Free 'AxBan' Tool Kills Bad ActiveX Controls

Errata Security offers freebie ActiveX 'killbit' tool for users

Researchers at Errata Security are offering a free tool for users that protects them from the wave of malicious ActiveX controls plaguing Internet Explorer browsers.

Errata created the tool, called AxBan, as a more user-friendly alternative to Microsoft’s method for stopping an ActiveX control from running in Explorer. AxBan basically runs in the background, so rather than having to manually configure ActiveX control protection (or deactivate ActiveX altogether), AxBan handles the malicious ActiveX controls automatically.

“We just keep seeing more and more ActiveX exploits on sites like” milw0rm, says David Maynor, CTO of Errata. AxBan will be available for download on Errata's site later today. It's offering the beta version now.

ActiveX controls typically keep a low profile on the user’s machine, and can be used to execute more targeted attacks. “Users may not even know they have these bad controls installed, and the result is that drive-by malware installs can take advantage of these,” he says.

AxBan basically provides users with a list of known ActiveX controls on their system. "It marks those known to be bad," and the user clicks on the "killbit" to prevent it from running in the browser, says Robert Graham, CEO of Errata.

One of the more high-profile examples of a malicious ActiveX control is a milw0rm exploit created for recently revealed vulnerabilities in HP Update, HP’s software update tool for PCs, printers, and scanners. The ActiveX flaws -- which HP since has patched -- could trick a user into visiting a malicious Website, as well as allow an attacker to grab system and OS information, according to a Secunia advisory that ranked the bug as “highly critical.”

Meanwhile, Errata plans to regularly update AxBan with new ActiveX control threats, Graham says.

"We don't write a vulnerability scanner for your system. We write tools you can use to see 'how secure is my system?'" Graham says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights