and found a crviewer9.dll located in c:\program files\common files\crystal decisions\2.0\bin directory. I decided to try to unregister that .dll just to see what happened. To do so, I ran the following from a command prompt:

regsvr32 /u c:\program files\common files\crystal decisions\2.0\bin\crviewer9.dll

I restarted Internet Explorer, verified that Crystal Report Viewer no longer appeared in the list of installed add-ons, and once the control re-downloaded, was able to generate the report as expected!

I guess the moral of my story is that if you receive the “Click to Activate and use this Control” prompt, and all the obvious causes have been eliminated, you need to determine which ActiveX control is causing the issue, then reinstall the faulty control.

[updated 12-21-2007]

KB 945007 describes an IE6 and IE7 update that disables the “click to activate” behavior totally.