Can one spot a bad ActiveX beforehand or does one only have to depend upon security apps to do it? | Talk it up | Forums

A A A

Please consider registering
guest

Log In Register

Register | Lost password?
Advanced Search:

— Forum Scope —



— Match —



— Forum Options —



 

Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Can one spot a bad ActiveX beforehand or does one only have to depend upon security apps to do it?
Topic Rating: 0 (0 votes) 
March 5, 2010
3:56 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline

Hi Smile

Years ago "Eureka" said Archimedes while bathing in a bathtub; years later I am enthused to say the same after surfing Google & Cnet! Archimedes of course subsequently did something which shocked his neighbours; Rest assured, I didn't Wink 

ActiveX is often poorly understood & ActiveX issues are often taken to be frightening things – like snakes for instance. I've often wondered if one can only depend upon security apps both for identifying as well as curing ActiveX issues. "Logic" told me it cannot be so but then "internet" did not tell me anything at all except for what ActiveX is. I trusted logic, dugged in my heels and………waited ………till now.

These are 2 apps which list out ActiveX – CLSID's, controls, components. I intuit that savvier dottechies can check that against online virus scanners like VirusTotal & prosper. I cite VirusTotal assuming for a brief pessimistic moment that your own AV missed a bad boy ActiveX. I also reconfirm that not all ActiveX is good ActiveX aka there are some bad ones too. Internet did indeed confirm that last sentence quite readily for me.

The 2 apps which list out ActiveX……..yes, actually list out all your ActiveX present on your comp are:-

  1. ActiveXHelper -       http://download.cnet.com/Activ…..?tag=mncol
  2. TLBDOC -      http://download.cnet.com/TLBDO…..?tag=mncol

Ladies & Gentlemen both handle different OS, some recent OS's sadly enough are not covered, the number of total downloads & recent downloads is not very large & there are no user comments yet. The developers' pedigree however is not bad at all. Other issues which cross the mind is how often do new CLSID's come up……………………all the time or rarely nowadays. I am not thrown by the less no. of downloads nor by the lack of user comments in this given situation because it seemed like a "fear of all snakes thing" aka not very rational.

These are the pros & cons. Please do check out the html links. What is your take on this? 

Ramesh Smile

 

March 5, 2010
4:26 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
2
0

Hi Smile

Since it is "different strokes for different folks" I'll explain briefly what is ActiveX in "plainspeak" terms.

In Windows OS each ActiveX is identified by a unique CLSID aka Class Id – a horribly long number. Each ActiveX is merely an object. Each ActiveX actually does only one small job. Mainly, (perhaps but not "only") this is used by the browser belonging to Windows Operating System i.e. Internet Explorer. I mean to say that apart from Windows browser the other parts of Windows OS also "could" use ActiveX. That is to say ActiveX gets used both when you are "on internet" & also when you are "off internet". The important & only point is *mainly/mostly only the browser of Windows uses it*.

– *It is not used by any other browser or any other Operating System.* You can correct my last sentence – It "might" i.e. ActiveX "might" be used by a few other Operating systems too, apart from Windows! It is not at all used by Java if you use Java as your OS. For whatever it is worth ActiveX is just a tiny jobber object in Windows OS in quite the same way as an applet is a tiny jobber object in Java OS. Got it?

Why this broohaha about ActiveX, you might ask? Veteran Windows dottechies would tell you that ActiveX objects (especially COM) objects sometimes makes Windows Browser if not the entire Windows OS vulnerable. The fact that Internet Explorer aka the browser sits atop Windows Explorer the file manager has provided a platform for bad guys to do bad things to good guys using Windows. I haven't simplified the last 2 sentences with the fullest confidence that my dottechie family would place even those in proper perspective……..apart from all the other sentences.

For those wishing to read further or deeper these html links would help:-

  1. http://www.google.co.in/search?hl=en&safe=active&client=firefox-a&hs=Y69&rls=org.mozilla:en-US:official&channel=s&defl=en&q=define:ActiveX&ei=VdSQS5KGJ8fGrAePk6XLCw&sa=X&oi=glossary_definition&ct=title&ved=0CAkQkAE
  2. http://en.wikipedia.org/wiki/ActiveX
  3. http://www.webopedia.com/TERM/A/ActiveX_control.html

Ramesh Smile

March 5, 2010
4:53 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline

Hi Smile

I had already tested ActiveXHelper v 1.12. It seems to offer "good functionality" as per readme file & "trustworthy behaviour" – both are equally important – since I neither have Sandboxie nor Geswall nor Returnil nor a virtual computer partition……………..yet.

