What are ActiveX Controls?
ActiveX controls are insertable COM objects developed using the Microsoft ActiveX technology. These controls enable Web developers to enhance the functionality and interactivity of their Web pages. For instance, an ActiveX download control can be used in multiple Web sites to incorporate file download functionality within them. You can also download various free and paid ActiveX controls to incorporate features that enable you to perform tasks such as playing Flash files, opening PDF documents, and even carrying out credit card transactions.
What is the problem with ActiveX controls?
ActiveX controls were first introduced by Microsoft as COM objects. These controls were used to develop programmable software components that were included within Windows applications to simplify the process of designing user interface. The components where programmed to compile using native instructions and were allowed to call the Win32 API of the operating system on which they were executed.
Over the years, the use of ActiveX control objects in Web development gained popularity. With this, users could now download ActiveX controls from Internet Explorer on their computers. However, Internet Explorer does not have any method to sandbox the codes that are run by ActiveX controls. Sandbox is a mechanism that isolates untested codes so that they are safe to run. Therefore, ActiveX controls integrate completely with your Windows system, compile using native instructions, and can freely call Win32 APIs that have the same permissions as the user currently logged on to the system. Due to this security vulnerability, you are always at risk of an ActiveX download that contains malicious code.
What can users do?
Almost all ActiveX problems are due to inherent faults in its basic architecture. Therefore, the best way to keep your PC safe from malicious ActiveX controls is to be a vigilant user.
First and foremost, modify the Internet Explorer security settings to specify how you want it to handle ActiveX requests. For this, in the Internet Explorer window, open the Tools menu and select the Security tab. Here, select Custom Level and modify the ActiveX configuration according to your requirements.
You must also configure the security settings of your e-mail program to stop it from downloading and executing unauthorized ActiveX controls on your system.
Many malicious programs, such as viruses and spyware, may also make use of the security lapses of ActiveX controls to download to your system. To prevent this, you must install a reliable antivirus and anti-spyware program on your system. Keep the software updated with latest virus definitions and regularly run scans to stop and remove malware from your PC.
To effectively counter ActiveX risks, you may also install a reliable registry cleaner on your system. A good registry cleaner helps you scan the system registry for malicious or corrupt ActiveX entries and remove them.
ActiveX controls are a benefit for Web developers because they make it easy to develop interactive Web sites with number of different user-friendly functionalities. Despite their numerous uses, ActiveX controls are also a bane for users. Security lapses in their basic architecture, open up user systems to malicious programs and hackers. There is no way to fix this issue. Only thing that you can do is to configure the security settings in your firewall, Internet Explorer, and Outlook to prevent malicious ActiveX programs from downloading on your PC. You must also regularly run antivirus and registry scans to find and remove malicious ActiveX programs from your system and registry.