Errata Security offers freebie ActiveX 'killbit' tool for users
Researchers at Errata Security are offering a free tool for users that protects them from the wave of malicious ActiveX controls plaguing Internet Explorer browsers.
Errata created the tool, called AxBan, as a more user-friendly alternative to Microsoft’s method for stopping an ActiveX control from running in Explorer. AxBan basically runs in the background, so rather than having to manually configure ActiveX control protection (or deactivate ActiveX altogether), AxBan handles the malicious ActiveX controls automatically.
“We just keep seeing more and more ActiveX exploits on sites like” milw0rm, says David Maynor, CTO of Errata. AxBan will be available for download on Errata's site later today. It's offering the beta version now.
ActiveX controls typically keep a low profile on the user’s machine, and can be used to execute more targeted attacks. “Users may not even know they have these bad controls installed, and the result is that drive-by malware installs can take advantage of these,” he says.
AxBan basically provides users with a list of known ActiveX controls on their system. "It marks those known to be bad," and the user clicks on the "killbit" to prevent it from running in the browser, says Robert Graham, CEO of Errata.
One of the more high-profile examples of a malicious ActiveX control is a milw0rm exploit created for recently revealed vulnerabilities in HP Update, HP’s software update tool for PCs, printers, and scanners. The ActiveX flaws -- which HP since has patched -- could trick a user into visiting a malicious Website, as well as allow an attacker to grab system and OS information, according to a Secunia advisory that ranked the bug as “highly critical.”
Meanwhile, Errata plans to regularly update AxBan with new ActiveX control threats, Graham says.
"We don't write a vulnerability scanner for your system. We write tools you can use to see 'how secure is my system?'" Graham says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Microsoft Corp. (Nasdaq: MSFT)
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024