The battle between malicious hackers and system administrators is a never-ending tug-of-war between constantly evolving adversaries. Every time administrators seem to have gained the upper hand, their nemeses change in surprisingly agile ways. For example, as computer users and network administrators learn to take virus protection more seriously, hackers are beginning to exploit a new avenue of attack: active components. These are modules of code, such as ActiveX controls or Java applets, that are passed between computers or applications. They are routinely, and legitimately, used in thousands of applications. The potential for malicious active components, or malware, to be distributed over the Internet has been well known for years, but they have been overshadowed by flashier and faster-spreading worms and viruses. Impact Unknown Many analysts believe the actual incidence of this type of attack is very small. Gartner research director Ray Wagner told NewsFactor that although "the potential for malicious activity is great," there is little evidence of attacks, especially against home computer users. In the same vein, Ian Robinson, director of enterprise products at Zone Labs, a supplier of firewall products, said, "There hasn't been an outbreak of these kinds of threats." Robinson added that his company, whose latest software version includes active component detection, is a step ahead of what he calls the "next generation of threats." But a dissenting opinion was presented in a recent report by Aberdeen Group, which found that many computers contain "Trojan horse" programs that their owners and users are unaware of. Some of those programs probably arrived by e-mail, while others were unknowingly downloaded from Web sites. Malicious code installed on victims' hard drives, according to the report, may be used for "electronic reconnaissance, electronic probing, mail marketing, spamming, electronic theft, cybercrime, cyberterrorism, electronic identity theft, and financial loss." Hidden Code One reason why experts differ about the incidence of attacks is that malicious code delivered through active components does not always make its presence known. As Aberdeen research director Eric Hemmendinger told NewsFactor: "We can't say what percent are impacted, but most of those who are impacted don't know it. What you don't know will hurt you, and you won't necessarily know it has hurt you." Although active components can be designed to cause obvious harm -- wiping out data, for example -- they also can be programmed to reside quietly on a computer, sending sensitive information back to the computer that originally generated them. They could be used for industrial espionage or identity theft without the victim ever becoming aware of the attack. (Of course, as with all hacking, the range of motivation for any attack ranges from challenge to mischief-making to larceny.) Lines of Defense Software vendors serve as the first line of defense against malware. For example, Microsoft (Nasdaq: MSFT) allows code signing of ActiveX controls. But, as Gartner's Wagner pointed out, "The system is only as good as the registration process, and in this case, all you really need [for code signing] is a credit card and maybe a business address." Aberdeen Group's Hemmendinger agreed. "It's not easily solved by Microsoft or any other technology supplier," he said. Users themselves are the second line of defense. Short of unplugging their computers from the Internet, users can avoid suspicious e-mails and Web sites. Other strategies include disabling ActiveX controls and Java and always opening e-mails in "Restricted" mode. However, disabling computer capabilities also reduces a computer's usefulness. Depending on how the computer is used, tradeoffs may range from forgoing Web site animation to being unable to do one's job. "There's no one right answer," Hemmendinger noted. Monitoring the Network In an enterprise setting, network engineers may be able to defend against attacks on servers. "Their experience leads them to recognize when a machine is compromised," Gartner's Wagner said, "either because a red light goes on or because the machine is not working properly." But when it comes to enterprise desktop computers, network managers are rethinking their approach to security. Some traditional security devices are not particularly useful against active components. Antivirus software and intrusion detection software, for example, rely on recognizing "signatures" or patterns. According to the Aberdeen report, pattern matching is not usually an effective way to look for active components. Enterprise networks often use packet firewalls at the network perimeter, but these are also of little use against active components. Because they examine only header information, according to Hemmendinger, they can overlook a trojan horse program that claims to be something it is not. Personal Firewalls Installing a personal firewall program seems to be a good approach for protecting both personal and enterprise desktop computers. One example is Zone Labs' ZoneAlarm. While early versions of ZoneAlarm evaluated each application to see whether it was on the "approved" list, the most recent version also evaluates all of the component programs associated with the application. For example, if a malicious active component tries to launch Quicken and extract your financial information, the firewall program goes behind Quicken -- a program you may have authorized to use the Internet -- to see the unauthorized code that launched it. Vendors of personal firewall programs are now adding management features to allow network administrators to set policies centrally. With these tools, even if 10,000 computers on a network are running the firewall program, the list of approved programs needs to be entered only once. The management tools also produce reports that may help identify sources of attacks. Unintended Consequences Considering that millions of dollars have been spent to protect computers from hackers, why is there still no "silver bullet"? The answer, Wagner said, is that the Internet cannot be controlled. "These are incredibly complex systems all interacting within the environment. Even without malicious attackers, there would be unintended consequences." Hemmendinger added: "Hackers are now of professional grade. Anticipating what they'll do next is an exercise in futility. It's not fundamentally about stupid decisions made by technology suppliers. It's about unintended consequences now being demonstrated."

That site has an ActiveX object from ad.doubleclick.net. Glad you did not post the link. Surf safe and take care. We pay for help, one way or another. (with more ads)

Didn't know that norm that activex was on that site ... but anyway i surf with out scripting enabled :) always have and always will. Only use it on sites i know if it is required

I just know my firewall logged it, not shure what is wants. A pop-up came with it. It can't be good, nice post though. Take care

Thanks Hylian for copying and pasting that post. I read it last week at www.freebsdforums.org. very interesting stuff, and thanks again for copying that onto your thread.