Browser Helper Object - Wikipedia, the free encyclopedia

Browser Helper Object
From Wikipedia, the free encyclopedia
Jump to:navigation,search

Add-on Manager from Windows XP SP2 Internet Explorer
A Browser Helper Object (BHO) is aDLLmodule designed as aplugin forMicrosoft'sInternet Explorerweb browserto provide added functionality. BHOs were introduced in October 1997with the release of version 4 of Internet Explorer. Most BHOs areloaded once by each new instance of Internet Explorer. However, in thecase of the Windows File Explorer, a new instance is launched for eachwindow.
Some modules enable the display of different file formats not ordinarily interpretable by the browser. TheAdobe Acrobat plugin that allows Internet Explorer users to readPDF files within their browser is a BHO.
Other modules add toolbars to Internet Explorer, such as theAlexa Toolbar that provides a list of web sites related to the one you are currently browsing, or theGoogle Toolbar that adds a toolbar with a Google search box to the browseruser interface.
Contents
[hide]
1 Concerns
2 See also
3 External links3.1 Microsoft sites
3.2 Listings and examples
[edit] Concerns
The BHOAPI exposeshooks that allow the BHO to access theDocument Object Model(DOM) of the current page and to control navigation. Because BHOs haveunrestricted access to the Internet Explorer event model, some forms ofmalware have also been created as BHOs. For example, theDownload.ject exploit installed a BHO that would activate upon detecting a secureHTTP connection to a financial institution,record the user's keystrokes (intending to capture passwords) and transmit the information to a website used by Russiancomputer criminals. Other BHOs such as theMyWay Searchbar track users' browsing patterns and pass the information they record to third parties.
In response to the problems associated with BHOs and similar extensions to Internet Explorer, Microsoft added an Add-on Manager toInternet Explorer 6 with the release ofService Pack 2 forWindows XP (updating it to IE6 Security Version 1 (a.k.a. SP2). This displays a list of all installed BHOs,browser extensions andActiveX controls, and allows the user to enable or disable them at will.
For users that are not using Windows XP, there are free tools (suchas BHODemon) that list installed BHOs and allow the user to disablemalicious extensions.Spybot S&D has a similar tool built in to allow the user to disable installed BHOs.
Many BHOs install toolbars in Internet Explorer, but others don'tproduce any visible effect. It is therefore possible that a PC containsBHOs that the owner doesn't know about. The security risk here is thatthe BHO doesn't need any kind of permission to install maliciouscomponents and thus spyware may be spread without the user's knowledge.For instance, the ClSpring trojan uses BHOs to install scripts toprovide a number of instructions to be performed [such as Adding anddeleting registry values, downloading additional file(s) and executingfile(s)].
Since it's relatively easy to write BHOs, many poorly written BHOscan harm the computer and compromise its security, and even sometimesdestroy valuable data or corrupt system files. MGMS