I think the Badour .reg doesn't really have anything to do with this issue directly - it's only if somebody's .exe entry gets messed up for some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine forced prompts for certain extensions, but I am lead to the conclusion that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing worked. One of the things I did do was completely delete HKCR\.exe and HKCR\exefile, but that did nothing. I have *not* tried other extensions than .exe that fall into this category (such as .com, or probably some scripts).
It would be nice if somebody could confirm or specify what it is that disables the checkbox for certain extensions. If it's in the registry, where is it? If it's a file, which one, and which extensions does it control?
Another reason why I think that shdocvw.dll might determine this is that with Outlook 2000 SR-1, they also hardcoded certain extensions into one of Outlook's files, and what one could do afterwards in the registry was limited, as I had described it before, and as it's stated in MS KB articles.
I must say again that a better policy would have been to allow those things to be controlled by the registry, rather then hardcoding things into program files.
My question again: is it possible to request from MS that they clarify this, and if so, how?

Thanks,

Ivan


-----------------------
"PCR" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/asset...s/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:uUwF9$(E-Mail Removed)...
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| "PCR" <(E-Mail Removed)> wrote in message
| news:%23i03If%(E-Mail Removed)...
| Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (E-Mail Removed)
| "cquirke (MVP Win9x)" <(E-Mail Removed)> wrote in
| message news:(E-Mail Removed)...
| | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <(E-Mail Removed)>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|

Below is Badour's .reg. Hmm, it has those "EditFlags" in a different
key-- two different keys. But I suppose the ones you played with were
overriding these. Yet, I think the solution is somewhere in here. How
did you like the .zip download requestor? That had "Open" & "Save". I
think something below must be undone, but not all of it. Then, you must
discover what the Registry entries are for .zip, & put .exe entries
along side them.

REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:d8,07,00,00

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{86F19A00-42A0-
1069-A2E9-08002B30309D}]
@=""

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
I think the Badour .reg doesn't really have anything to do with this
issue directly - it's only if somebody's .exe entry gets messed up for
some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine
forced prompts for certain extensions, but I am lead to the conclusion
that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing
worked. One of the things I did do was completely delete HKCR\.exe and
HKCR\exefile, but that did nothing. I have *not* tried other extensions
than .exe that fall into this category (such as .com, or probably some
scripts).
It would be nice if somebody could confirm or specify what it is that
disables the checkbox for certain extensions. If it's in the registry,
where is it? If it's a file, which one, and which extensions does it
control?
Another reason why I think that shdocvw.dll might determine this is that
with Outlook 2000 SR-1, they also hardcoded certain extensions into one
of Outlook's files, and what one could do afterwards in the registry was
limited, as I had described it before, and as it's stated in MS KB
articles.
I must say again that a better policy would have been to allow those
things to be controlled by the registry, rather then hardcoding things
into program files.
My question again: is it possible to request from MS that they clarify
this, and if so, how?

Thanks,

Ivan


-----------------------
"PCR" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/asset...s/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:uUwF9$(E-Mail Removed)...
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| "PCR" <(E-Mail Removed)> wrote in message
| news:%23i03If%(E-Mail Removed)...
| Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (E-Mail Removed)
| "cquirke (MVP Win9x)" <(E-Mail Removed)> wrote in
| message news:(E-Mail Removed)...
| | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <(E-Mail Removed)>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|

On Wed, 31 Dec 2003 23:15:17 -0500, "Ivan Bœtora" <(E-Mail Removed)> wrote:

>I also remain confused about how the d8 07 00 00 translates into the
>individual settings.

It's to do with how the values are displayed. The x86 processor
stores binary values in memory from the least significant byte to the
most significant, so the order you get will vary on whether you read
this as a series of bytes, or as a larger binary value.

For example, let's store the hex value 0123456789ABCDEF in RAM:

0000 EF
0001 CD
0003 AB
0004 89
0005 67
0006 45
0007 23
0008 01

If we read these as the bytes stored in address 0000, 0001, 0002 etc.
then we would get the following...

0000 EF CD AB 89 67 45 23 01

....as the 8-byte string from address 0000, in hex. If we read that as
a series of 16-bit words, we would get...

0000 CDEF 89AB 4567 0123

....and as 32-bit long words...

0000 89ABCDEF 01234567

....so it's all a matter of data type structure. Some other processors
store binary numbers from most significant byte to least instead.

>My conclusion seems to be that IE has forced prompts defined for certain
>file extensions in shdocvw.dll

It was possibly a belated/emergency clue, to improve safety. As to
why it's hard-coded rather than registry-controlled; let's just say
there are far too many ways for malware to write to the registry.


