I get a lot of e-mails from Internet Explorer users asking why they still get pop-ups even though they have turned on the Pop-up Blocker. Barring user error, there are three possible reasons discussed below.
Note: I will discuss several Pop-up Blocker settings. These settings can be accessed from Tools->Pop-up Blocker->Pop-up Blocker Settings.
Reason: You clicked (or otherwise initiated a user action) on the page and your Pop-up Blocker Filter Level is set to Medium.
Discussion: When we wrote the specification for the Pop-up Blocker feature, one of our primary goals was to allow pop-up windows that were legitimately useful to the user. The only piece of information we have by default is “did the user click something which ultimately was the cause of this attempted pop-up?” This works great most of the time: bank sites, stock trade sites, merchandise ordering sites, etc. It also gives the bad guys an opportunity if they can trick you into visiting their site and then into clicking on something. To mitigate this we did two things: 1) we limit the number of pop-up windows that can be opened as the result of any given user initiated action to one, and 2) we added the High setting. When you set your Filter Level to High, we block all new windows, even those that result from user actions.
Solution: Set your Filter Level to High; make use of the Allow List and the override key (CTRL) to allow desired pop-ups.
Reason: You have spyware or other malware installed, either with or without your knowledge.
Discussion: There are a huge number of software packages which, once installed, drive revenue to their creators by constantly spawning pop-up windows. Sometimes they are installed on your computer by exploiting known security holes, sometimes they come hidden in other software packages that (may or may not) perform other useful functions. If you experience an avalanche of pop-ups, especially if you have not even launched Internet Explorer yet, then this is probably your issue. If you are simply experiencing the occasional one-off pop-up while browsing the web, then one of the other reasons is the likely culprit.
Solution: Acquire and use reputable anti-spyware software. Microsoft has a Beta version of Windows Defender available for download here. A few minutes spent researching on the web should lead you to several other popular packages as well. Keep your computer up-to-date with regard to the latest security patches by visiting Microsoft Update on a regular basis and enabling automatic downloads of security patches.
Reason: The web site is making use of a Pop-up Blocker unaware Active X control that provides a mechanism for opening a new Internet Explorer window.
Discussion: Active X controls, when you get right down to it, are just COM objects running in the Internet Explorer process. They can do anything that any other program running on your computer can do. Any control installed on your computer, even ones that come pre-installed before you get your computer home, can be instantiated and run by any website. If the control exposes a method that opens a new Internet Explorer window, then malicious web sites can use it to open unwanted pop-ups. For application and web site compatibility reasons we cannot intercept and block these; the control must opt-in to Pop-up management. We are working with other teams and providers to patch these as they are brought to our attention.
Solution: Use Tools->Manage Add-ons to disable suspect controls. When you visit a web site and get unwanted pop-ups, open Manage Add-ons and see what controls are currently loaded by Internet Explorer. Through process of elimination, you should be able to disable controls that are being used to open Pop-ups. This may cause legitimate sites to stop working correctly and you will need to re-enable the control when you want to use it. (A balloon tip and blocked-control icon will appear on the status bar in Internet Explorer when a control is blocked. You can click the icon to quickly access Manage Add-ons and re-enable the control.)
Furthermore, do not install Active X controls from sites you do not trust 100%.