Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

IE8 and 'Killbits'

I was reading up about IE8 Beta 2 yesterday, and I came across an interesting post about how ActiveX controls will be handled in IE8. The part I found interesting:

If a vulnerable control has been exploited, IE has included a poison-pill option—the “killbit”— to block usage of specific controls within the browser. Vendors who are aware of a vulnerability in their control should contact Microsoft to setup a killbit for a future software update package. For more information, please refer to Knowledge Base article 240797, How to stop an ActiveX control from running in Internet Explorer.

I think that's pretty awesome. If a vendor doesn't want a vulnerable control affecting their users anymore, they can have Microsoft prevent it from loading beyond the current measures they have in place. Maybe Adobe can use that to kill the versions of the ActiveX control that keep crashing IE7.

[via Neowin]



  • Adrian said:

    So what happens when the first piece of malware comes along that launches the killbit against the killbit software? Or the killbit against the Microsoft update ActiveX component?

    May 27, 2008 7:54 PM
  • Simon said:


    >Or the killbit against the Microsoft update ActiveX component?

    Apparently you've never used Vista.  Microsoft Update is a desktop application rather than ActiveX in a web site in Vista, and I *highly* doubt they'd switch back to ActiveX in Windows 7.

    May 28, 2008 1:25 PM
  • Dileriums said:

    Still the question remains, what if some malware come in the form of killbits? Will there be some "good killbits" against "bad killbits" war?

    May 29, 2008 10:56 PM
  • fr said:

    This isn't new, they have been setting killbits on 3rd party activex controls in the internet explorer security updates for years!

    May 30, 2008 1:34 AM