Disabling registry values?

An internetnews article at
http://www.internetnews.com/dev-news/article.php/3338461
describes an IE vulnerability that hasn't been patched. Halfway down there's this paragraph:

Disabling Active scripting and ActiveX controls "only reduces the functionality of scripts, applets, Windows components or other applications," the advisory said, which only stops certain types of attacks. Users or network administrators can, however, go into the registry entry "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\" and disable the "ms-its," "msitss," and "its,mk" values.

Question: What's the best way to "disable" these values? Just delete them (after exporting a copy)? Or is there a better way? Sometimes I have deleted unwanted registry entries only to find that *something* puts them back.

I haven't done anything to them yet. Waiting for advice or comments. TIA I'm using 98SE.

 

Note: this is not for everyone to do.
On each of those SubKeys change the Value Data of the Value "CLSID" from {9D148291-B9C8-11D0-A4CC-0000F80149F6} to {-9D148291-B9C8-11D0-A4CC-0000F80149F6}. Note there is an - added, that is the only difference. This CLSID points to the file Itss.Dll, located in the C:\Windows\System folder.
I haven't tried this myself, the easier alternative is not to click on URL's in emails from unknown sources.

 

markp62,
Thank you. I thought inserting a "-" would do it but didn't know where to put it.

As a more general question, do you think that renaming the Itss.dll file would accomplish the same thing? I did that with Msasn1.dll and crypt32.dll, files associated with two recently reported vulnerabilities that I suspect weren't tested on Win98. Nothing bad happened, but I don't know that I accomplished anything either.

If I'm reading the article right, it sounds like this ITS vulnerability could be triggered by clicking the "wrong" link on a web page, and that can't be avoided.

 

It would accomplish the same thing.

.
Yes, it can. By right clicking on the link and selecting Copy Shortcut. Then open a new browser window, Copy into the Address Bar, and eliminate the extra code, especially after a '@ ".
If you want to eliminate ActiveX and CHM help files from being accessed completely, install Mozilla 1.6. It has no Activex controls by default. You would need to install the Sun Java VM, and Macromedia Flash and Shockwave, if you use the latter two.
When I get a link in an email and want to check it out as is, I use that browser.

 

Mark,

how well does removing (folder options > file types) the CHM file type work, please?

I have seen it suggested as a way to circumvent the CHM exploit being used to install malware, particularly BHO based stuff. Which seems to be quite important at the moment.

I held off doing this, assuming I would lose too much functionality...

but now, trying the PC with CHM file type removed, it doesn't seem to hurt too much - hardly at all, in fact - I think I've ?lost the Wizards but that's about it. Windows Help still works - Internet Explorer Help still works.

But, does it actually make the PC safer - or can the CHM exploit(s) still work even with that file type neutralised?

I can live without wizards for a while - a tiny price to pay for a substantial improvement in safety.

best wishes, HJ