There has been a number of security fixes applied to the Microsoft Internet Explorer browser. While several vulnerabilities have been associated with the browser, one of Internet Explorer’s biggest flaws is a technology known as Active X.
The Weakness of Active X
Active X is a Microsoft creation integrated into both the Internet Explorer browser and the Windows operating system itself. It is essentially a piece of object-orientated programming that allows users to view interactive multimedia content on a web page. As with many other Microsoft products, the features of Active X come with major consequences when considering the security trade-offs.
A poorly designed Active X control can be a very dangerous weapon for savvy Internet criminals, primarily because most of them are packed with third-party software and packaged as “safe for scripting.” This enables malicious content to run when an Active X control is invoked without a user’s knowledge
or permission. An individual could then take control of its ability, and more often than not, use it to download and execute malicious code.
Active X vulnerabilities are among the most commonly exploited security breaches of all web browsers, a computer hacker’s dream. In a recent Internet Security Threat Report, leading security software vendor Symantec listed well over 200 new vulnerabilities in plug-ins for web browsers. A small percentage of these add-on modules were for Adobe, Flash, Java, Firefox, QuickTime and Windows Media player; the majority was attributed to Active X.
Microsoft has gone great length to address vulnerabilities in the Internet Explorer browser. Despite the added security measures employed to prevent unauthorized downloading of Active X controls, the new Internet Explorer 7.0 has no way to stop the manipulation or execution of those currently installed by third-party programs. Some of the most common applications from printers and digital cameras to media players and blogging plug-ins often install their own Active X controls. However, the average user with these controls installed on their system would never know if they were deactivated or completely removed.
A phishing filter is one of the new features in Internet Explorer 7.0. While the settings can be configured, they come preset to restrict access to suspected phishing sites by default. It’s speculated that Version 8 will include a feature that will block access to sites known for hosting malicious software as well. Downloads would also be scanned for malicious code.
The Internet Explorer browser can be set to run on Windows Vista in Protected Mode. In this mode, the privileges of the browser are much more restricted, meaning it cannot make any significant changes within the system. Protected Mode also efficiently restricts the privileges of any third-party add-ons. The web browsing environment on the Vista platform is far more secure, as damage can be drastically limited even if the browser or add-ons are compromised.
Updates and patches for the Internet Explorer browser are frequently distributed and available through Windows automatic updates. While security patches will continue to be released for a wide range of Windows platforms, the most recent improvements have mainly been distributed for XP.