Why am I seeing this dialog?

Internet Explorer 8 has a new feature that keeps you in control of your search engine default, by informing you when software attempts to change your settings.

If you are using Internet Explorer 8 Beta 2 or RC1, you might have seen the following dialog when installing new software:

search provider default confirmation dialog.  The dialog asks the user to confirm or decline a change to the default search provider.

The default search preference is the search engine Internet Explorer uses when you type a search query into the search box in the top-right corner of the main Internet Explorer window:

the IE search box

(Wikipedia is set as my default.)

Internet Explorer also use the default search preference when you type a question into the address bar – Try typing “How high is Mt Everest” into the address bar.

A lot of toolbars that plug into Internet Explorer modify the user’s search preference in their installer program. Some ask (by way of a checkbox in their install program) if they should change it.

Some don’t ask clearly, and change your setting without you noticing the change before it happens. We believe this is not a good thing – a program should never change a user’s setting without their unambiguous consent.

To counteract this, some applications or toolbars install a ‘search setting protector’ – a small program that monitors your search default preference, and switches it back automatically to their search engine if any other program ever changes the setting. A lot of users have multiple toolbars installed – and this creates a situation where toolbar installers, toolbars and ‘search setting protectors’ are all fighting over your search setting – If you, or another program, ever changes the setting, you will see a variety of prompts from various ‘search setting protectors’, warning you about the change.

All of the squabbling between programs means that you are not in complete control of your search preference – your setting.

Starting in Internet Explorer 8 Beta 2, any toolbar that wants to change the search setting default (by setting a registry key) will trigger a ‘user consent’ dialog, where the requested change is explained clearly, and you are asked to approve/not approve the change. So, no program can silently change your search setting without you knowing about it.

This change in Internet Explorer does not  break any existing toolbar installers or ‘search setting protector’ programs – they can still change the user’s search setting (by changing a registry key in the user’s registry) – but when Internet Explorer starts up, you will be informed of the change, and you can allow or decline the change.

There is also a new API for setting the search default. Any application can call this API, and request that the Internet Explorer Search Default be changed. A dialog box is shown (and the application requesting the change is clearly identified) and the user can allow/not allow the change.

If a ‘search setting protector’ program keeps asking you to change your default, you can clearly indicate your preference (and lock them out of changing your preference in the future) by checking the ‘Prevent programs from suggesting changes to my default search provider’ checkbox. You can still use the Manage Search Providers command in the search box dropdown to change your default search provider at any point – you should be able to set your search default to anything you want, without any programs interfering with it.

the search options dropdown box.

And Everest is 8,848 meters (29,029 FT) high, by the way.

Frank Olivier
Program Manager

Comments (25)

  1. Mitch 74 says:

    Clear, plain, and simple. It’s great.

    Improvement: if an indelicate toolbar keeps trying to change the default search provider, thus triggering this dialog box all the time, but I don’t want to altogether disable third-party new search engine submission, I’d like to be able to disable the guilty toolbar; however, this dialogue doesn’t show which one is being indelicate (it could be an existing one that auto-updated, or several toolbars installed in the same IE session).

    Thus, it would be better to point out which program asks for the modification…

  2. Ace says:

    Finally! I hate it when my customized toolbar gets changed without my knowledge. It feels like a form of Spyware. This should be applied to all programs. Anytime registry gets changed or if my user experience gets modified.

  3. Tihiy says:

    Uh, it’s better to hook registry access for all BHOs running inside IE and forbid it to change user settings.

    Why this technology wasn’t applied to home page? I hate every single program which tries to change it.

  4. KS says:

    Then don’t use these programs. Any program that changes your homepage without asking you is malware.

  5. steppres says:

    Hopefully this will put an end to programs like CoolWebSearch changing search providers underhandedly.

  6. walt says:

    @steppres – CoolWebSearch is spyware – get rid of it!

  7. hAl says:

    Why "a program"

    Why not name the culprit ?

  8. Sterling says:

    I LOVE the search bar in IE8!!! It’s one of my favorite features. I haven’t seen that dialog but it might be because I don’t use search toolbars (I don’t find a need for them) but it’s good to know there’s options to stop installed programs from changing the default search engine in IE.

  9. EricLaw [MSFT] says:

    >"Why not name the culprit ?" / "Thus, it would be better to point out which program asks for the modification…"

    Those would be great improvements to the feature, but unfortunately, they wouldn’t be reasonable to implement universally.  The feature works by detecting changes in the registry keys that are used to store your search preferences.  Unfortunately, such changes could certainly occur while IE isn’t even running.  This means that by the time the key change is noticed, the original "culprit" is long gone; the Registry does not store information on who last modified any given key.  The only workaround would be to have a process which continually monitors the registry for changes, which keeps track of what process made the modification using low-level hooks (akin to Process Monitor or RegMon).