The good thing is that previously this app used to populate a list of ActiveX only within the registry whereas this latest version allows you to populate the list even within a .txt file i.e. notepad file. Naturally I preferred populating a .txt file rather than my registry. Smile

I failed in my attempt to populate the list in .txt. That neither surprises nor saddens me because I have failed before Smile 

By the way ActiveXHelper 1.12 covers Windows Me, Windows 98, Windows 2000, Windows NT, Windows XP

By the way TLBDOC covers Windows 95/98/2000/NT

I am put off by the fact that Vista & Win7 are not coveredFrown I don't know if Vista & Win7 do not have ActiveX at all. Unlikely or could it be so? Confused. I don't know.

Or is it that some developer screwed up & did not develop this app to cover later versions of Windows OS? Or worse still, is it that for some unknown reasons Microsoft did not let them? Sheesh! If so why did not Microsoft itself do the honours?

This is only becoming curiouser & curiouser. These questions beat me? Frown

What do you feel? Smile

RameshSmile

March 5, 2010
10:10 AM
karen
Washington, DC Metro Area
dotTechie
Forum Posts: 878
Member Since:
November 1, 2009
Offline
4
0

Ramesh Kumar said:

What do you feel? Smile

RameshSmile


 

Just use FF Laugh

March 5, 2010
11:28 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline

Yes Karen I do feel safer with FF  Laugh & actually unsafe with IE. Tell me Karen Vista & Win7 have Active X too, don't they?

 

@Pwnana – what is your take on ActiveX - Am also requesting you via PM 

@Steelers6 – what is your take on ActiveX - Am also requesting you via PM  

@Samuel – I'd like to know your views on this ActiveX thread. Am also requesting you via PM 

Ramesh Smile

March 6, 2010
12:53 AM
Locutus
Guru
Forum Posts: 1886
Member Since:
February 19, 2009
Offline
6
0

Actually Chrome is safer because of the way it handles tabs…. get rid of flash and it's even safer.  IE too handles tabs better than FF and is thus safer… http://gizmodo.com/5483024/security-expert-flash-is-the-root-of-browser-insecurity-oh-and-ie8-isnt-so-bad

Oh, the site that was :(
March 6, 2010
1:41 AM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline

 Locutus said:

Actually Chrome is safer because of the way it handles tabs…. get rid of flash and it's even safer.  IE too handles tabs better than FF and is thus safer… http://gizmodo.com/5483024/sec…..snt-so-bad


 

Thanks! Smile

It clarified a lot of issues & the html link leads to a clear & terse article. I read it.

  1. I hadn't installed Chrome so far despite its being the fastest because it would be my 4th browser – the other 3 being FF 3.5.8, Opera 10.10 & Internet Explorer 6. I wondered if having more browsers also means more vulnerabilities. Is that true?
  2. I hadn't upgraded IE6 even though it is more vulnerable than IE7 which in turn is more vulnerable than IE8. That was because I remember reading that IE8 shafts you pretty badly if you have WinXp 32 bit non-.NET. They say that on that front IE7 fits better with WinXp. Is it so?

Ramesh Smile

March 6, 2010
12:13 PM
Locutus
Guru
Forum Posts: 1886
Member Since:
February 19, 2009
Offline
8
0

Well I can't say anything about non-.NET IE because I have .NET, but IE7 and IE8 are huge improvements on their predecessors.  Also, I do remember reading about this one attack that only worked if you used both Firefox and IE regularly.  I forget how it works but I believe it exploited a hole in FF that is otherwise not a problem to attack IE. 

If you have time to read Gizmodo it's an interesting read about all the new awesome gadgets in the world… although sometimes they review things that aren't family friendly if you know what I mean. 

I personally only use Firefox because I have it the exact way I want it Laugh

Oh, the site that was :(
March 6, 2010
2:08 PM
o(o.o)o
Novice
Forum Posts: 35
Member Since:
December 9, 2009
Offline
9
0

Why the concern for activex? If IE is your main browser just run it with limited rights for day to day browsing and it can't install activex (except IE8 on vista/windows7). Better yet, just use IE for OS updates and use a different browser for day to day, one that doesn't support activex.

March 6, 2010
9:46 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
10
0

Locutus said:

Well I can't say anything about non-.NET IE because I have .NET, but IE7 and IE8 are huge improvements on their predecessors.  Also, I do remember reading about this one attack that only worked if you used both Firefox and IE regularly.  I forget how it works but I believe it exploited a hole in FF that is otherwise not a problem to attack IE. 

If you have time to read Gizmodo it's an interesting read about all the new awesome gadgets in the world… although sometimes they review things that aren't family friendly if you know what I mean. 

I personally only use Firefox because I have it the exact way I want it Laugh


 

Me too! I use only FF & sometimes Opera. Never do I use IE. Thanks for Gizmodo. I'll read it pronto

RameshLaugh

March 6, 2010
9:59 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
11
0

o(o.o)o said:

Why the concern for activex? If IE is your main browser just run it with limited rights for day to day browsing and it can't install activex (except IE8 on vista/windows7). Better yet, just use IE for OS updates and use a different browser for day to day, one that doesn't support activex.


