Errata Security offers freebie ActiveX 'killbit' tool for users
Researchers at Errata Security are offering a free tool for users that protects them from the wave of malicious ActiveX controls plaguing Internet Explorer browsers.
Errata created the tool, called AxBan, as a more user-friendly alternative to Microsoft’s method for stopping an ActiveX control from running in Explorer. AxBan basically runs in the background, so rather than having to manually configure ActiveX control protection (or deactivate ActiveX altogether), AxBan handles the malicious ActiveX controls automatically.
“We just keep seeing more and more ActiveX exploits on sites like” milw0rm, says David Maynor, CTO of Errata. AxBan will be available for download on Errata's site later today. It's offering the beta version now.
ActiveX controls typically keep a low profile on the user’s machine, and can be used to execute more targeted attacks. “Users may not even know they have these bad controls installed, and the result is that drive-by malware installs can take advantage of these,” he says.
AxBan basically provides users with a list of known ActiveX controls on their system. "It marks those known to be bad," and the user clicks on the "killbit" to prevent it from running in the browser, says Robert Graham, CEO of Errata.
One of the more high-profile examples of a malicious ActiveX control is a milw0rm exploit created for recently revealed vulnerabilities in HP Update, HP’s software update tool for PCs, printers, and scanners. The ActiveX flaws -- which HP since has patched -- could trick a user into visiting a malicious Website, as well as allow an attacker to grab system and OS information, according to a Secunia advisory that ranked the bug as “highly critical.”
Meanwhile, Errata plans to regularly update AxBan with new ActiveX control threats, Graham says.
"We don't write a vulnerability scanner for your system. We write tools you can use to see 'how secure is my system?'" Graham says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Microsoft Corp. (Nasdaq: MSFT)
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024