Blog

Let’s Get Technical: Overriding Registry Keys with Ion, and Killbits Too

Posted by: Browsium Posted date:

One of the many powerful features in Ion is our Custom Registry Manager, which allows you to override any key in the registry with new values, but only for the web applications that need those custom settings.

We can isolate custom registry keys to a specific Ion Profile, meaning that you can use Ion to customize the registry environment for your web applications but prevent those settings from affecting other applications or Windows or Internet Explorer in general.

By default, Ion Profiles load all the same settings from the registry as the host IE8/IE9 browser, which is typically what you want but through Ion you can change that behavior when required. Any settings that is controlled through the registry can be managed this way, including proxy settings, security settings and ActiveX behavior. If there’s a registry key for it, we can override it with a new value.

Once again, this means you can maximize the compatibility of your browser environment while retaining a high level of security.

One way this is useful is to override ActiveX killbits. Make no mistake: this is advanced stuff and not recommended for any customer who doesn’t thoroughly understand the implications of reviving a control that’s been killed by Microsoft, but it is possible and can be done (through Ion) in a way that’s more isolated than otherwise.

First, some background: Killbits are a way for Microsoft to mark poorly-behaved and insecure ActiveX controls as persona non grata to the browser. If a control has shown that it has serious security flaws that can not be easily fixed, Microsoft prevents that control from loading by setting a key in the registry. The registry setting that does this is called a “killbit.” Internet Explorer will simply refuse to load any control marked that way. You can begin your reading on Internet Explorer killbits with this article. Microsoft will occasionally kill 3rd party ActiveX controls, but only when the 3rd party vendor is in agreement with the decision.

We do not recommend overriding killbits without fully understanding why the specific control was shut down in the first place. In most cases, Microsoft recommends re-writing your application to use a newer ActiveX control instead (and in those cases, you may want to use our “String Replacement Manager” feature as an alternative). When this is not possible, and the security risk and compatibility impact of the ActiveX control is fully understood, you can use Ion to allow a given ActiveX control to run, but only for the specific Ion Profile in question. Please note that in some cases, the security flaw of an ActiveX control may be so egregious that even allowing it to run for one specific website may not be an acceptable solution from a security point of view, so consider this option carefully.

To help those of you who’d like to tweak the registry for application compatibility, I’ve posted two new KB articles to our support site. The first, “Setting a custom registry value with Ion” goes into detail about how the feature works in general and what syntax is required in the Ion Configuration Manager to successfully override any registry setting.

The second article, “Overriding an ActiveX killbit using Ion’s Custom Registry Manager” goes into detail about what ActiveX killbits are and how to override them through Ion.

-Christopher

  • Share:  
 

Recent Posts

ITOM for Browsers: Visibility, Security, Efficiency with Proton
Posted on: March 27, 2024
The Browser Blind Spot: Is Your IT Management Missing Critical Data?
Posted on: March 25, 2024
Enhancing Enterprise Efficiency with Advanced Browser Management Tools
Posted on: February 12, 2024

Blog Topics

ActiveX Advanced Solutions Application Modernization Application Sandboxing BCMS Upgrade Browser Compatibility Browser compatibility issues Browser Compatibility Testing Browser end of life (EOL) frustration Browser IT Management Browser Management Browser management solution Browser Management Tool Browser Performance Monitoring Browser Selection Automation Browser Telemetry Tool Browser-Based Applications Browsium Browsium Chrome Extension Browsium Extension Browsium Ion Browsium Proton Catalyst Centralize browser management Chrome Compatibility Compatibility Challenges Compatibility Layers Compatibility Strategies Compatibility Testing Cross-Browser Testing CVE-2021-44228 Deployment eBook Edge IE Edge IE Chrome Edge IE Mode Edge Legacy Edge Readiness Emulation Enterprise Browser Management Enterprise Browser Security Events Extensions File Swap Firefox Flash EOL Group Policy History Hotfix How-To IE 11 EOL IE End of Life IE EOL IE11 Internet Explorer End of Life Internet Explorer EOL Ion Ion v4.9.4 IT Business Strategy IT Challenges IT Landscape IT Solutions ITOM Java Java Applets Latest Version Legacy Application Compatibility Legacy Application Integration Legacy Application Regression Testing Legacy Application Strategies Legacy Applications Legacy Browser Applications Legacy Browser Compatibility Legacy Web Applications Log4shell Microsoft Cumulative Update Migration Mission-Critical Applications Modern IT Modernizing Legacy Applications Patch Tuesday Performance Preserving Legacy Applications Product Offerings Product Release Proton Remediation Sandboxing Legacy Applications Security Services Shadow IT Silent Heroes Silverlight Support Testing Modernized Applications Flash EOL Top News User Training Virtualization Web Application Compatibility Webinar Win10 Preview Release Windows 10 Windows 8 XP Usage Share

Request Demo

Internet Explorer End of Life problems?Learn More