Saturday, February 14, 2009

ActiveX Killbits

Microsoft released a new set of ActiveX Killbits for Windows XP on 10 Feb. It is a critical update rollup.

As per Microsoft, “a security feature in Microsoft Internet Explorer makes it possible to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine. This is done by making a registry setting and is referred to as setting the kill bit. After the kill bit is set, the control can never be loaded, even when it is fully installed. Setting the kill bit makes sure that even if a vulnerable component is introduced or is re-introduced to a system, it remains inert and harmless.”

But from a view of point of software development, that is not a right way to achieve security. Security should be by design, not by patch.

IE – Intrude Easily. :-)) That’s I do recommend people using Firefox or Chrome, which has no ActiveX support at all. A simple browser is a good browser. IE isn’t.

No comments: