These two settings default to Prompt and Disable respectively. We looked breifly at the role code signing plays in the first article in this series.
These settings specify whether code being downloaded that does not have a certificate signed by a Trusted Certificate Authority such as Verisign, should be allowed to run. In this case, the settings refer specifically to ActiveX controls. Since ActiveX controls are binary files, it is a good idea to be careful when downloading unsigned ActiveX controls. Even so, typically I change the setting for downloading unsigned ActiveX controls to Prompt.
I've found that many valid developers choose not to sign their code. Disabling this setting has caused some valid sites to simply not work properly.
These setting default to Disable and Enable respectively and most users should go with the defaults. Web pages containing script like javascript can interact with and use interfaces in ActiveX controls. Some controls are considered safe and others unsafe. A developer can make the control safe by modifying the way the control is built during development. Using these default settings, if Internet Explorer determines a control has been programmed as a safe control, it will be allowed to interact with script. Otherwise it will be prevented. In some instances I change the first setting to Prompt if I'm having trouble with a control on a page.
This defaults to Enable which is best for most users. Changing this setting to Disable will not disable running all ActiveX controls. Controls which have been previously approved (use the "Manage add-ons" interface on the "Programs" tab to manage these controls--see Image1) will still run. All other controls will not.
That does it for the second section in custom security setting for the Internet Zone in Internet Explorer. In the next article, we'll look at how to understand and tweak the settings in the downloads section.