>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - -

OK. Thanks.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"cquirke (MVP Win9x)" <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
| On Wed, 31 Dec 2003 23:15:17 -0500, "Ivan Bœtora" <(E-Mail Removed)> wrote:
|
| >I also remain confused about how the d8 07 00 00 translates into the
| >individual settings.
|
| It's to do with how the values are displayed. The x86 processor
| stores binary values in memory from the least significant byte to the
| most significant, so the order you get will vary on whether you read
| this as a series of bytes, or as a larger binary value.
|
| For example, let's store the hex value 0123456789ABCDEF in RAM:
|
| 0000 EF
| 0001 CD
| 0003 AB
| 0004 89
| 0005 67
| 0006 45
| 0007 23
| 0008 01
|
| If we read these as the bytes stored in address 0000, 0001, 0002 etc.
| then we would get the following...
|
| 0000 EF CD AB 89 67 45 23 01
|
| ...as the 8-byte string from address 0000, in hex. If we read that as
| a series of 16-bit words, we would get...
|
| 0000 CDEF 89AB 4567 0123
|
| ...and as 32-bit long words...
|
| 0000 89ABCDEF 01234567
|
| ...so it's all a matter of data type structure. Some other processors
| store binary numbers from most significant byte to least instead.
|
| >My conclusion seems to be that IE has forced prompts defined for
certain
| >file extensions in shdocvw.dll
|
| It was possibly a belated/emergency clue, to improve safety. As to
| why it's hard-coded rather than registry-controlled; let's just say
| there are far too many ways for malware to write to the registry.
|
|
| >--------------- ----- ---- --- -- - - -
| Error Messages Are Your Friends
| >--------------- ----- ---- --- -- - - -

PCR, I don't think playing around with values for an individual filetype will help. This affects not only exe, but also many others. For example ..reg. And regfile has EditFlags 00 00 00 00, or you can make it whatever you wish, such as 00 01 00 00, but IE will still force the prompt. (Try here: www.princeton.edu/~ibutora)
So my question now is: Is it possible to request from MS that they clarify where these things are set, what versions of IE are affected, what extensions, etc. How can one request from MS that they publish info about this in a KB article - this should not be a problem, should it?
BTW, there is a thread here which could be an interesting discussion:
news:(E-Mail Removed)

IB


"PCR" <(E-Mail Removed)> wrote in message news:%(E-Mail Removed)...
Below is Badour's .reg. Hmm, it has those "EditFlags" in a different
key-- two different keys. But I suppose the ones you played with were
overriding these. Yet, I think the solution is somewhere in here. How
did you like the .zip download requestor? That had "Open" & "Save". I
think something below must be undone, but not all of it. Then, you must
discover what the Registry entries are for .zip, & put .exe entries
along side them.

REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:d8,07,00,00

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{86F19A00-42A0-
1069-A2E9-08002B30309D}]
@=""

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
I think the Badour .reg doesn't really have anything to do with this
issue directly - it's only if somebody's .exe entry gets messed up for
some reason, it restores the original.
I am not sure if shdocvw.dll (or something else) really does determine
forced prompts for certain extensions, but I am lead to the conclusion
that it does because of
- MS KB 238723
- and because of the fact that I've tried many things and nothing
worked. One of the things I did do was completely delete HKCR\.exe and
HKCR\exefile, but that did nothing. I have *not* tried other extensions
than .exe that fall into this category (such as .com, or probably some
scripts).
It would be nice if somebody could confirm or specify what it is that
disables the checkbox for certain extensions. If it's in the registry,
where is it? If it's a file, which one, and which extensions does it
control?
Another reason why I think that shdocvw.dll might determine this is that
with Outlook 2000 SR-1, they also hardcoded certain extensions into one
of Outlook's files, and what one could do afterwards in the registry was
limited, as I had described it before, and as it's stated in MS KB
articles.
I must say again that a better policy would have been to allow those
things to be controlled by the registry, rather then hardcoding things
into program files.
My question again: is it possible to request from MS that they clarify
this, and if so, how?

Thanks,

Ivan


-----------------------
"PCR" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
(1) Does something (Shdocvw.dll?) set an initial basic configuration
that determines .exe processing, including whatever Registry entries are
needed, (or does the Registry just come that way)?

(2) Would it repair those entries, if one goes in & musses it-- I mean,
alters-- alters the entries to cause it to behave differently?

