Vulnerabilities in the Internet Explorer Browser

There has been a number of security fixes applied to the Microsoft Internet Explorer browser. While several vulnerabilities have been associated with the browser, one of Internet Explorer's biggest flaws is a technology known as Active X.

The Weakness of Active X

Active X is a Microsoft creation integrated into both the Internet Explorer browser and the Windows operating system itself. It is essentially a piece of object-orientated programming that allows users to view interactive multimedia content on a web page. As with many other Microsoft products, the features of Active X come with major consequences when considering the security trade-offs.

A poorly designed Active X control can be a very dangerous weapon for savvy Internet criminals, primarily because most of them are packed with third-party software and packaged as "safe for scripting." This enables malicious content to run when an Active X control is invoked without a user's knowledge or permission. An individual could then take control of its ability, and more often than not, use it to download and execute malicious code.

Active X vulnerabilities are among the most commonly exploited security breaches of all web browsers, a computer hacker's dream. In a recent Internet Security Threat Report, leading security software vendor Symantec listed well over 200 new vulnerabilities in plug-ins for web browsers. A small percentage of these add-on modules were for Adobe, Flash, Java, Firefox, QuickTime and Windows Media player; the majority was attributed to Active X.

IE Improvements

Microsoft has gone great length to address vulnerabilities in the Internet Explorer browser. Despite the added security measures employed to prevent unauthorized downloading of Active X controls, the new Internet Explorer 7.0 has no way to stop the manipulation or execution of those currently installed by third-party programs. Some of the most common applications from printers and digital cameras to media players and blogging plug-ins often install their own Active X controls. However, the average user with these controls installed on their system would never know if they were deactivated or completely removed.

A phishing filter is one of the new features in Internet Explorer 7.0. While the settings can be configured, they come preset to restrict access to suspected phishing sites by default. It's speculated that Version 8 will include a feature that will block access to sites known for hosting malicious software as well. Downloads would also be scanned for malicious code.

The Internet Explorer browser can be set to run on Windows Vista in Protected Mode. In this mode, the privileges of the browser are much more restricted, meaning it cannot make any significant changes within the system. Protected Mode also efficiently restricts the privileges of any third-party add-ons. The web browsing environment on the Vista platform is far more secure, as damage can be drastically limited even if the browser or add-ons are compromised.

Updates and patches for the Internet Explorer browser are frequently distributed and available through Windows automatic updates. While security patches will continue to be released for a wide range of Windows platforms, the most recent improvements have mainly been distributed for XP.


Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.