 |
 Browser Helper Objects: Help you can sometimes do without
by Douglas Schweitzer, A+, Network+. i-Net+, CIW, BIS
There is a small program called a Browser Helper Object (BHO) that automatically runs every time you start your Internet Explorer Web browser.
Typically, BHOs are installed on your computer by an outside software program. The BHOs' integration with the Internet Explorer (IE) Web browser allows them great flexibility with many applications. Legitimate uses include the Adobe Acrobat add-in that displays Acrobat documents within your web browser window.
While most BHOs are "well behaved", some have been accused of spying on users' surfing habits or logging keystrokes while users fill out online web forms at certain sites. One of the security concerns related to the use of BHOs is their "tight" integration with the Web browser. When BHOs access the Internet it appears as if the access was requested by Internet Explorer. Even if you're using a bi-directional personal firewall to protect yourself, BHO activity can bypass the firewall simply because the BHO requests are perceived as normal browser traffic.
Detect and Remove
BHOs can be removed by editing the Windows registry manually. If you want to manually locate and/or remove BHOs from your system follow these steps:
- Click on the “Start” button and go to the “Run” menu.
- In the “Run” dialogue box type: regedit
- Click on the “OK” button or hit the “Enter” key. The Windows registry editor will be displayed.
- Drill down to the “Browser Helper Objects” registry key using the following path:
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ explorer\ Browser Helper Objects
- Once you have reached the BHO registry keys, you can remove any one of them simply by situating your cursor over the key in question, "right clicking" on it, and then selecting "delete" from the drop down menu.
How does one determine a legitimate BHO key from offending one? Under each BHO key there are yet more keys known as Globally Unique Identifiers (GUIDs), strings of numbers that appear in brackets like the one below:
{30D02401-6A81-11D0-8274-00C04FD5AE38}
Once you have located a BHO’s GUID, look in the section of the registry called HKEY_CLASSES_ROOT for a matching GUID. The information under that key will tell you which Dynamic Link Library (DLL) is being used, and from that you can often determine to which utility this BHO belongs. Keep in mind that deleting the wrong BHO registry key can cause Internet Explorer or other programs to cease functioning properly and this should therefore only be attempted by individuals thoroughly familiar with registry editing and backup.
Luckily, there is a faster and safer way to locate and deactivate BHOs. BHO Captor (www.xcaptor.org) and BHODemon 1.0 (www.definitivesolutions.com/bhodemon.htm) are two examples of user-friendly freeware programs for locating and deactivating BHOs in a Windows based computer. Deactivation is preferable to deleting simply because it is reversible in the event that you experience a problem with Internet explorer after the deactivation.
About the Author
Douglas is a Certified Internet Webmaster Associate, and he holds A+, Network+, and i-Net+ certifications from the Computing Technology Industry Association. He has appeared as an Internet security guest speaker on several radio shows, including KYW Philadelphia, as well as on Something You Should Know and Computer Talk America, two nationally syndicated radio shows. He is also the author of Incident Response: Computer Forensics Toolkit, Securing the Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and Trojans and Internet Security Made Easy: A Plain-English Guide to Protecting Yourself and Your Company Online.
|
|
