Windows - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Windows


Windows Vista Gets ActiveX Installer Service



 By: Ryan Naraine
2006-06-20
Article Rating:starstarstarstarstar / 45


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
Microsoft plans to add a brand-new feature to Windows Vista to allow businesses to load ActiveX controls on systems running without admin privileges.

Microsoft is adding a brand-new feature to Windows Vista to allow businesses to load ActiveX controls on systems running without admin privileges.

The new feature, called ActiveX Installer Service, will be fitted into the next public release of Vista to provide a way for enterprises to cope with the UAC (User Account Control) security mechanism.

UAC, formerly known as LUA (Limited User Account), is enabled by default in Vista to separate Standard User privileges from those that require admin rights to harden the operating system against malware and malicious hacker attacks.

However, because UAC will block the installation of ActiveX controls on Standard User systems, enterprise applications that use the technology will encounter breakages. ActiveX controls are objects used to enhance a users interaction with an application.

Microsoft introduced the service at the TechEd conference in Boston and said it will be an optional component on the Ultimate, Business and Enterprise SKUs of Windows Vista. The service is expected to debut in Windows Vista RC1 (Release Candidate 1) and will only be enabled on clients where its installed.

Resource Library:

Read more here about Microsofts plan to make UAC less annoying in Vista.

In an interview with eWEEK, Microsoft security chief Ben Fathi said the decision to add the ActiveX installer was a direct result of demands from beta testers. "The feedback we get is that UAC is great but, in the enterprise, there is a legitimate need to install applications on Standard User systems. We had to create a way to safely preapprove applications without the need for an admin password," Fathi explained.

Fathi, a corporate vice president in Microsofts Security Technology Unit, said a system administrator can go into a console and define a list of Web sites and applications that are preapproved.

Steve Hiskey, lead program manager for User Account Control in Microsofts Windows Security Core group, said a Group Policy mechanism will be provided to set up a way for the designation of Host URLs from which standard users can install ActiveX controls.

According to an entry posted to Microsofts UAC blog, the ActiveX Installer Service will consist of a Windows service, a Group Policy administrative template and a few changes in the Internet Explorer browser.

Before installing the ActiveX control, the Installer service will check to see if the Host URL of the CODEBASE is defined and listed in Group Policy and if it is allowed. If the service policy permits the install of the ActiveX control, it will create an instance of the Internet Explorer ActiveX installer object to be used to install the control.

If Group Policy does not specify that the ActiveX control is allowed to install, then the default Windows Vista behavior is resumed: An authentication prompt is required to install an ActiveX control.

The authentication prompts in current beta versions of Vista have been criticized as a major annoyance, prompting Microsoft to announce several significant tweaks aimed at reducing the number of privilege elevation prompt pop-ups that appear to the end user.

In Windows Vista RC1, Microsoft plans to make changes in the operating system to create safe scenarios for the Standard User account to accomplish tasks that used to require a privilege elevation prompt. It will also apply application compatibility fixes, called "shims," for applications that need help running as Standard User.

Fathi said the company is also considering automatic shimming for legacy applications that may never be changed to work with the default UAC settings. "There are line-of-business applications that will never work with UAC for a variety of reasons. Maybe they dont have the source code anymore or the person that wrote that code is gone. There are hundreds of these applications out there," Fathi said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Windows Vista Gets ActiveX Installer Service
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By Ryan Naraine
 


