Dealing with ActiveX, other potentially dangerous embeds?

Discussion in 'Computer Security' started by Marty Ross, Aug 29, 2003.

  1. Marty Ross

    Marty Ross Guest

    Of those security-minded folks out there that *DO* choose to use MS/IE, how
    do you deal with ActiveX or other potentially dangerous embeds in internet

    Realizing that each time I choose to allow an ActiveX object to run, I'm
    giving it complete control to do whatever it wants to my entire system, I've
    recently become paranoid: how come there haven't been MAJOR viruses released
    via active X objects? Does anybody really "trust" the authenticode system?
    Does "certification" really deliver on it's promise (e.g., I don't know who
    a GREAT majority of these companies that have supposedly "promised this
    content is safe", so I feel it effectively doesn't make a difference whether
    objects are certificated or not -- "I push the buttons and I takes my

    For that matter -- do y'all place any more trust in Java (or other) objects
    embedded in web pages?

    It seems to me it's plain out mutually exclusive -- **EITHER** I:

    (1) allow myself to trust the universe (or spend a time investigating who I
    think I'm talking to for each individual web transaction), accept the real
    risks involved, and enjoy the fruits of sophisticated ActiveX/Java/whatever
    objects (such as streaming media, other interactivity, etc.)

    (2) restict myself totally from all "active" content -- especially the
    potentially more dangerous variety (such as ActiveX), yet remain a "hermit"
    with respect to participating in much of the neat stuff that's out there,
    much of it served up using these potentially dangerous technologies

    Does anyone share my view on "the state of the art" with regard to security
    from viruses and/or hijacking while using the internet, or is there some
    middleground where I can be safe *and* enjoy the latest-and-greatest at the
    same time?

    What sorts of disciplines do y'all follow to honor your own personal
    appetite/comfort level?

    - Security Newbie
    Marty Ross, Aug 29, 2003
    1. Advertisements

  2. Marty Ross

    mto Guest

    The general consensus seems to be the same as dealing with ports - if you
    don't need it right this minute, shut it off.

    As far as using ActiveX I allow just one X-control - the one that has to be
    active to use Windows Update. And even then, ActiveX is turned off unless I
    am actively updating Windows.
    In a pig's eye. You might recall the incident a couple of years back when
    someone managed to make off with a couple of secure server certificates
    claiming to be Microsoft - but they weren't.
    Safe for whom? Safe how? - as in safe it won't break your machine or safe
    it won't violate your privacy/use your phone/etc.?
    Of the bunch of them, I trust Java more than any other. (I am a web
    developer BTW.) Note, however, that javascript in my opinion can be one of
    the most dangerous. Recently I've even seen malware distributed using an
    image tag :(

    Innocent till proven guilty may be the rule in court - but not when it comes
    to my machine. Trust NOTHING implicitly.
    Too many nasties out there to trust - kind of like going to downtown Dodge
    on Saturday night without your six-shooter. Investigating websites? You
    will never get anything done - and God himself can't guarantee you that who
    they say they are is real.
    Nope, you don't have to withdraw completely - just be selective. Keep your
    security settings as high as possible and turn off absolutely everything
    unless you need it. (Zone Alarm Pro helps there because you can allow
    cookies/scripts/java on a site-by-site basis). When you come across
    something you want turn only what you need back on just long enough to
    indulge. Get AdAware and Spybot Search & Destroy and use them. Make sure
    that you have NO trusted sites.

    Alternatively buy a Mac. If I didn't have to replace thousands of dollars
    in programming to do so, you can bet your last dime I wouldn't be running
    Windows anything.
    mto, Aug 30, 2003
    1. Advertisements

  3. ActiveX is filtered out at the firewall proxy. Because of that I can't
    activate MS Reader on my PocketPC, so be it. I have acrobat reader on it.

    If I had it my way, javascript would all be filtered out as well.

    John Veldhuis, Sep 8, 2003
  4. Marty Ross

    mto Guest

    Easy enough. Turn off scripting under Tools/Options. Or install Zone Alarm
    PRO which will disrupt it on its way in the door from the source. Or both.
    mto, Sep 8, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.