    While there are programs that do that (antispyware packages like Defender, etc), this would be a very heavy-weight solution for the browser itself.  

    It’s important to recognize that the dialog is meant to "close the backdoor" by blocking attempts to hijack your search settings. If programs cannot reliably hijack your search settings, they will gradually phase out attempts to do so.

    Instead, legitimate applications will begin using the supported API, which *does* identify the requesting application.

    >"Anytime registry gets changed or if my user experience gets modified."

    While such registry monitoring programs do exist, often they can get very annoying.  Your best bet is as KS suggested: Don’t install or use programs that are not trustworthy.

  10. fran says:

    don’t complicate the "search provider" thing … just freeze the one who has 98% of share and the best in the word: google.com

    just a suggestion

  11. Dan says:

    Troll, try to use Google to find a clue.  Google doesn’t have 98% share in the US, and in many countries, they don’t even have 50% share.  Even if they did, Google entirely fails when searching my intranet, although my intranet search provider works very well.

  12. Mustermind says:

    I assume this technology is not implemented by a new registry key "TrueSearchProvider" besides to "SearchProvider" …?

  13. d says:

    and so here comes the new generation of spyware, which poses themselves as "wikipedia search engine"…

  14. Chris says:

    Is there some sort of protection in there to prevent this feature from being overridden? In order to detect that the search provider has changed, the previous provider name is likely stored somewhere. Could a malicious app simply update both references so that IE doesn’t notice the change or has Microsoft foreseen this and come up with a solution?

  15. EricLaw [MSFT] says:

    @Chris: Various technological protections are in place.

    Having said that, from a strict security point of view, if a truly *malicious* application is already installed on your computer, all sorts of malicious threats exist, search provider hijacking being among the least important of them.  

  16. AlexGl [MSFT] says:

    @d: That’s why we also display the hostname of the search provider, for example, en.wikipedia.org. This is taken from the actual URL used to execute a search with that provider.

  17. Jürgen Hinrichs says:

     Texte bitte übersetzen

     englisch für mich nicht lesbar


  18. Anon says:

    Please tell the Windows Live Installer people then to uncheck by default the boxes that make MSN.com the home page and Live Search the default search engine. You said that users should be in control of their settings and that they should give their explicit, I repeat, their explicit permission. Well, at least Windows Live Installer allows you to choose if you want Live Search to be your default search provider and MSN.com to be your default homepage. But, does it "explicitly ask for permission"? In my opinion no. Having two checkboxes that are checked by default, knowing full well that most users will simply click passed them, is not explicit consent. Is it? Explicit means that I choose, not that the choice is made for me and if I happen to glance at it and notice it and I can explicitly reverse it. You want explicit consent, not just the ability to explicitly change a previous by default granted consent by the Live Installer.

    Please pass this feedback to the Windows Live group. Too bad of them. What do you think?

  19. Chris Quirke says:

    Well done – it’s about time it was made easier for users to kick the ass of pushy software.

    Yes, once malware runs, it can "do anything" – but as malware so often gets to run, I don’t believe it is pointless in facilitating user control over what software (mal- or otheriwse) can do.

    Getting to be the duhfault search engine is often an objective of unwanted software, so raising the bar is a good idea.  Much of this software is considered legit, but if it escalates to evade this new feature, it becomes visibly less so – which may ease the burden of proof when litigating or prosecuting cases against pushy software vendors.

  20. Why cant Internet explorer can incorporate synonyms options (right click above any word and get different synonyms)which is established in microsoft word????????????

  21. actualites says:

    I think it will be not clear enough for IE8 newbie. It should be more friendly.

  22. IEBlog says:

    Today we’re excited to release the final build of Internet Explorer 8 in 25 languages. IE8 makes what

  23. Shane says:

    @Wednesday, March 04, 2009 1:26 PM by Anon

    Very good point. The live suite is a major culprit at this.

    "Some don’t ask clearly, and change your setting without you noticing the change before it happens. We believe this is not a good thing – a program should never change a user’s setting without their unambiguous consent."

    Please pass this info on to the Live/MSN team.

    Although I suspect they will just update their installer to change both the previous and new search provider in the registry such that IE doesn’t detect the change. Meaning this feature will be pretty useless.

  24. EricLaw [MSFT] says:

    @Shane: Simply changing both the "previous" and "new" search provider in the registry will not work, as these settings are protected.  Software which attempts to circumvent search provider protection is considered malware and may be blocked by Windows Defender.

    @Rejesh cyriac: That sounds like a great suggestion for an IE Accelerator.  A thesaurus/dictionary site could easily offer such an accelerator.

Skip to main content