Researchers at Errata Security are offering a free tool for users that protects them from the wave of malicious ActiveX controls plaguing Internet Explorer browsers.
Errata created the tool, called AxBan, as a more user-friendly alternative to Microsofts method for stopping an ActiveX control from running in Explorer. AxBan basically runs in the background, so rather than having to manually configure ActiveX control protection (or deactivate ActiveX altogether), AxBan handles the malicious ActiveX controls automatically.
We just keep seeing more and more ActiveX exploits on sites like milw0rm, says David Maynor, CTO of Errata. AxBan will be available for download on Errata's site later today. It's offering the beta version now.
ActiveX controls typically keep a low profile on the users machine, and can be used to execute more targeted attacks. Users may not even know they have these bad controls installed, and the result is that drive-by malware installs can take advantage of these, he says.
AxBan basically provides users with a list of known ActiveX controls on their system. "It marks those known to be bad," and the user clicks on the "killbit" to prevent it from running in the browser, says Robert Graham, CEO of Errata.
One of the more high-profile examples of a malicious ActiveX control is a milw0rm exploit created for recently revealed vulnerabilities in HP Update, HPs software update tool for PCs, printers, and scanners. The ActiveX flaws -- which HP since has patched -- could trick a user into visiting a malicious Website, as well as allow an attacker to grab system and OS information, according to a Secunia advisory that ranked the bug as highly critical.
Meanwhile, Errata plans to regularly update AxBan with new ActiveX control threats, Graham says.
"We don't write a vulnerability scanner for your system. We write tools you can use to see 'how secure is my system?'" Graham says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.