xv㶲 ;^+(}LQvKd[nkmy[v:ҢHHbL$KgK?gK3~UxӅ|8gIPBP(@ggOD019wE1>=zk;HRsgL#4rJ:AF#:,t}w5k99rMz>;|9|@vD%j'ACm3c{zcW6ژ2z9m2 fE63& VI-6r!%I?K Q{;iEGaco~{Xe376m( Cx X^P~FD;ǎ5{N̚?<3τPcw0}rhP;U{aUh /\1r.bL{y74_ *YsDƞ4ICsd!LJN`:t,#G^A]ݱȒRE͌iAw4Ԭ=kSzcG 3G(&$gtjv?ĭ?(Q IfaS ̋g?LGN؎MEnڏe[پtjsfOffbdKHU& } Tw<-0;DL<:j/yÙ[~i ́uV(JP+www;6;2ٽSugFo?;+TU-罋eu7Z}m9ECq9'}r>;{'׼ ;A:7@m&37`jLTV*b`d" P}bCGY:5=(G~W-RX@vIna>E4b™EQ udN,?[U&U}Y6f0R*CA-t?#[Srq}r|tqݹ8^I?w=d/#t:+?fV'Z-oj 6O{:$O-rK=jiT뒒{qM&usDr,_dL~=ퟟCf&j ͒EB_;X_KG)H7#ǚ M2ȔSHu t9~cIJ^筱J+҄j 9BA`̼m䎀R49ȡ8蟉$m4@r1XSl؅ R捇oBiO{e ,}PEtBAͨO ${3BDȭ`g@ BD4?CzC0&pt/ݜ~ .΃aw9Q] \M޼G <7Oڭ1]v/z]tZ0*>cq4Y`N-. 8ù:mn:J=6k_)CR/JG'-dj`qaeJݠ#mfywς@ tiSM|>96m'!|Аd mxZ.S3IXn`NthQpy4ڭ,%_ >< )FNj$ i-DCw 0Ieg&S yK ΝdrkoM~(wIPj>X^0 vjq.HpyY?Df>o  ޜj M L<ģL޻x?ɜK) Xt ŊI^OHX)Vpp(7ݞH:s@)%s㙰\J٣XB YX/_23CCɴX9{DMfT`B[ụDKak`F\JQ-DzMCAӀIQT;R JACzT"/ğw8MұG`?^0~)iBI ?,xpoFnB?5fѪ)jM&=-f ӛeSZԛ01EMdk6q?a M l4T)fhFfO ~-gfr w,{t?8GcNEi[Jι/7N/n^ßf1d_w\ճ&AB glCC2{ڡ[Z3Rraw{*{j *)’pdrKw͸^`"3hqNNRЙB#@9zQYUo)<4^KՕ݋$/gcP.ourqO[&ނy 0pZZE"b j7{\\2,# l,>D4~hN/a2*)WOw]86p#>{+EE.OLYZf<[ꁪ+RY;7l ʸSIjHirir6ȃX`iwh?<<fq'Xit+@9Z'uTHbp=Pz˸hFq,@XĞ=8]%0uM͞_X⚲+]9e&@0oʱ{Luzh< VȴO*4wҵJ)كYk+H +BQQb?$i?怚H|A2exL,Z`_9#Dzlʠ7Hr]t)ernڳh& 'zqD*˜,Za秚+F5GaNj~Sc43[䊻!`Pjcfpu MTnglQIBmmbPI0])Xk±&>,<<+ڂh0@  ~HLbV46\,0|,W*Uˈ`n+V/(% 7]@.&D~?DNQ}G=.C+DÜU^f/$jXUcrxɡV\=()j8+|%ZAg~~Ļ8 iߥ: 9pF#~y090NTFe Yk%fsLdENԴG*5P6>*0nG<K$XFj} :ZQa/Y+t m(5# #2pgrh)j*WvjOh#WX[ў#WX tV ЛiQvkVѢ Ն'yϤMpR|9yM>q 7poj)ŏ@;(1kRaJ&2¸_v^Iў@>b0halJwֺXA8fSqlGYV:Uq]t3Mb>Ҁh k03RiȊ +> 2&ZQRjOsGLpZ]Qd:)nQ==Օћn@h#&w}Arl(UJZVJȹi#gD)UjJyeѓ%O.'-U*j^ YHX9H(P Yx[!6E!,8{Je%[ yr2=QZaǰ^X+= WkݷK( -$P) WAhx/O00<ŠqRt,Ja?v~OIQe'݋t:}A̫{~x;݋}:Lpڏ2 ﵲ{%< 87squ,Z>~~8:m~1} L@IP 4#7= ikCOu|ܹ ]wᳳI? `yBn=p[W:KGݳ?w@:m)^{)z0:|gQ2atݺ F>n48Z&IyD)cxHύ ^!uBE\W+,r=uXMr! }%=Cɢ+hO~;K^+,k 5?