Posted by: Ken Harthun
Browsers, Microsoft Windows, Security, Security management, Vulnerabilities
ActiveX has always been a weak point in IE. The majority of browser plug-in vulnerabilities are ActiveX based. Microsoft realizes this and has a method to disable certain problematic ActiveX controls. But Microsoft’s method involves setting the kill bit by editing the registry and in order to discover the CLSID (Class ID) of the control you want to disable, you may have to uninstall others. In short, it’s a messy way to do things.
Errata Security to the rescue. They’ve created AxBan, a free tool to set the kill bit on known bad ActiveX controls. Errata promises that they’ll “be updating it as needed with new CLSIDs on an as needed basis.” AxBan is a single, small (45.5 KB), standalone executable that contains a list of known dangerous ActiveX controls. It highlights in red any you have installed on your system and gives you a button to set the kill bit. Be careful, though–there isn’t an “undo” button. Once you set the kill bit, if you find you’ve made a mistake, you’ll have to edit the registry to unset it.
Nevertheless, it’s a handy tool to have in your security arsenal