Tuesday, August 18, 2009

Microsoft makes many security fixes; ActiveX is still seen as a "liability"

Brian Krebs, in his Security Fix blog for the Washington Post, discussed a big Microsoft patch on Tuesday, Aug. 11, in this entry.

Krebs provides a lucid explanation of why ActiveX has been a consistent Achilles Heel for Microsoft Internet Explorer, any version. It gives “access” to other parts of the Windows operating system, for hackers to control your machine (possible for DOS zombie purposes) and Microsoft tends to share some “templates” with other vendors.

On my Windows Vista update history I see ten updates since Aug. 11, including two that greeted me today when I started following up on Krebs’s blog. But the 19 updates in his story may apply to XP also.

It appears that the new Windows 7 is somehow steering clear of these problems.

Krebs notes that ActiveX vulnerabilities may be avoided by using other browsers, like Mozilla, Chrome and Opera.

No comments: