ActiveX Filtering for Consumers

March 1st, 2011

ActiveX Filtering in the IE9 Release Candidate gives you greater control over how Web pages run on your PC. With ActiveX Filtering, you can turn off ActiveX controls for all Web sites and then turn them back on selectively as you see fit. While ActiveX controls like Adobe Flash are important for Web experiences today for videos and more, some consumers may want to limit how they run for security, performance, or other reasons.

In this post, we’ll show how you can improve your browsing experience with ActiveX Filtering. We’ll walk through how this feature works in IE9 and share details on how IT administrators can deploy this feature in corporations. In a future post we’ll share some best practices that Web site authors should use to ensure that their sites work well with ActiveX Filtering.

You can try out ActiveX Filtering in the Release Candidate using this demo from the IE TestDrive site. You can also see the feature in action in this short video.

Background: ActiveX Controls & Browsing

To display interactive content and video, many of today’s Web sites use plug-ins like Adobe Flash or Microsoft Silverlight. “ActiveX” is the technology these plug-ins use to run inside of IE. Like other add-ons, they are essentially Windows applications that run in the browser. Poorly written add-ons and ActiveX controls can therefore affect IE’s performance, reliability, security and privacy in similar ways.

Some controls may be used to display undesirable or malicious content, preventing you from having a good experience when viewing a Web site.

Some consumers are concerned about the potential impact of ActiveX controls and would want to limit them to run only on Web sites where you need them to view the content. ActiveX Filtering is a built-in, more generalized version of browser extensions like FlashBlock and ClickToFlash.

Introducing ActiveX Filtering

With ActiveX Filtering, you choose which sites are allowed to use your ActiveX controls, while all other Web sites cannot use them. ActiveX Filtering helps limit the impact that ActiveX controls have on your browsing experience since the controls can run only on specific sites. ActiveX Filtering also prevents Web pages from showing potentially unwanted content that relies on ActiveX controls.

By default, IE9 does not filter any ActiveX controls on Web sites to ensure you experience the sites as intended by their authors. If you desire increased control of ActiveX controls while browsing, you can enable ActiveX Filtering via the Tools menu:

Once you enable ActiveX Filtering, IE prevents ActiveX controls from running on all Web sites. When you visit a Web page that contains ActiveX controls, notice that ActiveX content is blocked from loading on the page. IE displays fallback content chosen by the site’s author if it is available.

Instead of displaying a prominent notification prompting you to install or enable controls, IE stays out of the way of your browsing while it also makes it easy for you to turn off filtering when you need to. IE displays an icon in the address bar to indicate that some content has been filtered on the site.

If a Web site contains ActiveX content that you want to view, you can turn off filtering for just the current Web site. When you click on the icon in the address bar, IE displays the fly-out window:

You can click “Turn off ActiveX Filtering” for just the current site. Once you take action, IE refreshes the Web page to ensure that ActiveX controls are properly instantiated in place of any fallback content that was originally present on the page. ActiveX controls from other Web pages under the same domain (in the above case, will also be unblocked.

The icon on the address bar changes color to indicate that you have turned off filtering on this Web site. After you’ve finished viewing the content, you can turn ActiveX Filtering back on by clicking on the icon again, which re-displays the fly-out window:

The address bar icon and fly-out window are also used for the Tracking Protection feature. If you have installed a Tracking Protection list you may see this icon appear on sites that only contain content blocked by Tracking Protection. In these cases you’ll need to launch the fly-out window to determine what content has been blocked. If you want to reset all the exceptions you’ve made for ActiveX Filtering and Tracking Protection, you can use Delete Browsing history. Be sure to select just this one checkbox:

ActiveX Filtering for Managed Desktops

Administrators can deploy ActiveX Filtering for their organizations easily by setting a group policy. The feature is disabled by default for the Local Intranet Zone so that intranet Web sites and LOB applications can continue to use ActiveX controls without disruption, and can be adjusted separately for each security zone.

Try it out!

To have a trustworthy browsing experience, it’s important that you are in control of the applications running in your browser. With ActiveX Filtering, you can now browse the Web with more control of your ActiveX controls. You can easily turn on the controls on sites that contain ActiveX content you want to view. This feature successfully limits the content that is allowed to run ActiveX controls, thus minimizing any potential performance, reliability, security or privacy impact on your browsing experience.

We encourage you try out this feature on the Internet Explorer 9 Release Candidate today, using the demo available from the TestDrive site. Please let us know if you find sites that don’t work properly with ActiveX Filtering. We look forward to hearing your feedback through blog comments and the Connect site.

—Herman Ng, Program Manager, Internet Explorer