PCTips Box

Microsoft’s Internet Explorer is without a doubt the main vector of attacks, when it comes down to web-based threats. Its ubiquity, as well as its intimate integration into the Windows platform, makes it an excellent avenue for attacks. With IE6, Microsoft has gained an ill reputation for failing dramatically to protect end users. From IE6, which undoubtedly is an apex of insecurity compared to alternative browsers, the Redmond company moved to Windows Vista and Internet Explorer 7 under User Account Control, virtually cutting the browser from the critical areas of the operating system. Web-based attacks coming via IE7 in Protect Mode will not be able to write themselves to disk without specific user permission, because the browser runs with the very least possible privileges. (more…)

Since ActiveX applies only to the Windows platform, it is unsuitable for Firefox which is available across multiple platforms. Currently, there is no mechanism by which you can use ActiveX controls in Firefox 2.0 or later.

Until recently, a third-party plugin provided ActiveX functionality for Firefox. The Mozilla ActiveX Plug-in provided partial ActiveX support for Firefox 1.5 and earlier versions. By default, these ActiveX plugins were configured to execute only the two Windows Media Player ActiveX controls, which enabled the playback of video content through the Windows controls. There is a configuration file that can be used to enable other ActiveX controls. (more…)

Here is your chance to set Internet Explorer free! You will be able to do so, not only for Internet Explorer 7 in Windows XP SP2, Windows Server 2003 and Windows Vista, but also for the previous version IE6 on XP and 2003. Starting this month, users can strip the Microsoft browser of the “click to activate” behavior. The intermediary “Click to Activate” control setting of the browser was introduced as a consequence of the legal dispute between Microsoft and Eolas Technologies, over the patent governing the Automatic Component Activation technology built into Internet Explorer.

Following a settlement between the company and Eolas, Microsoft promised to alter the IE
ActiveX Update, in order to modify the way that the browser dealt with embedded controls on specific pages. Back at the beginning of November, Pete LePage, IE Senior Product Manager, promised the delivery of the Internet Explorer update concomitantly with the Release Candidates for Windows Vista SP1 and Windows XP SP3. And now, the IE Automatic Component Activation Preview is available for download. (more…)

ActiveX controls, just like any other example of binary software, tend to evolve. This growth is of course intimately connected with updates introduced to either add new functionality or features, or simply to patch security vulnerabilities. Marc Silbey, IE Program Manager and Steve Herndon, Silverlight Lead Program Manager, have managed to come out with a three step guideline illustrating the best practices associated with ActiveX controls updating. It all starts with making detection logic an integer part of the ActiveX control. Additionally, developers also have to take into account the fact that IE7 in Vista runs by default in Protected Mode, and not automate the update to the point where the user is completely taken out of the equation. (more…)

Are you one of the many computer users who went from using Windows XP to Windows Vista? It seems to be “the thing to do” these days, but let’s be honest here. Are you having trouble finding some of the things you absolutely loved using in XP? How about the system restore feature, for example? I know that’s one of my favorites, but it’s so difficult to find in Vista. Well, today I’m going to give you the lowdown on how you can easily find it and start using it once again! (more…)

Maybe. You should be cautious about installing ActiveX controls, sometimes called add-ons, on your computer, even if they have a valid digital signature. While ActiveX controls can enhance web browsing, they might also pose a security risk, and it’s best to avoid using them if the webpage will work without them. However, some websites or tasks might require them, and if the content or task is important to you, you will have to decide whether to install the ActiveX control.

Before installing an ActiveX control, consider the following: (more…)

If you haven’t applied the “critical” patch in Microsoft’s MS07-009 bulletin, now might be a good time to hit that download-and-install button. Detailed exploit code for the vulnerability — discovered during HD Moore’s MOBB (month of browser bugs) project and fixed on Patch Tuesday in February — has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.

The exploit code takes aim at a remote code execution flaw in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects. This is distributed in MDAC (Microsoft Data Access Components). (more…)

Windows PowerShell includes:
1. One hundred and twenty-nine command-line tools (called “cmdlets”) for performing common system administration tasks, such as managing services, processes, event logs, certificates, the registry, and using Windows Management Instrumentation (WMI).
2. Command-line tools are easy to learn and easy to use with standard naming conventions and common parameters, and simple tools for sorting, filtering, and formatting data and objects.
3. Support for existing scripting languages and existing command-line tools, and multiple versions of Windows, including Windows XP, Windows Server 2003, Windows Vista and Windows Server code name “Longhorn”. (more…)