 

Thanks for the great insights! Smile There are o(o.o)o-dles of insights in there both relating to OS & browsers! Smile

 

1) Mercifully I have WinXp Professional 32 bit non-.NET so ActiveX does not bay for my blood as often as it would do were I to use Vista or Win7Smile

2) Pls teach me how to use limited rights in IE. Btw I have IE6 presently. I rarely use it but even when I do (I think Outlook Express email client comes in via IE doesn't it?) I'll limit its rights – of IE that is. So teach me.

3)I mostly use FF & Opera

4)You must meet Pwnana btw. He shared an awesome insight. A thing very few people know. *FF is not the "ActiveX-less browser its made out to be. Some FF plugins have ActiveX*So when you use FF plugins keep this added dimension in mind

Keep picking Pwnana's mind now & then. Don't let him off the hook. Pwnana  has a lot of goodies tucked inside his mind Surprised Awesome.

RameshSmile

March 9, 2010
3:40 PM
o(o.o)o
Novice
Forum Posts: 35
Member Since:
December 9, 2009
Offline
12
0

@Ramesh

1) Since you are using XP pro, you can implement software policies to run IE with limited rights.

First make a reg file by opening notepad and typing in the following lines and saving with a .reg extension:

 

Windows Registry Editor Version 5.00

 

 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiers]

"Levels"=dword:00020000

 

Merge  the regfile then go to Control panel > Administrative Tools > Local Security Policy. If you haven't done so before already, create new Software Restrictions Policy. Afterwards, go to Additional Rules and right click on the right pane > New Path Rule. A window will popup wherein you can browse to the path/folder of IE or whichever app, then under Security Level, change it to Basic.

 

2) You can use PsExec to execute IE with limited user rights. Save psexec.exe under system32 folder, run it to accept sysinternals eula and your good to go. Type and run this line to launch IE with limited rights:

psexec -l -d "C:Program FilesInternet Exploreriexplore.exe" or

psexec -l "C:Program FilesInternet Exploreriexplore.exe"

http://technet.microsoft.com/e…..97553.aspx

 

3) You can also use this tool called SAFER_Zone from Sully, a http://www.wilderssecurity.com member, which can add a SAFER_User right click menu whenever you want to run a program with limited rights.

 

http://mrwoojoo.com/sg/index.htm

 

He also has a GUI frontend for administering software policies called Pretty Good Security found here:

http://mrwoojoo.com/PGS/PGS_index.htm

 

4) If you have Process Explorer installed, you can also use it to launch a program with limited rights by going to File > Run as Limited > Browsing to the program's path.

March 9, 2010
7:48 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
13
0

Thanks o(o.o)o! Smile

All of a sudden text width is getting jiggered. I wonder whether you too are experiencing the same difficulty. I'll read it as soon as this problem is solved – jiggered width problem

RameshSmile

March 9, 2010
8:51 PM
Ramesh Kumar
Grand Master
Forum Posts: 390
Member Since:
February 1, 2010
Offline
14
0

Pls help. Text width in this thread is still exceeding column width

RameshCry

March 9, 2010
11:27 PM
sean
Young One
Forum Posts: 196
Member Since:
February 7, 2010
Offline
15
0

2 idea's: ramesh, try cutting your links in two, that might help

 

or locutus, it might be your sig

March 9, 2010
11:41 PM
o(o.o)o
Novice
Forum Posts: 35
Member Since:
December 9, 2009
Offline
16
0

… and I thought I was the only one having problems with the forums.

March 10, 2010
7:55 PM
Pwnana
Geek
Forum Posts: 238
Member Since:
November 15, 2009
Offline
17
0

Chrome is probably the fastest and safest browser on the web, and with the addition of themes and extensions its getting even better.  I used to use it only a little bit because Firefox had all my addons, but I eventually found that I used only Chrome because it was so much faster.

You got Pwnd
Forum Timezone: America/Los_Angeles

Most Users Ever Online: wp_sferrorlog

Currently Online:
38 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

phoenix_rising: 899

karen: 878

Wheezer: 786

yourpalal: 647

PCbasics: 612

ebony: 548

Member Stats:

Guest Posters: 9

Members: 7523

Moderators: 0

Admins: 3

Forum Stats:

Groups: 3

Forums: 17

Topics: 2192

Posts: 15804

Newest Members: ChelladuraiPalanisamy, hary, AlisaAlly, oxfordrecovery, asmrkt, seemaagrawal

Administrators: Ashraf (1741), Locutus (1886), amnesia (270)

Comments