“Spybot - Search & Destroy” not fixing a DSO exploit

This page was written around September 2005, the fault should have been fixed long ago.

After playing with Spybot - Search and Destroy, I found it continually warning about a DSO Exploit (see below), offering to fix it, but doesn't actually do so.  I've seen a few queries about it on the net, with the answer being to create the key it complains about.  What I haven't seen is any explanation of what that key represents, nor do many explain what the complaint is really about.  I'm loath to set registry keys without knowing what I'm setting, so the following details what I've discovered by experimentation (observing changes to the registry, while playing with Windows settings), and from trawling through the Microsoft website.

Error warning

HKEY_USERS\your-user-name-here\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

The bit where I've written “your user name here” will have your user name written in that spot.  And I believe that the “.DEFAULT” user registry entries are default settings used to preload registry entries when creating new users.

Reason for warning

It's complaining that there isn't a DWORD registry key named “1004” with a value of “3” set in it (which could be a complaint about the absence of that key, or about the value set into it), in certain parts of the registry.  With the solution being to create that key, and with that value, or change the value set in the existing key to “3”.

The “!=” bit of the warning means “does not equal” (key “1004” does not equal a “word” value set to “3”).

Function of that registry key

It's related to the security zones section of the “Internet Options” control panel, and it controls what to do about downloading unsigned ActiveX controls in the “My Computer” zone (the whole computer).  But this particular zone doesn't appear in the control panel, therefore you have to control it by directly editing the registry, or find some other tool to do it for you.

ActiveX is a programming language used in Windows for all manner of functions, it can do pretty much whatever it wants to on a PC (this is not a good idea with unknown programs on websites).  The “signing” business just means whether or not the author digitally signed the code, so you can tell whether this code really came from them.  It's no indication of the safety of the code (unscrupulous people can create code that does unpleasant things, and get it signed).

In the interests of safety, you'd either want to disable downloading them (for this zone), or make it conditional on your approval.  But what's Microsoft's default setting?  As usual, it's to let it do whatever it likes, without asking, and without any regard for safety.

Key 1004 options
Key value Meaning
0 Enable downloading (without any prompting)
1 Prompt before downloading
3 Disable downloading

Fixing the fault

Since this zone isn't any of the zones used with web browsing, I'd suggest you set it to disable downloading, like “Spybot - Search & Destroy” wants you to.  Or you could set it to prompt you about downloading, and ignore the warnings from Spybot.  Either way, this probably involves using the registry editor to set key values for yourself and the default user.

On some systems you may need administrator rights to change registry settings.

Don't create key names or values with quotes around them.  They're only used in these notes to separate the information from the instructions.

Main sections:
contact details
business info
personal info
eBay & trading
“sales” ads
“wanted” ads
video production
misc info
website info/help
my computers
general info
desktop publishing
typing skills
WWW authoring
internet primer
turn it off?
electrical safety
Spybot bug