Friday, March 21, 2008

IE ActiveX Security 101

Now it is the time to open the books and read about how we can achieve a safe browsing experiment in a time when you can’t trust any site you visit on the Internet. If you depend on your antivirus alone to stop all of those invaders. You’ll be another addition to the “False Sense of Security believers” List.

Recently we’ve faced a lot of aggressive attacks against vulnerable systems, which exploit the following ActiveX vulnerabilities:

Baofeng Storm ActiveX
Ourgame GLChat ActiveX
Qvod Player ActiveX
Microsoft RDS.Dataspace ActiveX
RealPlayer playlist ActiveX
Storm Player ActiveX
Microsoft Windows WebViewFolderIcon ActiveX
Xunlei Thunder DapPlayer ActiveX

Leaving your windows machines unpatched till that time is a shame, besides also running insecure browsers or let me say it better, “Browsers with insecure settings” is a big mistake nowadays where every single malware writer will use this point in his side because the next layer he needs to exploit, is the weak link; humans.

So as a system admin, you should make sure no user during your watch works with any vulnerable browser. For achieving a good and secure configuration, I’ll show you the recommended IE ActiveX related settings that could leave you insecure if it’s not done the secure way.

click to enlarge the image:

Usually disabling everything will break many features which make browsing as “drinking a glass of bitter lemonade”. Thanks for IE “Trusted Sites security zone”, which as the name says, we use to put the trusted sites inside it and we’ll authorize any script or ActiveX to be downloaded and run. You can use “Internet Explorer 5 Power Tweaks Web Accessory” from Microsoft; this tool will add a menu choice "Add to Trusted Zone" to the tools menu of Internet Explorer.

100% Safe Browsing … is it a dream? What do you think?