̀o$ÃXP8,׀zB,2q]D:KY96P^S QWÔgԢᬖ^}Vy;AtH1f<<Lfd'y/wг*zUbݩmbz;x.9wv6x}y:b1 ?ݞneټܱ?jw`;操~;j9vЛS큌qj `ֳs;[Q r'x"64lywy# x~4qj\Ƙ990mY?yxXT3mD1C'~.OA 6̯> H-@V޼=0GoQwp]Qz ACvk~挜71n;z{w6`4tͥovV<}'i?vݷ;޽ܶi ,F}d3tT0hAhflOoC]`l]sTx:o~<ˤa ]ek{*){7wo]VZtC.qBn&d/.%y j OKt1ڬ/ۥ{H,+YXxlQWgo ? '|ȞF8^j[Cxxg,d9a}30[ɱ-Ι2HB%Feuw#S''Sc3HF#%k&ϖȱmF @|Րg ;a6r*|b \<E W^L7⎍zkQy}|x|SqZ'+o' g|o#'_M_j S&5ŷ!o4y˭0LT/7rK[^]l؍o%n!өi*2o-]svFlCOR6(wD]dm[& 0| WͲșbH'֢mj0ӗQĖɂBªDzWM(e 5 ;υbջx( Kck^&N0ruyUTFRx(ON {3]7X'c!x̭PUIt.6=,Fзߩ6>;$zDn "1vc ({2bh]LDxcȜc p2¸cyjJ99ٝs$&?"'-~v/n!+'&f+O;,YMk8L TR gikuYDZx:?;ˌ23's>QOb` {$D\;n)R5,yDdId+A$ŕBCye"=Cho$#R^Jnoe3sr<n(jl)*[A,w3" <X#;ྫྷY &x޵qbyi6NZ8C-'^-jf6Gâg@v{jay'Pybwv/YP⋧ٍ"&Lbg&Z [de6C4me0jYؐGj򖮨ig4SOMՁ` ~$0F sQVJB}3Ct7DY v6ߨBU*$Uy<sRK _%E d0G_#5X!LtY[ vEʦ]|0G8 P!2Njٶa  #V@$UXodsÊH)[!D S2stq Ƅԛ%P1ұ=3RTjJEm y+[! {VBV^yFz5V[ERMٷ\8IZYw|KGFԖe)ժr/iENH$lWFcܴ#ت)[U^L+JG W6Či(p'+WTVJ>$1b :xS>L 1Ti>du$tߑΜ[k f 8bu\.{m9B!.K\taݥV #X)( a}[[[[[Tq(<-ƗǵKRǠTQe~%pE1w~l#x?|%okeaTXHs ݓ'{#قЏâ=$akbȽ͖!С0+W6O#OHQ7dwm{$< ][-Pя^ d£ ^ƫN:;c׆a/4zE.'R^/U+ƍ7rra $l/H)y L؟fL瀲!'>pUZ ܗP%'v#_ = LY{Z Xӆ ?L+QĒJԅo2eh`\Sa!̾t_u'WҤ ''ތ7_8ngzz5j5V9~HzxwwwwwVւ_[+ZaqG]@{iP̦_ge'gR?b"͍}kYsK{g`u+_ KtC a^?k7:7QXB\]tԟ EXuۤܖkn3k/B=0 ġF2|)͍~kZ*vĂ17◎T6cu3v-a:B":ɘEKkWP >v`E(n?JRkͺO<2 5Ca~ΨjZT`wa ˯Dz5yGlG/YwUO:GkjѤX+QonʷP&LilגIE}#- >h@0| C|Dp59lM(Zlk[ҭ&ef gkl~ꙹC|],˷S5{s' w-%c {$"?'.L+\@W{w 7́ZGO#oveM QF=6۬7o-vJcev嵙=n{{7i `Wݰ:pXEYw0m5m,),@*eIX 5}5'7>'Z=W/%4C2Ċ@a+IiqlrN_NML4sKx (Y0E7{5 2Zr@<cн9>u]L~[4C?k~~/u~aG}3 Xle'I4b'C &Hm~0/ CǜŒiO5^Q?G7)U6Zgsnbu+\*@,vaU)ȁc*1Lwf6 T9E'96i> K]Y a C^( #%1wԤ{c8fgc8RF%5x#  A?RJ-9"@Ÿ *$"R./> 0?B,Tw<8 h#8XҲwoôwa8F F(dѴB.]sI T\r^::XuZ.˘x<&f@]3&tME*ނ0HuPeэA UP+$Tz0c״|Z.mU3#6j=!vӚ ׶j=!vѺv̈́0|W@O[jkwghDPU(e.