使用\\ ApprovedExtensionsMigration \\启用Auto-BHO是否安全？

Question

I'm in the process of looking into auto-enabling an IE9 toolbar so the user does not need to click the enable button, and I noticed another company used the following method.

1. Delete the registry key HKCU\\Software\\Microsoft\\Internet Explorer\\ApprovedExtensionsMigration\\
2. Create a new key under HKCU\\Software\\Microsoft\\Internet Explorer\\ApprovedExtensionsMigration\\
3. Add my toolbar's CLSID string value HKCU\\Software\\Microsoft\\Internet Explorer\\ApprovedExtensionsMigration{XXXXXXX....-XXXX}

x. Internet Explorer 9 automatically enables my toolbar and proceeds as if the user had clicked enable.

I have not found any documentation for this method, but I believe the way this works is Internet Explorer 9 believes the toolbar is going from IE8->IE9, and enables the toolbar. Should this method be considered unsafe for use (too hacky and will instantly get flagged by anti-virus), or is this considered a valid way of auto-enabling a toolbar?

Also, does anyone know if this method works in Internet Explorer 10?

Answer 1

Can't find any resources about this method. Viruses will use this method for sure (see http://www.threatexpert.com/report.aspx?md5=bde1312b225ad987b57b1dbef0885817 which is an identified virus that do exactly that), but since this registry is deleted (or at least the Time Stamp value is changed) in legitimate scenarios, it is possible that anti-viruses will not freak out, as they don't want to create false positives.

Regardless, what you are trying to do feels bad.

Also you should consider other users on the machine (not currently logged in).