Call to Action: Help us clean up Manage Add-ons

Hey all you ActiveX control owners out there, this is Sharon, PM owner of Manage Add-ons. Today I’m asking you to help us clean up the Manage Add-ons interface by digitally signing your controls.

Manage Add-ons (Tools à Manage Add-ons à Enable or Disable Add-ons) displays information about all of the controls on a user's system. It shows them the control name, publisher name and control status (enabled or disabled) among other things. Controls that are not properly signed become an eye-sore in Manage Add-ons because next to the publisher name is the phrase “Not Verified”. In addition to being an eyesore, users rely on the publisher name to make trust decisions about their ActiveX controls. If your control isn’t signed the user only knows that Someone says the control is from your corporation, they don’t know that You say the control is from your corporation.

Manage Add-ons Unsigned Control

Luckily, this is easily remedied. When you digitally sign the dll of your control, the publisher name shows up correctly, without the “Not Verified” next to it.

If your control is installed by a CAB file or another executable, you must be sure to sign both the installation file (to enable installation) and the .dll or ocx file containing the ActiveX control (to ensure your publisher name shows up without the "Not verified" notice). Some resources on code signing are available here:

Some of you may be wondering why you should bother signing your controls when Microsoft has its own unsigned controls. Code signing all released dlls just wasn’t part of Microsoft’s regular practices previously and as a result there’s lots of legacy code out there that is still not signed. Microsoft is, however, working to correct this situation. Myself along with the IE compatibility team have already been in contact with several Microsoft teams who have unsigned controls. Many of these are being corrected in upcoming releases or have been corrected already. MSN Messenger service which was unsigned has been released as the signed Windows Live Messenger control in the new Windows Live Messenger version which shipped recently. It’s an ongoing effort to correct all the legacy code out there. We hope you’ll help out by also signing your code.

sharon cohen
Program Manager