Browser Helper Object

A Browser Helper Object (BHO) is a

Windows Explorer

, a new instance is launched for each window.

BHOs are still supported as of Windows 10, through Internet Explorer 11, while BHOs are not supported in Microsoft Edge.

Implementation

Each time a new instance of Internet Explorer starts, it checks the Windows Registry for the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects. If Internet Explorer finds this key in the registry, it looks for a CLSID key listed below the key. The CLSID keys under Browser Helper Objects tell the browser which BHOs to load. Removing the registry key prevents the BHO from being loaded. For each CLSID that is listed below the BHO key, Internet Explorer calls CoCreateInstance to start the instance of the BHO in the same process space as the browser. If the BHO is started and implements the IObjectWithSite interface, it can control and receive events from Internet Explorer. BHOs can be created in any language that supports COM.^[1]

Examples

Some modules enable the display of different file formats not ordinarily interpretable by the browser. The

PDF

files within their browser is a BHO.

Other modules add toolbars to Internet Explorer, such as the

Alexa Toolbar that provides a list of web sites related to the one you are currently browsing, or the Google Toolbar that adds a toolbar with a Google search box to the browser user interface

.

The Conduit toolbars are based on a BHO that can be used on

Bing

search.

Concerns

The BHO

API exposes hooks that allow the BHO to access the Document Object Model (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of malware (such as adware and spyware) have also been created as BHOs.^[2]^[3]

For example, the

MyWay Searchbar tracks users' browsing patterns and passes the information it records to third parties. The C2.LOP malware adds links and popups of its own to web pages in order to drive users to pay-per-click websites.^{[citation needed}

]

Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in

DyFuCA

spyware even replaces Internet Explorer's general error page with an ad page.

In response to the problems associated with BHOs and similar extensions to Internet Explorer, Microsoft debuted an Add-on Manager in

ActiveX controls, and allows the user to enable or disable them at will. There are also free tools (such as BHODemon) that list installed BHOs and allow the user to disable malicious extensions. Spybot S&D

advanced mode has a similar tool built in to allow the user to disable installed BHO.

References

ISBN 0-7356-0781-8

^ "Browser Hijack Objects (BHOs)". Malwarebytes Labs. Retrieved 2021-12-05.

ISBN 978-3-540-32063-0
.

^ Computer Associates malware entry at ca.com, retrieved 1/16/2009

External links

Sites.google.com Archived 2014-12-24 at the Wayback Machine

Microsoft sites

IEHelper-Attaching to Internet Explorer 4.0 by Using a Browser Helper Object

Control Internet Explorer Add-ons with Add-on Manager – an article on Microsoft.com that explains this new feature of Windows XP Service Pack 2

Building Browser Helper Objects with Visual Studio 2005 – an October 2006 MSDN article by Tony Schreiner and John Sudds

Listings and examples

CLSID List – master list created by Tony Kleinkramer, which attempts to record and identify every BHO available (previously located at – the now defunct – castlecops.com) – also includes Toolbar, Explorer Bar and URLSearchHook GUIDs

C++ example code for a BHO

C# example code for a BHO

v
t
e
Information security
Related security categories

Computer security

Automotive security

Cybercrime
Cybersex trafficking

Computer fraud

Cybergeddon

Cyberterrorism

Cyberwarfare

Electromagnetic warfare

Information warfare

Internet security

Mobile security

Network security

Copy protection

Digital rights management

vectorial version
Threats

Adware

Advanced persistent threat

Arbitrary code execution

Backdoors

Hardware backdoors

Code injection

Crimeware

Cross-site scripting

Cross-site leaks

DOM clobbering

History sniffing

Cryptojacking

Botnets

Data breach

Drive-by download

Browser Helper Objects

Viruses

Data scraping

Denial-of-service attack

Eavesdropping

Email fraud

Email spoofing

Exploits

Hacktivism

Insecure direct object reference

Keystroke loggers

Logic bombs

Time bombs

Fork bombs

Zip bombs

Fraudulent dialers

Malware

Payload

Phishing
Voice

Polymorphic engine

Privilege escalation

Ransomware

Rootkits

Scareware

Shellcode

Spamming

Social engineering

Spyware

Software bugs

Trojan horses

Hardware Trojans

Remote access trojans

Vulnerability

Web shells

Wiper

Worms

SQL injection

Rogue security software

Zombie

Defenses

Application security
Secure coding

Secure by default

Secure by design
Misuse case

Computer access control
Authentication
Multi-factor authentication

Authorization

Computer security software
Antivirus software

Security-focused operating system

Data-centric security

Obfuscation (software)

Data masking

Encryption

Firewall

Intrusion detection system
Host-based intrusion detection system (HIDS)

Anomaly detection

Security information and event management (SIEM)

Mobile secure gateway

Runtime application self-protection

Site isolation

v
t
e
Microsoft APIs and frameworks
Graphics

Desktop Window Manager

Direct2D

Direct3D

D3D (extensions)

GDI / GDI+

WPF

Silverlight

WinUI

Windows Color System

Windows Image Acquisition

Windows Imaging Component

DirectX Graphics Infrastructure (DXGI)

