http://msinfluentials.com/blogs/jesper/archive/2009/08/09/is-it-activex-that-is-the-problem.aspxLast week, an expert from Verizon, nee Cybertrust, posted a note about the Active Template Library (ATL) security vulnerability over on the Verizon Business Security Blog . For home users, the phone company now advises you to use a different browser,enCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msinfluentials.com/blogs/jesper/archive/2009/08/09/is-it-activex-that-is-the-problem.aspx#21906Sat, 29 Aug 2009 11:32:57 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:21906Jo<p>How many ActiveX controls are by default enabled in IE and how man plug-ins are by default enabled in Firefox?</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=21906" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2009/08/09/is-it-activex-that-is-the-problem.aspx#21897Tue, 25 Aug 2009 12:20:53 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:21897Terry Walker<p>Wow, I never knew that Is it ActiveX that is the problem?. That&#39;s pretty interesting...</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=21897" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2009/08/09/is-it-activex-that-is-the-problem.aspx#21836Mon, 10 Aug 2009 22:42:39 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:21836Harry Johnston, MVP<p>I don&#39;t agree with Nathan&#39;s comments, but I have to say I&#39;ve been recommending against using IE for general-purpose web browsing for years now, mostly because of the large number of ActiveX vulnerabilities. &nbsp;The IT group I work in also recommends that our staff use Firefox instead of IE.</p> <p>As I see it, the problem with ActiveX is that, for whatever reason, it is too easy to accidentally create a browser plug-in that you never intended to. &nbsp;Many of the vulnerabilities discovered are in controls that weren&#39;t meant for use in IE in the first place. &nbsp;At least with Firefox, if you&#39;re writing a browser plug-in or extension you know that you&#39;re doing it!</p> <p>Since we&#39;re still running Windows XP, by the way, we don&#39;t benefit from Low Rights. &nbsp;I&#39;m not entirely convinced that is an adequate protection in any case, mind you, since it is not intended to provide a security boundary.</p> <p>Granted, IE has improved since the early days, and I may reconsider my position in due course ... but not so long as we&#39;re still getting a new killbit once a month or more on average. :-)</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=21836" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2009/08/09/is-it-activex-that-is-the-problem.aspx#21831Mon, 10 Aug 2009 10:14:50 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:21831Dvader<p>Correct me if I am wrong but Chrome on Vista is running in low integrity mode. So what&#39;s the difference with IE?</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=21831" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2009/08/09/is-it-activex-that-is-the-problem.aspx#21829Mon, 10 Aug 2009 06:13:07 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:21829wampir<p>As far as I know there is some kind of sandbox in Chrome.</p> <p><a rel="nofollow" target="_new" href="http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html">blog.chromium.org/.../new-approach-to-browser-security-google.html</a></p> <p><a rel="nofollow" target="_new" href="http://dev.chromium.org/developers/design-documents/sandbox">dev.chromium.org/.../sandbox</a></p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=21829" width="1" height="1">