Software and Services (793 reviews)
Home,
News, Reviews, Features, Tutorials, Media Releases, Buying Guides, Slideshows, Top Rated, Best Buys, Editor's Choice, Videos
ActiveX bugs pose threat to Vista, Microsoft reports
Company's security work pays off, but third-party browser add-ons still a problem
Gregg Keizer (Computerworld) 04/11/2008 08:19:00
Tags: active x, bugs, Windows Vista
Page:

Stathakopoulos defended ActiveX, but acknowledged that it was impossible for Microsoft to police its technology. "You have to enable [add-on] development for the browser," he said. "The question is, how do you extend the browser and at the same time provide guidance to developers on how to write secure [ActiveX controls]?" he said.

The problem is especially evident in China, whose users accounted for 47 percent of all victims of browser-based attacks during the first half of 2008, according to Microsoft. Stathakopoulos blamed Chinese developers for contributing to the ActiveX issue. "I think it's a combination of developers who don't have good security discipline, and [the Chinese market] being a very large target," he said, explaining why Microsoft thought China was particularly hit hard by browser attacks.

US users accounted for 23 percent of all victims of browser-based exploits.

Microsoft is doing more to help developers write more secure code, Stathakopoulos said. In September, the company unveiled a for-fee program, dubbed "SDL Pro Network," where service provider partners consult with businesses to help them apply Microsoft's Security Development Lifecycle practices. Microsoft will also release a pair of free-of-charge tools distilled from its SDL work this month.

He also argued that the company's work to lock down ActiveX in IE was paying off. IE7, for example, blocks many ActiveX controls by default, and requires the user to explicitly agree to their operation. The still-in-beta IE8, meanwhile, has introduced additional ActiveX security features, including the ability to restrict controls to specific domains -- an enterprise intranet, for example.

Symantec's report earlier this year, however, disputed the idea that Microsoft's efforts had done much good. IE7, said Symantec in April, had not had a significant impact on the number of ActiveX vulnerabilities.

"We're going to try to help third-party developers write more secure code," said Stathakopoulos. "But it will be a long, drawn-out problem."

Microsoft's most recent security report can be downloaded from the company's site.

Page:
More about , SIR, INS, Microsoft, RealNetworks, VIA, SDL, Symantec, Apple
Recommend this article?
Yes0 votes
No0 votes

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Enter the fully qualified URL, eg. http://www.example.com/
Users posting comments agree to the PC World comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Syndicate content Syndicate content Syndicate content Syndicate content
 
Gift Guide
MWave
Discussions on Software and Services

Documents Folder in Windows7

I have recently loaded Windows 7 using a clean install after formating my HDD. I ...

Windows XP And MS-DOS

Guys/Gals, I run Windows 98SE and use batch files a lot. One of the things ...

Can't Size MS Photo Editor

I can't size MS Photo Editor, it is either maximized or minimized. I haven't used ...

Download problem

I have Win XP pro SP3 installed. When I go to download I get a message. "Application ...

Clean Install

Purchased a new Medion Desk Top PC and have taken up the free upgrade offer to Win7 ...
Create new Topic
More from the forum
Samsung

CXO Latest

LED Advisor

Popular Phones & Plans

Powered by WhistleOut

1) Apple iPhone 3GS 16GB35 plans 18%
2) Blackberry Bold 900014 plans 9%
3) Blackberry Curve 85206 plans 12%
4) Apple iPhone 3GS 32GB35 plans 1%
5) Samsung Ultra Touch31 plans 2%
Three iiNet Virgin Mobile Vodafone
« 1 of »
1) Apple mobile phones 17%
2) Blackberry mobile phones 21%
3) Samsung mobile phones 3%
4) Nokia mobile phones 1%
5) LG mobile phones 2%

Compare: Mobiles | Broadband

PC World
 

Colour your world with Samsung

A chance to win with every
Samsung Consumable purchase*