World Library  
Flag as Inappropriate
Email this Article

Browser Helper Object

Article Id: WHEBN0000910726
Reproduction Date:

Title: Browser Helper Object  
Author: World Heritage Encyclopedia
Language: English
Subject: Internet Explorer, .NET Framework, List of Internet Explorer extensions, Windows RSS Platform, Internet Explorer shell
Collection: Internet Explorer
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Browser Helper Object

Add-on Manager from Windows XP SP2 Internet Explorer

A Browser Helper Object (BHO) is a DLL module designed as a plugin for Microsoft's Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of Windows Explorer, a new instance is launched for each window.

Contents

  • Implementation 1
  • Examples of BHO 2
  • Concerns 3
  • See also 4
  • References 5
  • External links 6
    • Microsoft sites 6.1
    • Listings and examples 6.2

Implementation

Each time a new instance of Internet Explorer starts, it checks the windows registry for the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
If Internet Explorer finds this key in the registry, it looks for a CLSID key listed below the key. The CLSID keys under Browser Helper Objects tell the browser which BHOs to load. Removing the registry key prevents the BHO from being loaded.
For each CLSID that is listed below the BHO key, Internet Explorer calls CoCreateInstance to start the instance of the BHO in the same process space as the browser. If the BHO is started and implements the IObjectWithSite interface, it can control and receive events from Internet Explorer. BHOs can be created in any language that supports COM.[1]

Examples of BHO

Some modules enable the display of different file formats not ordinarily interpretable by the browser. The Adobe Acrobat plug-in that allows Internet Explorer users to read PDF files within their browser is a BHO.

Other modules add toolbars to Internet Explorer, such as the Alexa Toolbar that provides a list of web sites related to the one you are currently browsing, or the Google Toolbar that adds a toolbar with a Google search box to the browser user interface.

The Conduit toolbars are based on a BHO that can be used on Internet Explorer 7 and up. This BHO provides a search facility that connects to Microsoft's Bing search.

Concerns

The BHO API exposes hooks that allow the BHO to access the Document Object Model (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of malware have also been created as BHOs. For example, the Download.ject malware installs a BHO that would activate upon detecting a secure HTTP connection to a financial institution, record the user's keystrokes (intending to capture passwords) and transmit the information to a website used by Russian computer criminals. Other BHOs such as the MyWay Searchbar track users' browsing patterns and pass the information they record to third parties.

Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in Internet Explorer and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user.[2] The DyFuCA spyware even replaces Internet Explorer's general error page with an ad page.

In response to the problems associated with BHOs and similar extensions to Internet Explorer, Microsoft debuted an Add-on Manager in Internet Explorer 6 with the release of Service Pack 2 for Windows XP (updating it to IE6 Security Version 1, a.k.a. SP2). This utility displays a list of all installed BHOs, browser extensions and ActiveX controls, and allows the user to enable or disable them at will. There are also free tools (such as BHODemon) that list installed BHOs and allow the user to disable malicious extensions. Spybot S&D advanced mode has a similar tool built in to allow the user to disable installed BHOs.

See also

References

  1. ^ Roberts Scott, Programming Microsoft Internet Explorer 5, Microsoft Press, 1999, ISBN 0-7356-0781-8
  2. ^ Computer Associates malware entry at ca.com, retrieved 1/16/2009

External links

  • Sites.google.com

Microsoft sites

  • IEHelper-Attaching to Internet Explorer 4.0 by Using a Browser Helper Object
  • Control Internet Explorer Add-ons with Add-on Manager - an article on Microsoft.com that explains this new feature of Windows XP Service Pack 2
  • Building Browser Helper Objects with Visual Studio 2005 - an October 2006 MSDN article by Tony Schreiner and John Sudds

Listings and examples

  • CLSID List - master list created by Tony Kleinkramer, which attempts to record and identify every BHO available (previously located at - the now defunct - castlecops.com) - also includes Toolbar, Explorer Bar and URLSearchHook GUIDs
  • C++ example code for a BHO
  • C# example code for a BHO
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.