PDA

View Full Version : How do IE users get hacked easily?



May1911
04-07-2005, 07:37 PM
I hear people say using IE is not safe because of Active X controls.
I repeat the same to other people although admittedly I don't really know a thing as to why it is unsafe. Could you tell me the "way/mechanism" of this leak in security made when using IE in particular or any other browsers which have ActiveX controls implemented in general ?

Paleo Pete
04-08-2005, 10:01 AM
What is ActiveX (http://www.active-x.com/articles/whatis.htm)
Security Tradeoffs (http://www.cs.princeton.edu/sip/java-vs-activex.html) NOTE: This was posted in 1997, TOTALLY IGNORE the paragraph titled "How worried should I be>" BE PLENTY WORRIED...the bottom feeders of the programming world have been writing malicious code exploiting ActiveX quite extensively since then. I posted the article because it has pretty good info concerning the security issues, but that one statement is now completely erroneous. ActiveX is now the greatest security risk I know of., due to its ability to install software without user interaction. Just viewing a webpage can install spyware and you never know it. Again...BE WORRIED...and switch to Firefox browser...

Just one of the Security Alerts (http://www.us-cert.gov/cas/techalerts/TA05-012B.html) related to ActiveX.
The CERT Homepage (http://www.us-cert.gov/) is good reading, and has some excellent security tips.

In general, Java and ActiveX both have some security problems, the Java risks being mostly minimal. ActiveX is probably the greatest security risk out there today, and I have thought (and made my opinion known...loudly..) for some time that Microsoft has turned a blind eye to Internet Security for a long time by keeping ActiveX enabled by default in their browser and email programs.

IE 4 used ActiveX, in a matter of months it was being used to install viruses, hordes of 'em, and M$ did nothing. It's still being done right now. That was 1996 or so, ActiveX is STILL enabled by default today after 100,000 viruses or more have exploited it, dozens of spyware programs, trojans, etc and M$ has still not seen sufficient reason to DISABLE THIS GARBAGE...IE 6 right now still has ActiveX enabled by default, ready to download and install viruses, spyware, trojans and browser hijackers. And M$ claims to be concerned about your security...Yeah right... :rolleyes:

If you really want to see what a problem it is, read through the Applications and Security section of the forums (this one). All those Hijack This logs have been posted primarily due to ActiveX installing whatever is embedded in webpages and software without ASKING FIRST...The other risk is downloaded software, like screensavers, games, and especially P2P file sharing programs that have malicious software embedded in them. READ THE EULA...

hockey man
04-08-2005, 11:50 AM
how can i dissable active x?

Steve
04-08-2005, 01:48 PM
I think the best way is to start using Firefox (http://www.mozilla.org/products/firefox/all.html) as your browser and use IE only for getting Windows updates. Firefox doesn't use active x.

Other than that, in IE you can click on Tools > Internet Options > Security >Custom Level and disable active x there.

CptFarlow
04-08-2005, 11:18 PM
When you download Firefox...get the Adblock extension...it rocks!

FastLearner
04-14-2005, 11:30 AM
how can i dissable active x?

see http://www1.spywareinfo.com/articles/hijacked/prevent.php