The Dangers of ActiveX
ActiveX is a set of controls created by Microsoft that allows a user to interact with and run compatible applications over the Internet. Similar to the popular Java Applet, ActiveX is a useful tool in many ways and is being used on the Web more than ever, in order to bring interactive content to Web sites. Unfortunately, this is also a great avenue of attack for hackers, once again proving that with everything worth while on the Web, there has to be someone that comes along and screws it up for all of us.
To be more specific, ActiveX runs little bits of code that can install small compatible programs to your system, which allows for interactive content, such as spreadsheets, calculators, etc. This code (or script) is also the reason why this is such a danger when it’s in the wrong hands.
ActiveX has great potential to be hacked and let uninvited malicious code into you system. Whether it’s the loss of data or the transformation of your PC into a zombie on a botnet, the outcome is something you would rather not deal with, I’m sure.
With the more wide use of ActiveX controls on an ever growing number of Web sites, it should come as no surprise that ActiveX based attacks would become more prevalent. Unfortunately though, what is happening is almost an epidemic. Symantec, the creators of the world famous Norton Antivirus utility, described in an article earlier in the year, how these ActiveX attaches are growing at an alarming rate. For the past four years, leading up to 2006, the amount of ActiveX vulnerabilities was relatively low, with under 20 a year. In 2006 however, we see this number skyrocket to 50 vulnerabilities, which more than doubles the prior years of study.
An alarming fact in its own right, but after further investigation, Symantec found that the number of attaches actually increased the greatest in the second half of 2006. Twelve ActiveX vulnerabilities were found in the first six months and 36 where found in the second six months of the same year.
This information tells me that 2007 is going to be a whole new ball game with ActiveX vulnerabilities, with the head of the prominent attacks waged on online PCs.
In order to protect yourself, there are security settings you can modify that will change the way your Web browser interacts with these ActiveX programs. The recommendations below will do wonders for protecting your system from these types of attacks.
1.) First of all, you should have you browser set to not allow ActiveX content from sources that aren’t marked as safe for scripting. You can find the ActiveX options in Internet Explorer by going to Tools, Options and clicking on the Security tab. Scroll down a little until you see the title of “ActiveX.” Under this heading, there are several options to disable, enable or prompt (along with some other options) aspects of your ActiveX controls. Go through this list and choose everything to prompt, except for the things that are not digitally signed or not marked as safe. Basically, try not to let anything from these services to just run on their own.
2.) Users should not link out or follow links to unknown or unsecured Web sites that use ActiveX controls.
3.) You should also run your Web browser with the minimum amount of permissions necessary (The program called Drop My Rights may help with this), in order to stop any script from running with administrator rights.
These guidelines will help keep you and your system safe against most ActiveX vulnerabilities, but there is one thing, however, that you don’t want to overlook. A lot of companies are creating their own ActiveX utilizing applications and these manufacturers may be overlooked when you are updating your system, possibly letting an important ActiveX vulnerability slip through the cracks.
Well, Symantec has also thought about this and they have a program called the ActiveX Control Cleanup Tool. This application will scan your PC, looking for out of date ActiveX content and it will let you know how to update them. It’s a great tool to implement when you are cleaning and scanning your PC, which can help you stay one step ahead of the hackers!
Until next week, stay safe out there.
~ Chad Stelnicki