Microsoft enables settings protection in Internet Explorer 11
Microsoft enabled a new protective feature in Internet Explorer 11 for Windows 10 recently that it introduced for its Microsoft Edge web browser back in November 2015.
The security feature has been designed to prevent third-party software from changing the browser's homepage or default search engine.
Search is a lucrative business and it is no coincidence that companies try to push adware or third-party tools to user systems to modify search providers.
It is not only adware that does that, legitimate businesses, some that produce free antivirus solutions for instance,Â do the same thing but mask it behind a seemingly useful service.
Users who notice these changes have often a hard time undoing them. Not only do they need to know how to undo the changes, they also need to make sure that the software that caused it is not running on the system as it might modify the settings again once it notices that they have changed.
The protection that Microsoft implemented for Microsoft Edge and now also for Internet Explorer 11 on Windows 10 blocks the injection of DLLS in the browser unless they are signed device drivers or Windows components.
DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked. â€œMicrosoft-signedâ€ allows for Edge components, Windows components, and other Microsoft-supplied features to be loaded. WHQL (Windows Hardware Quality Lab) signed DLLs are device drivers for things like the webcam, some of which need to run in-process in Edge to work.
Internet Explorer 11 users benefit from the implementation right away. The only thing that they may have to do is install or pick a search provider that they want to use. They can rest assured afterwards that third-party programs won't be able anymore to modify the search provider or homepage of the Internet Explorer web browser.
Microsoft published a help page highlighting how homepage and search engine are modified in Internet Explorer 11.
Changing the homepage
The homepage of the web browser is changed in the Internet Options.
- Click on the tools icon in the upper right corner of the screen and select Internet Options from the context menu that opens.
- Find Home page on the General tab, and remove or edit existing urls, or add new ones to it. You can click on the "use current" button to make the page currently displayed in the browser the home page.
- Select Apply > Ok to complete the process.
Changing the search provider
The search provider is changed in a different way.
- Click on the Tools icon again in the upper right corner, and select "Manage add-ons" from the menu.
- Switch to the Search Providers listing on the page that opens.
- Select the search provider that you want to use. If it is not listed, click on the "find more search providers" link at the bottom to install new providers.
Browser developers are finally reacting to the -- often unwanted -- changes that adware or third-party software make. Microsoft's protective features are only available for Windows 10, a strategy the company seems to pursue these days. (via Desk Modder)
So it’s just a scam. If DLL is Microsoft signed crooks will still be able to inject anything they desire. How hard is to get DLL signed by microsoft? I wouldn’t trust any DLL signed or not injecting crap into my browser..
Please correct me if I’m wrong, but I think MS needs to be able to inject DLLs also to update the browser itself.
And anyway I think that up to now everybody (not only MS but also anyone else) could inject. And I don’t think MS will grant this possibility very easily.
thats what con artists would say: we are urgently need to update your browser (with new homepage to crooksRus.com penis enlargement pumps)
lets face it – microsoft is just one huge festering sore waiting to be ENRON’ed or FORD’ed or ETC.
Signing is by a cryptographic key/certificate that is used at compiling the file by the programmer. Nobody (is/should be) able to use their key/certificate but Microsoft.
Doesn’t say much tho, the crooks will just automate the edit by some AutoIt functionality or w/e.
There is always a way around it. Windows isn’t build for any “real” security anyhow.
“C:\Program Files\Internet Explorer\iexplore.exe” http://www.GRAMPASTRICK.com
There. Broken it.
@ Martin: You can read German? Cool! To understand that original [email protected] deskmodder.de, I have to use Google Translate.
And, seems that Microsoft is only providing the download of “Internet Explorer 11 for Windows 7” to us. Where can us find the said “Internet Explorer 11 for Windows 10”?
Anyway, I will try changing IE 11’s homepage by installing adware later, for testing purpose. LOL
Internet Explorer 11 is included in Windows 10. You can run it from the start menu for instance.
This is a welcome if belated fix, although most of the more comprehensive security software already include these protections.
Belated is hardly a word I would use……it’s something they should have done over a decade ago.
However, it’s not really a “fix” and malware or the programs can just hijack the browser shortcut (either in the registry or the physical short cut) to do basically the same thing. Just more “legitimate” programs will have a harder time doing it.
There are many malware/Trojan/adware programs that does that sort of thing, but also inject the *.dll files into the browser to run.
It is a good gesture but faking a digitally signed *.dll file has been done multiple times in the past (see http://www.symantec.com/connect/blogs/malware-using-fake-certificate-evade-detection for a small example or even an older one: http://www.webroot.com/blog/2009/12/15/zero-day-malware-drops-payloads-signed-with-a-forged-microsoft-certificate/ )
The process may be harder than before, but it’s still possible to do.
You know that everything Microsoft, Google, Mozilla and etc. does to try and protect you, there is one thing they can not do and that is protect you from your self.
You are right. I have seen this before on a friends girl friends computer. Internet Explorer 11 browser shortcut was hijacked. If people allow some of this stuff to come in through downloading and etc. your programs are not going to beg you to stop. They may warn you but not beg.
It comes down to layers of protection and you.