ActiveX is a software module that emerged from Microsoft’s Component Object Model (COM) and Object Linking and Embedding (OLE) technologies.  In 1996, Microsoft took OLE 2.0 and renamed it ActiveX.  While the primary role of OLE is to manage documents that utilize multi-media, it also is capable of transferring data between applications.  Embedding information is common practice for web designers and these components are frequently found on Internet sites especially those rich in multi-media content.   Web pages utilizing ActiveX function in a similar fashion to server-based applications and behave like standard executable programs.  Conceptually, they are like Java applets and share similar implementation characteristics. 

ActiveX components can easily blend in and can offer a variety of functionality to programs. They can be used by several applications on a computer or shared on a network.  While these components can be utilized for common operating tasks by Macintosh and Microsoft systems, they are most often downloaded and used by web pages for animation displays, for programmatic tasks, or to augment UI functions so as to include items such as spreadsheets, toolbars and similar components.

The Risk

With today’s standards and common practices, most web browser configurations notify and prompt the user prior to the download of an ActiveX control.  This can be a difficult choice if there is no guarantee or indication as to the function of the component and the requirement of the web page.  Once the user accepts and the component is downloaded, considerable latitude is achieved – the ActiveX control now has the same privileges as the user.  This poses security risks that including reading from, and writing to, the registry; manipulation of the user’s local file system; and alteration of security rights.

While there are legitimate uses that provide visual display of web content or can functionally enhance the system, there are ActiveX components designed in such a way as to bring about significant malicious and damaging affects.  ActiveX technology has been a handy an efficient vehicle for spyware/adware distribution, as well as activation and even propagation of malware.  Programmers can embed spyware, Trojan horses, and virus infections to create rogue Active X technology. 

A typical scenario would involve surfing to a site to play a game online.  When coming to a site, the user is presented with a message stating that a download is required.  In many instances, an ActiveX installation is required.  In some cases, this is accompanied by a security warning dialog and possibly even a privacy policy, and typically, the expected outcome results.  However, there are other outcomes where the results are not expected and certainly are undesirable.  Some installations of ActiveX lead to a dialog prompt stating access to a web site is required.  After enabling the connection, installations are initiated and icons are generated in the system tray.  Now, the user begins to get pop-up and pop-under advertisements that generate repeatedly and cannot be turned off without removal of the unwanted software and distributed elements.  By displaying traffic logs, we could see that certain http connections to the makers of adware exist and are actually proliferating.  Removal is not straight-forward as standard uninstall procedures fail to remove the problem.

Prevention?

Security depends on best practices and proper judgment.  The challenge lies in the inability to preview the outcome of accepting ActiveX downloads on your system.  While some ActiveX installs include digital signatures from authors of the program, this can be a false sense of security unless knowledge and trust of the author is established in advance.

One recent concern involves the designation of “Safe for Scripting” components.  This has been used in several worm virus attacks.  Microsoft warns designers that marking the ActiveX control safe for scripting leaves the control vulnerable to manipulation.  In these situations, an attacker can repurpose the control for their own use.  Another main concern is that the wide majority of ActiveX components are not digitally signed due to expense and the technical nature of this process.  In many cases, users have limited knowledge of the authors of digitally signed Active X programs.

With the growing need for Active X on many of today’s web sites, it is more than likely that malicious activity will increase.  While good judgment is always recommended, it cannot in all cases provide coverage against all spyware and adware attacks.  While some of these attacks can be mere annoyances, others can be severe and can result in damage or degradation of the system, loss of confidential information, and loss of money.  One such example of a costly spyware attack that utilizes Active X is referred to as a “dialer”.  A dialer makes long-distance calls via the computer’s connection to a modem or ADSL without triggering or displaying any alerts.

Solutions

While avoiding downloads altogether, using caution when surfing the Internet, and using best judgment practices are viable means of prevention, there is no guarantee that all unwanted items are kept from being downloaded to your system.  A thorough and effective tool that can detect and remove malware infections is also essential.  We recommend using RegCure as it has the highest detection rate and scanning speed amongst all the other registry cleaners.