Windows Advanced Rasterization Platform

WinG

Audio

DirectMusic

DirectSound

DirectX plugin

XACT

Speech API

XAudio2

Multimedia

DirectX
Media Objects

Video Acceleration

Xinput

DirectInput

DirectShow

Image Mastering API

Managed DirectX

Media Foundation

XNA

Windows Media

Video for Windows

Web

MSHTML

RSS Platform

JScript

VBScript

BHO

XDR

SideBar Gadgets

TypeScript

Data access

Data Access Components (MDAC)
ADO

ADO.NET

ODBC

OLE DB

Extensible Storage Engine

Entity Framework

Sync Framework

Access Database Engine

MSXML

OPC

Networking

Winsock
LSP

Winsock Kernel

Filtering Platform

NDIS

Windows Rally

BITS

P2P API

MSMQ

MS MPI

DirectPlay

Communication

Messaging API

Telephony API

WCF

Administration and
management

Win32 console

Windows Script Host

WMI (extensions)

PowerShell

Task Scheduler

Offline Files

Shadow Copy

Windows Installer

Error Reporting

Event Log

Common Log File System

Component model

COM

COM+

ActiveX

Distributed Component Object Model

.NET Framework

Libraries

Framework Class Library

Microsoft Foundation Classes (MFC)

Active Template Library (ATL)

Windows Template Library (WTL)

Device drivers

WDM

WDF
KMDF

UMDF

WDDM

NDIS

UAA

BDA

VxD

Security

Crypto API
CAPICOM

Windows CardSpace

Data Protection API

Security Support Provider Interface (SSPI)

.NET

ASP.NET

ADO.NET

Remoting

Silverlight

TPL

WCF

WCS

WPF

WF

Software factories

EFx Factory

Enterprise Library

Composite UI

CCF

CSF

IPC

MSRPC

Dynamic Data Exchange (DDE)

Remoting

WCF

Accessibility

Active Accessibility

UI Automation

Text and multilingual
support

DirectWrite

Text Services Framework

Text Object Model

Input method editor

Language Interface Pack

Multilingual User Interface

Uniscribe

v
t
e
Internet Explorer
Versions
Main

1

2

3

4

5

6

7

8

9

10

11

Other

Mobile

for Mac

for UNIX

IEs4Linux

Overview

History

Add-ons

Box model

Browser Helper Object (BHO)

Extensions

Removal

Shells

Technologies

Accelerator

ActiveX

HTML
HTA

HTML Components

favicon.ico

HTML+TIME

Index.dat

JScript

MHTML

MSXML

RSS Platform

Smart tags

Temporary Internet Files

Vector Markup Language

Web Slice

WPAD

XHR/XDomainRequest

Software and engines

Administration Kit

Developer Tools

Integrated Windows Authentication

Tasman

MSHTML
Chakra

Implementations

Active Channel

Active Desktop

ActiveMovie

Channel Definition Format (.cdf)

Comic Chat/Chat 2.0

DirectX Media

Internet Mail and News

Microsoft Java Virtual Machine (MSJVM)

MSN Explorer

MSN for Mac OS X

NetMeeting

NetShow

Outlook Express

Server Gated Cryptography (SGC)

Spyglass

Windows Address Book

Windows Desktop Update

Events

First Browser War

Second Browser War

Download.ject

Eolas v. Microsoft

Sun v. Microsoft

United States v. Microsoft Corp.

People

Tantek Çelik

Thomas Reardon

Dean Hachamovitch

Scott Isaacs

Inori Aizawa

Category

Server-side
Protocols

HTTP
v2

v3

Encryption

WebDAV

CGI

SCGI

FCGI

AJP

WSRP

WebSocket

Server APIs

C NSAPI

C ASAPI

C ISAPI

COM ASP

Jakarta Servlet
container

CLI OWIN

ASP.NET Handler

Python WSGI

Python ASGI

Ruby Rack

JavaScript JSGI

Perl PSGI

Portlet
container

Apache modules

mod_include

mod_jk

mod_lisp

mod_mono

mod_parrot

mod_perl

mod_php

mod_proxy

mod_python

mod_wsgi

mod_ruby

Phusion Passenger

Topics

Web resource vs. Web service

Open API

Webhook

Application server
comparison

Scripting

Client-side
Browser APIs

C NPAPI
LiveConnect

XPConnect

C NPRuntime

C PPAPI
NaCl

ActiveX

BHO

XBAP

Web APIs
W3C

Audio

Canvas

CORS

DOM

DOM events

EME

File

Geolocation

IndexedDB

MSE

SSE

SVG

Video

WebAssembly

WebAuthn

WebGPU

WebRTC

WebSocket

WebXR

Web messaging

Web storage

Web worker

XMLHttpRequest

Khronos

WebCL

WebGL

Others

Gears

Web SQL Database (formerly W3C)

WebUSB

Topics

Ajax and Remote scripting vs. DHTML

Browser extension

Mashup

Web IDL

Scripting

Topics

Web page
Static

Dynamic

Web standards

Web API security

Web application
Rich

Single-page

Progressive

Web framework

Retrieved from "https://en.wikipedia.org/w/index.php?title=Browser_Helper_Object&oldid=1182984540"

[1] ISBN 0-7356-0781-8

[2] "Browser Hijack Objects (BHOs)". Malwarebytes Labs. Retrieved 2021-12-05.

[3] ISBN 978-3-540-32063-0
.

[4] Computer Associates malware entry at ca.com, retrieved 1/16/2009

[1]

[2]

[3]

Implementation

Examples

Concerns

See also

References

External links

Microsoft sites

Listings and examples