Hacking the Internet user:Malicious mobile code
Microsoft ActiveX (Active X controls have the file extension.ocx)
- similar to OLE let an object be embedded in a page using the <object> tag
- When IE finds a page with a control, it checks the Registry to find out if the control is available, if it is IE displays the page and runs the control
- If it is not, IE uses Authenticode to check the author (Verisign role) and download the control. Finally IE displays the page and runs the control
- “Safe for Scripting”: Authenticode is not used with these controls, malicious Web sites may explore as a vulnerability. Easy to mark as such. Countermeasures:
- apply patches for Scriptlet/Eyedog and OUA (Office 2000 UA).
- Set macro protection to High in Tool/Macro menu in Office.
- restrict or disable ActiveX, using security zones
- Using security zones: IE has five predefined zones: Internet, Local Intranet, Trusted Sites, Restricted Sites, and My Computer.