(3) Why would Badour write his .reg...
http://home.satx.rr.com/badour/asset...s/ExeAssoc.zip
Repair .Exe Association. Sets the default association for .exe files.
...., if there was already something around to repair it?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:uUwF9$(E-Mail Removed)...
| In addition to what I said...
| ...if it is indeed hardcoded in shdocvw.dll, I must say I don't like
such a
| policy very much - the registry itself has a way to disable the
checkbox
| through EditFlags, so what's the point in hardcoding things and thus
| limiting the usefulness of the registry? What MS could have done was
that
| when installing, IE 6 would modify the EditFlags settings accordingly.
In
| such case the "advanced" user could always go back to the registry and
| customize the behaviour...
|
| ------------
| "PCR" <(E-Mail Removed)> wrote in message
| news:%23i03If%(E-Mail Removed)...
| Something is wrong, because I have no such key as...
|
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
| Explorer\Restrictions
|
| So, that can't be the one that governs what an .exe does when clicked
to
| download. It might be an override, though, I guess. Also...
|
| d8 07 00 00
|
| ...that is a hex DWORD, with 7 bits set, in binary: 11011000 00001101
| 00000000 00000000. How are you matching it to this...?...
|
| Here's a desc on EditFlags (bitwise):
|
| 0001 Exclude the file class.
| 0002 Show file classes, such as folders, that aren't associated
| with a file name extension.
| 0004 The file class has a file name extension.
| 0008 The registry entries associated with this file class cannot
| be edited. New entries cannot be added and existing
| entries cannot be modified or deleted (e.g. exefile?)
| 0010 The registry entries associated with this file class cannot
| be deleted
| 0020 No new verbs can be added to the file class.
| 0040 Canonical verbs such as open and print cannot be
| modified or deleted (a common setting)
| 0080 Canonical verbs such as open and print cannot be deleted.
|
| 0100 The description of the file class cannot be modified or deleted.
| 0200 The icon assigned to the file class cannot be modified
| or deleted.
| 0400 The default verb cannot be modified (compare with 0080)
| 0800 The commands associated with verbs cannot be modified.
| 1000 Verbs cannot be modified or deleted.
| 2000 The DDE-related entries cannot be modified or deleted.
| 8000 The content-type and default-extension entries cannot be
| modified or deleted.
|
| 0001 0000 The file class's open verb can be safely invoked
| for downloaded files (relevant to discussion?)
| 0002 0000 Do not allow the "Never ask me" check box to be enabled.
| The user can override this attribute through
| the File Type dialog box.
| 0004 0000 Always show the file class's file name extension,
| even if the user has selected "Hide Extensions"
| 0010 0000 Don't add members of this file class to the Recent
| Documents folder (useful?)
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| (E-Mail Removed)
| "cquirke (MVP Win9x)" <(E-Mail Removed)> wrote in
| message news:(E-Mail Removed)...
| | On Wed, 31 Dec 2003 11:45:13 -0500, "Ivan Bœtora" <(E-Mail Removed)>
wrote:
| |
| | >Thanks for this info.
| | >for example, exefile or comfile have by default:
| |
| | >d8 07 00 00
| |
| | >(which would be a combination of some of these settings - I'm
afraid
| I don't
| | >understand exactly how this thing works mathematiclally - why are
| some of
| | >the settings only four digits, and some eight digits? is this
binary
| or
| | >hexadecimal?)
| |
| | It's hexadecimal, and (in this case) shown lowest order byte first.
| | d8 07 00 00 could also be shown as 000007d8, and sometimes is!
| |
| | Calculator, View; select Scientific. Now you can enter numbers in
one
| | base and see them displayed in another :-)
| |
| | d8 in binary is 11011000, i.e. 128 + 64 + 16 + 8 (or in hex, 80 + 40
+
| | 10 + 08). Look up those values in the EditFlags documentation...
the
| | 07 above that is 0400 + 0200 + 0100 in the same list.
| |
| | >The point is that even if you change exefile to 00 01 00 00, and
even
| if you
| | >uncheck "confirm open before download" through folder options, you
| are still
| | >prompted for download and the "always ask..." box is still grayed
| out.
| |
| | That's interesting, and I suspect that reflects an additional layer
of
| | control that is particular to IE. I'm not familiar with that part
of
| | the registry, though I expect it's documented somewhere.
| |
| | >I don't think this will have anything to do with Outlook, although
| Outlook
| | >(post 2000 SR-1) also uses the EditFlags settings for level 3
| attachments.
| | >For example, with Outlook 2000 post-SR1 in Internet Mail Only mode,
| Outlook
| | >has a default list of extensions that are considered level 1 (not
| | >accessible) and level 2 (you must save them first), and the only
| thing you
| | >can do is move some from level 1 to level 2 *or* from level 3 to
| level 2,
| | >but you cannot do anything else.
| |
| | I suspect that's hard-coded as part of the relevant patch that's
been
| | integrated into subsequent Outlook and OE, as selected by the
Security
| | setting to block dangerous attachments. It's been criticized as
being
| | over-zealous and inflexible (e.g. it blocks .pdf, which are often
used
| | to send things such as invoices via email).
| |
| | >Here's a desc on EditFlags (bitwise):
| |
| | Ah! I'll leave the ones as per d8 07 00 00 quoted...
| |
| | >0008 The registry entries associated with this file class cannot
| | > be edited. New entries cannot be added and existing
| | > entries cannot be modified or deleted (e.g. exefile?)
| | >0010 The registry entries associated with this file class cannot
| | > be deleted
| | >0040 Canonical verbs such as open and print cannot be
| | > modified or deleted (a common setting)
| | >0080 Canonical verbs such as open and print cannot be deleted.
| | >0100 The description of the file class cannot be modified or
| deleted.
| | >0200 The icon assigned to the file class cannot be modified
| | > or deleted.
| | >0400 The default verb cannot be modified (compare with 0080)
| |
| | ...makes sense, but doesn't stop malware patching in anyway.
| |
| |
| | >-- Risk Management is the clue that asks:
| | "Why do I keep open buckets of petrol next to all the
| | ashtrays in the lounge, when I don't even have a car?"
| | >----------------------- ------ ---- --- -- - - - -
|
|
|

