Since many ofthe new trojans install as BHOs, why not program SEP to block NEW BHO installs?
I'd LOVE this feature to death! This is how many of the bugs we see each week get IN with no user permissions, since they are NOT technically a PROGRAM install.
PLEASE see this text, and what it implies - add the ability to SEP to block or alert on BHO install attempts. SEP should be able to allow CURRENT BHOs and BLOC new ones, or at least prompt. -> Why does SEP not do what this last sentence states others can do?
Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in Internet Explorer and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan uses BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparent to the user [1].
In response to the problems associated with BHOs and similar extensions to Internet Explorer, Microsoft debuted an Add-on Manager in Internet Explorer 6 with the release of Service Pack 2 for Windows XP (updating it to IE6 Security Version 1 (a.k.a. SP2). This utility displays a list of all installed BHOs, browser extensions and ActiveX controls, and allows the user to enable or disable them at will. There are also free tools (such as BHODemon) that list installed BHOs and allow the user to disable malicious extensions. Spybot S&D has a similar tool built in to allow the user to disable installed BHOs. Many anti-spyware applications also offer the capability to block the download or install of BHOs identified as malicious.