Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

The Dangers of ActiveX

Friday, February 9th, 2007 by | Filed Under: Security Help
 
Loading...


The Dangers of ActiveX

ActiveX is a set of controls created by Microsoft that allows a user to interact with and run compatible applications over the Internet. Similar to the popular Java Applet, ActiveX is a useful tool in many ways and is being used on the Web more than ever, in order to bring interactive content to Web sites. Unfortunately, this is also a great avenue of attack for hackers, once again proving that with everything worth while on the Web, there has to be someone that comes along and screws it up for all of us.

To be more specific, ActiveX runs little bits of code that can install small compatible programs to your system, which allows for interactive content, such as spreadsheets, calculators, etc. This code (or script) is also the reason why this is such a danger when it’s in the wrong hands.

ActiveX has great potential to be hacked and let uninvited malicious code into you system. Whether it’s the loss of data or the transformation of your PC into a zombie on a botnet, the outcome is something you would rather not deal with, I’m sure.

With the more wide use of ActiveX controls on an ever growing number of Web sites, it should come as no surprise that ActiveX based attacks would become more prevalent. Unfortunately though, what is happening is almost an epidemic. Symantec, the creators of the world famous Norton Antivirus utility, described in an article earlier in the year, how these ActiveX attaches are growing at an alarming rate. For the past four years, leading up to 2006, the amount of ActiveX vulnerabilities was relatively low, with under 20 a year. In 2006 however, we see this number skyrocket to 50 vulnerabilities, which more than doubles the prior years of study.

An alarming fact in its own right, but after further investigation, Symantec found that the number of attaches actually increased the greatest in the second half of 2006. Twelve ActiveX vulnerabilities were found in the first six months and 36 where found in the second six months of the same year.

This information tells me that 2007 is going to be a whole new ball game with ActiveX vulnerabilities, with the head of the prominent attacks waged on online PCs.

In order to protect yourself, there are security settings you can modify that will change the way your Web browser interacts with these ActiveX programs. The recommendations below will do wonders for protecting your system from these types of attacks.

1.) First of all, you should have you browser set to not allow ActiveX content from sources that aren’t marked as safe for scripting. You can find the ActiveX options in Internet Explorer by going to Tools, Options and clicking on the Security tab. Scroll down a little until you see the title of “ActiveX.” Under this heading, there are several options to disable, enable or prompt (along with some other options) aspects of your ActiveX controls. Go through this list and choose everything to prompt, except for the things that are not digitally signed or not marked as safe. Basically, try not to let anything from these services to just run on their own.

2.) Users should not link out or follow links to unknown or unsecured Web sites that use ActiveX controls.

3.) You should also run your Web browser with the minimum amount of permissions necessary (The program called Drop My Rights may help with this), in order to stop any script from running with administrator rights.

These guidelines will help keep you and your system safe against most ActiveX vulnerabilities, but there is one thing, however, that you don’t want to overlook. A lot of companies are creating their own ActiveX utilizing applications and these manufacturers may be overlooked when you are updating your system, possibly letting an important ActiveX vulnerability slip through the cracks.

Well, Symantec has also thought about this and they have a program called the ActiveX Control Cleanup Tool. This application will scan your PC, looking for out of date ActiveX content and it will let you know how to update them. It’s a great tool to implement when you are cleaning and scanning your PC, which can help you stay one step ahead of the hackers!

Until next week, stay safe out there.

~ Chad Stelnicki

Leave a Reply


Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive


Categories:
Archives: