Security, Patent Tweaks For Internet Explorer

Microsoft this week has updated how Internet Explorer 6.0 handles ActiveX
controls, bringing it into alignment with IE 7.0 and the Eolas patent-infringement suit.

The update, which affects Windows XP and Windows Server 2003, removes the ability for ActiveX controls to be run
automatically. Instead, users of XP SP2 and Windows Server 2003 SP1 must
manually turn on the controls.

The beta version of IE 7.0 by default
disables ActiveX commands.

The changes were described as “minor” and having “little or no impact
on customer experience,” according to a Microsoft spokesperson.

“The purpose of the update is to provide IE 6.0 customers with the minor
changes to how Internet Explorer handles some Web pages that use ActiveX
controls,” the spokesperson told internetnews.com in an e-mail
statement.

The change comes just months after Microsoft informed developers that changes to the browser were on their way.

At the gathering of Web
publishers and advertisers, Michael Wallent, general manager of
Microsoft’s Windows Client platform, described the alteration as “an
almost invisible change,” internetnews.com reported at the time.

As previously reported by internetnews.com, Wallent said the
change would be included in future versions of IE, but it could take
four to six months before reaching the majority of customers.

In 2003, Eolas won a $521 million patent-infringement suit against
Microsoft.

Eolas in 1999 sued the software company over the automatic
launching of ActiveX controls. After the court victory, Eolas asked the
court to bar further distribution of IE.

To counter the possibility of any prohibition of the browser,
Microsoft responded it would change how ActiveX controls are enabled.

“Now when an end user goes to a Web site with ActiveX controls, before
actually interacting with the control, they must first click once to
activate it,” Wallent told the group in December.

The IE 6 update follows a two-week old patch to correct IE 5.01. That
fix addressed a problem with the Windows Metafile, possibly enabling
attackers to take control of the computer.

The update is available through Microsoft’s Download Center or
Windows Update. More information about the update is available from
Microsoft’s support Web site.

News Around the Web