(~.dtlQNaDXX5>HPNX ~==,10l˖C/0Ƹl4ܵ4qded3% uD}#i Ɠ,t:s2NDB r ݫ?RRmF 96z_`yZܞ\YrVgҴxfVؖmmq.9f;)J\#%&0rٚmj{6A`ut KuSi~RBn$**=9`Vǘ7Z;.,|Tbtb bZ#ZIHhJ\v{_%ʄ}@~01\TcЍB)˪M;InP}wY?e=` '34/x{~ B{V}{N5dM,;\|U:i|%wҹfZ,w}17Ȥ`(8NG}xXثTD~*N ̋Lt4*&:;m[A=~?vDLRO˦\q\؀!,D||z['Ae}H?Km1nq+62s1 p7,f9#Yo_*!K2P_{ou&.[4>(4eT@ CO 2[Y»Oc0Σo@rK$ET&}nA??'~?UKL)awSY,|+R0cE)'u/ezs=M蕴B9^Ȉp/Y"#&O=lFLf r5[g_IUMz{GW~{Agk< m-[8Z?V99^~9\/:}F1y?Ky-m2/*vg(P\NQʩvoQ{̵,,^;KKvY Gcq~#g |(;5U6rUzq &6iCUSp:/kj8ٙ%oK#CE@Цo1 mFIc p!>EG}ҽh皡IJ/΀2?Bnjߠ+(Z]~NmewQ_]~ 48ngAI}>@?d'(kvVwsqF9?t.2ʡ{_3fy,@ }3sgy2zg(Q~ dCyF9E^\dEu݌wAt3OK7C\\f%U^=_埀>eg(U}3s::3/9IR< 9k]K0kfK"*SV9,.N2P*(Xi7Zee+\W~ y{'sg#Q8^a(芪g-U噗fZ+ Ǹjuv^_@%KH0e^ڛT}GP npKxEó#"htoĶ.b!Iy=0?%Mu{,1پWߕ\*ܼ}:QOkXE)9s8W0fY kS }}b>s2 'գ,C;HߪxĻO%ݞ܃辊r m>v3yE]^&\ŠMC7aoa Jö`ZG;o=2dj Y }b)049 hm=ƾw<Ak_M#x u1t[ {wF˹fU:h0o?53]^L:χ~Z 9ޮgnpw1Q6`:})}c)1sy[lty7𜙄tꐾN=qX|1h_u$|n5V$1x_&05:%,-3Zfr{^f$W"nrG33$\ؓǀJoē}ܹlY8=ۚ9t؆"u]3EK~/x\ Hv2}BM_j&J2jxYg~1'~-pIdh/ 0{QBn`Xr{HI̴g,v;d̏ I3)L}5cm\$aBcM=؊rb{PNˍ$a^>Wdg Ag|bhMxXe7ĹM&$tp;й;6M(A#{+2‡_j v.E݉cE\c̈́wspߎeläd{«U/K# E3dưz< .h :BQZ`-ă v,='['_6b Fi&b3@3p6+0 n9SYD:9Am'{'ˉ~/[v4R*4$NS xsEz?_X vH VLt>̂[OulÝg8C# P1қv,j_ԕe`7g~"VCA6p8{g!(_Gk0=5s^nT <+1<&7qEߟ2L\)ԢLSg(\*],1Ał?rLw699 3/&e@EqD'Pvx566s֨Na^|˼KAўXm0w6L%/#]ۚ':K$~Al=du-WrcdK{f:ePyXl+!RmK e$i. qSGg-hwq#b wutKe!.0w:WXU\M)S_5l\TFE[¶":q`xm;<+{**l+k[ȁnTLx뤝9-@J<ٰ޳s+o5Љe6|/O6p2$82epCdkZ 0DqU XLâWqTR:!;/D?8- cL;fcXJ X2!&7O80Ux|-h\l}[Mt,S0#ŸEr,EJ^+d+KWԱ0_^5FElT$¨B=3Ay$O>jA@`U\3zf7ZЮ3q-M&Cga+ecPMYVc.G]L*@<փ W{څGSy6:|,ݐbVS"N$֊rI-9,#efƲ 7cP.Xd-n$oB@wS .xBG,?ɋ|P byx ^ŧ$NS?x@ǩW3.rWa%Pr^k'o?XI/;g_yH%L=C= ɳAF[;O(QFp_R|=^`ghi /=l}ptq,-ӽ:nA0|es!Y7 ~s Wha<y&F{5Vj"<&/(FҢΰ \岞 ZqlwN~늘p6JL? ۔9MR"GZj/%!.zR4զr0>_v=-Mӝ/2a-d4džHkckjѮʃ'