"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
....
> So my question now is: Is it possible to request from MS that they clarify
> where these things are set, what versions of IE are affected, what
> extensions, etc.

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

news:(E-Mail Removed)
Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---

Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default...b;EN-US;291369
That makes it clear that there are extensions considered unsafe, and those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it better, I guess!

Ivan


"Robert Aldwinckle" <(E-Mail Removed)> wrote in message news:%(E-Mail Removed)...
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
....
> So my question now is: Is it possible to request from MS that they clarify
> where these things are set, what versions of IE are affected, what
> extensions, etc.

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

news:(E-Mail Removed)
Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---

Glad to see you have found what you wanted or are closer to it. OK, good
luck with it.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default...b;EN-US;291369
That makes it clear that there are extensions considered unsafe, and
those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it
better, I guess!

Ivan


"Robert Aldwinckle" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
....
> So my question now is: Is it possible to request from MS that they
clarify
> where these things are set, what versions of IE are affected, what
> extensions, etc.

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File
Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

news:(E-Mail Removed)
Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---

No, I don't actually want to execute files directly from a website - I just wanted to know how things are.
Thanks Robert, cquirke and PCR!


"PCR" <(E-Mail Removed)> wrote in message news:%23$$(E-Mail Removed)...
Glad to see you have found what you wanted or are closer to it. OK, good
luck with it.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default...b;EN-US;291369
That makes it clear that there are extensions considered unsafe, and
those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it
better, I guess!

Ivan


"Robert Aldwinckle" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
....
> So my question now is: Is it possible to request from MS that they
clarify
> where these things are set, what versions of IE are affected, what
> extensions, etc.

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File
Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

news:(E-Mail Removed)
Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---

You are welcome.

Absolutely, take care when clicking to download an .exe. Otherwise, go
examine cquirke's site to see what is in the offing!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:%23Bo$(E-Mail Removed)...
No, I don't actually want to execute files directly from a website - I
just wanted to know how things are.
Thanks Robert, cquirke and PCR!


"PCR" <(E-Mail Removed)> wrote in message
news:%23$$(E-Mail Removed)...
Glad to see you have found what you wanted or are closer to it. OK, good
luck with it.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
(E-Mail Removed)
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
Thanks Robert. This is what I was looking for.
In addition to that, I also found this:
http://support.microsoft.com/default...b;EN-US;291369
That makes it clear that there are extensions considered unsafe, and
those are defined in Shdocvw.dll.
So the KB did have the info in the end - just have to learn to search it
better, I guess!

Ivan


"Robert Aldwinckle" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
"Ivan Bútora" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
....
> So my question now is: Is it possible to request from MS that they
clarify
> where these things are set, what versions of IE are affected, what
> extensions, etc.

Ivan,

If you aren't that concerned about implementation but just have
a functional requirement to make executables executable
from a web page there is this:

<title>KB232077 - INFO: Executing Files by Hyperlink and the File
Download Dialog Box</title>


I recently mentioned it to Hans Le Roy here:

news:(E-Mail Removed)
Subject: Re: running .exe files from web pages
Date: Wed, 24 Dec 2003 14:12:50 -0500
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser


FYI

Robert
---