Meaning you can unregister the DLL or that by doing so, it stops Home Page Highjacking.
I have to question the validity of this "tweak", only because in the post referenced, it believes that REGWIZC.DLL is the "registry wizard control module". It isn't. It is the REGISTRATION Wizard Control Module.
If a site could reach into your registry and do read/writes using just a DLL and nothing else, this would be a HUGE security exposure that security analysts everywhere would be all over.
Actually, you've seen home page hijacking before I'm sure, Whitphil. We've had plenty of threads about it here, in fact the more unscrupulous site operators also set a policy in the registry to disable Internet Options so you can't change it back.
An Activex control or even VB Script does indeed have the power and authority to modify the system registry by calling on a dll.
Security advocates are indeed "all over it"... just that this isn't the only issue and the only solution (e.g. security settings for "active scripting" and Activex to prompt or disabled... and/or make use of the security zones in IE for trusted sites). To me, that seems like a more comprehensive solution to a problem larger than one dll.
Agreed. My point (& question) is that it is NOT this DLL that is involved.
For example, under\windows\samples\wsh is a javascript Registry.js that demonstates how to modify the registry. It happily runs even after regwizc.dll is unregistered.
So does unregistering this DLL do anything, other than disable the ability to REGISTER things?
Unregistered the .dll, which is, from what I understand, what it is supposed to do.
AND, as Grogan suggested above, it is only ONE avenue being secured. I am also making the presumpsion that it is a HIGH PROFILE avenue for "crackers" to attack.
One other thing lets clear up, I also am cognizant of the fact that NO SYSTEM OR CONFIGURATION IS TOTALLY "SAFE" from a determined cracker.
BUT, I intend to make accessing my PC as difficult as I possibly can using every means available to me to do so. I may be marginally competent at using a PC, but I am not totally stupid. I can comprehend the dangers that threaten my use of this PC. Should some asshole cracker render it unusable, I'll throw the damn thing in the trash can and walk away. It was fun while it lasted.
I'm probably beating a dead horse here, but I don't see the vulnerability. There are some notes on Buffer overruns with this AND a bunch of other ActiveX dlls, but the issue had nothing to do with writing to the registry. The issue was being able to run other code.
I think this is someone who has seen the REG in the DLL name, and assumed it meant REGistry. The same as the people who saw AD in ADvpack.dll when Aureate originally raised it's ugly head, and assumed the AD meant ADvertising, and started recommending the removal of this DLL.
The following MS note talks about the Registration Wizard after the fiasco in 1999 with unique identifiers being sent back to MS.
This is also the time when this "tweak" originally surfaced, and the following page is "meant" to show the hole? (it shows nothing on my system, since it is uptodate with all security, etc patches. And I could not find the specific one the closed the "leak").