What are ActiveX Controls capable of doing?
September 4, 2010 10:19 AM   Subscribe

What are ActiveX controls capable of doing?

Is it possible for activex controls to act as a keylogger or take screenshots of your desktop? Is it possible for it to collect a list of your running processes?

This website says this but doesn't answer my question:

"Unfortunately, ActiveX controls are like any other software program — they can be misused. They can stop your computer from functioning correctly, collect your browsing habits and personal information without your knowledge, or can give you content, like pop-up ads, that you don't want. Also, "good" ActiveX controls might contain flaws that allow "bad" Web sites to use them for malicious purposes. "

Thank you
posted by bboylawson to Computers & Internet (7 answers total) 1 user marked this as a favorite
 
(I have no hands on knowledge of keyloggers and such, but..) i do guess that yes, they can.
posted by 3mendo at 10:22 AM on September 4, 2010


Windows Update used to be an ActiveX control.
posted by Chocolate Pickle at 10:28 AM on September 4, 2010


yes
posted by paradroid at 10:49 AM on September 4, 2010


Once started, an ActiveX control is like any other program you run on your system, it has the entirety of the systems resources available (as far as the OS is concerned, it IS you)

Anything you could do, it can do... no matter how evil it is.

So, yes, it could install a key-logger, or any other Trojan horse.
posted by MikeWarot at 11:26 AM on September 4, 2010 [1 favorite]


Yes: the security problem with ActiveX controls, particularly in web applications, is that once you install an ActiveX control it is not contained in or limited by the web browser like the other parts of a web page would be. So generally you don't want to just install any ActiveX control you come across; you want to carefully evaluate them and make sure they're coming from a trusted source, and you should confirm their digital signatures like you would with desktop software.

And as that snippet says - whereas a bug or security flaw in a normal web application still leaves the attacker restricted by the browser's security features, a flaw in an ActiveX control can let the attacker out of the web browser and expose the rest of the computer system to them.
posted by XMLicious at 11:46 AM on September 4, 2010


On my windows 7 box with ie8 it only uses 26 percent of the cpu.
posted by majortom1981 at 12:09 PM on September 4, 2010


Response by poster: Thank you all for the answers.
posted by bboylawson at 5:59 PM on September 4, 2010


« Older Peanut Butter Cake   |   give a friend the secrets to my business Newer »
This thread is closed to new comments.