Taming Internet Explorer Browser Plug-Ins
Security Fix has often lamented the lack of decent point-and-click software tools to help Microsoft Internet Explorer Web browser users kill insecure "ActiveX controls," plug-ins for IE that have traditionally been among the biggest avenues of attack from spyware and adware. That's why I'm pleased to call attention to a free new tool called "AxBan," which helps neuter insecure ActiveX plug-ins installed by some of the most widely used third-party software applications.
ActiveX is a Microsoft creation woven into both IE and the Windows operating system. It was designed to allow Web sites to develop interactive, multimedia-rich pages. However, such powerful features rarely ever come without security trade-offs.
Poorly designed ActiveX controls can be an extremely potent weapon for cyber crooks, since most ActiveX controls distributed with third party software are marked "safe for scripting." This means that they will run when invoked and without requiring the user's permission. As a result, any Web page can use the control and its methods, which in many cases includes the ability to download and execute potentially hostile code.
Not only are ActiveX vulnerabilities frequently targeted by hackers, they are among the most common browser-related vulnerabilities. In its latest Internet Security Threat Report, Symantec documented some 239 new vulnerabilities in Web browser plug-ins. Plug-ins for Adobe Acrobat, Flash, Java, Mozilla Firefox, QuickTime and Windows media player made up 21 percent of those, while the rest were all ActiveX related vulnerabilities.
While it is true that IE7 includes some extra security protections to prevent the automatic downloading of ActiveX controls, IE7 does nothing to prevent the execution or manipulation of ActiveX controls already installed by third-party software programs like Adobe Reader, QuickTime, iTunes, Java, and Flash, to name just a few. In my experience, tons of programs - from printer software to media players and social-networking site plug-ins - install their own ActiveX controls, but most people who have those controls installed would never miss them if they were removed or deactivated.
The 1.5 Beta version of the AxBan, developed by Errata Security, is available from this link here. When you start the program, it will warn you that using AxBan changes the system registry and to proceed at your own risk. I've used this program on at least four systems now with no ill-effects, and the chances that this will actually mess up your system are pretty close to nil, as the changes are slight.
When the main program window opens, click on the "ActiveX" tab to see which ActiveX plug-ins you have installed - those installed and activated will be listed in red. Click the "Killbit" button to deactivate those ActiveX controls. If you need to reactive them in the future for any reason, you can always restart the program, highlight the programs in question, and select the "Unkillbit Selected" button.
The latest AxBan version is decent, but it certainly has room to grow, as it currently only lists a tiny fraction of the total known, faulty or potentially dangerous ActiveX controls. To its credit, however, Errata has included an update feature, which should check for new ActiveX threats the company may have flagged since the user's last scan.
| June 27, 2008; 6:00 PM ET
Categories: From the Bunker, Latest Warnings, Safety Tips
Save & Share: Previous: Free Tools to Secure Your Web Site
Next: Data Breach Reports Up 69 Percent in 2008
Posted by: Rosie | June 27, 2008 7:41 PM | Report abuse
Posted by: The Dean | June 27, 2008 9:08 PM | Report abuse
Posted by: TJ | June 27, 2008 9:59 PM | Report abuse
Posted by: sarina | June 28, 2008 8:10 PM | Report abuse
Posted by: Bk | June 28, 2008 10:58 PM | Report abuse
Posted by: Ninho | June 29, 2008 5:35 AM | Report abuse
Posted by: Al | June 29, 2008 4:17 PM | Report abuse
Posted by: Galvin | June 29, 2008 6:03 PM | Report abuse
Posted by: Aggie60 | June 30, 2008 12:16 AM | Report abuse
Posted by: TJ | June 30, 2008 7:59 AM | Report abuse
The comments to this entry are closed.