Curtailing the range of Active-X..

Hi malware fighters,

The possibilities and vulnerabilities of Active-X can lead to backdoors inside your OS.
The trouble here is that in Windows XP computers with Service Pack 2 installed, for example, Internet Explorer allows Web sites to download software to the user’s machine via Active-X controls that are marked “safe for scripting.” This means that any Web page can use the control and its methods, which in many cases includes the ability to download and execute potentially hostile code.

Well, let’s just fix that policy problem then, shall we?
http://www.helpwithwindows.com/techfiles/ie-sp2-surf-safe.html

Why Active-X? Because it’s probably one of the most prevalent software-based back doors in existence today. Active-X is a powerful Microsoft creation that is designed to interact with the Internet Explorer Web browser and allow Web sites to develop interactive, multimedia-rich pages. Plenty of hardware and software vendors ship various Active-X controls with their products that are designed to either enhance the user experience or help with remote troubleshooting.

In its latest Internet Security Threat Report, Symantec documented some 239 new vulnerabilities in Web browser plug-ins. Plug-ins for Adobe Acrobat, Flash, Java, Mozilla Firefox, QuickTime and Windows media player made up 21 percent of those, while the rest were all Active-X related vulnerabilities.

From that report:

"Symantec has also during 2007 detected zero-day exploitation of many Active-X vulnerabilities in the wild, including vulnerabilities in GlobalLink, Real Networks RealPlayer, and SSReader Ultra Star Reader. A significant ActiveX vulnerability was also discovered in December 2007 that affected many HP laptops."

Interestingly, Symantec itself just this week pushed out updates to fix two critical ActiveX flaws present in its Norton Internet Security 2008 software suite (both were marked safe for scripting).

Security patches Microsoft released recently addressed three critical Active-X vulnerabilities, including two faulty ActiveX controls in Yahoo! Jukebox (at Yahoo’s request).

Microsoft is now saying they’ll happily nix any third-party Active-X controls as part of their monthly patch release for vendors who request it, as did Yahoo! in yesterday’s patch batch from Redmond.
That idea is to build a tool that will systematically scan a Windows machine for all of the Active-X plug-ins that are installed on the machine.

An excellent software tool I we have recommended and used on numerous occasions – HijackThis! – can help users find and deactivate many Active-X controls.

But HijackThis! appears to only show Active-X controls that have been downloaded from Web pages and not Active-X controls that may have been installed as part of software package or pre-installed by the computer manufacturer.

Then have you already tried…?
http://www.nirsoft.net/utils/axhelper.html

polonus

One of the main reasons to abandon Internet Explorer and use other browser like Opera or Firefox.