ActiveX Viruses

ActiveX is a virus built into your browser. If you have it enabled, it allows any web page you look at to take over complete control of your computer and extract any information or insert any instructions the web page maintainer wants. Is that what you want?

If you suffer harm as a result of an ActiveX virus, sue. The people who made your browser knew the risks, and should have warned you. In the meantime, you would be well-advised to disable the mechanism before you encounter some joker's page that erases your disk or empties your bank account. (The former is trivially easy, the latter has happened, successfully.)

The following are stories from the RISKS archive:

Hostile ActiveX Control demonstrated
More on the risks of ActiveX
Electronic Funds Transfer without stealing PIN/TAN
Malicious Net Software Leads to Big Telephone Bills
Web Spoofing Is No Joke (Edupage)
Another privacy bug in Netscape (Kevin McCurley)
Warning! Security risks with ActiveX! (B Fiero)
Risks of ActiveX (Simson L. Garfinkel)
Making good ActiveX controls do bad things (Richard M. Smith)

Related Links

It's easy to steal your e-mail address...
The Object Management Group has posted an analysis of ActiveX.
Here's a page on the ActiveX Exploder web page land mine.

Back to top. Anything wrong? missing? interesting? Send email:
Copyright ©1996 by Nathan Myers. All Rights Reserved. URL: <>