You’re surfing the web now and avoiding risqué websites. All seems well. However, the highly critical, unpatchable vulnerability of this week means all is not well. Months from now, if ever, your bank, a friend, your employer, your ISP, or a law enforcement agency may request that your computer be examined for malware because financial horrors have visited many because your computer was infected. Tragically, this scenario is quite avoidable.

Let me point out to folk that missed my blog post on Beladen last month that there are hundreds of thousands of legitimate websites that have been secretly seeded with attack code without the knowledge of the website owners. This is why simply avoiding “bad neighborhoods” would be inadequate.

Here’s something you may not have read elsewhere, other applications could be used to activate this particular ActiveX control to be exploited. Microsoft noted that Outlook and Outlook Express email users that click on a link in an HTML based email could trigger the attack. Similarly, other applications capable of launching ActiveX controls may be used to facilitate an attack that exploits this Microsoft Video Control object. It will be morbidly interesting to see in the weeks to come what other applications are found to be vulnerable or actually targeted in these attacks.

Next, I must point out that this Video ActiveX control vulnerability is NOT the only one attackers might exploit to invade your computer. Microsoft hasn’t yet created and distributed a security patch for another recently announced vulnerability that involves how DirectX handles QuickTime files. There are others; and there will be yet more. Software application vulnerabilities are like politicians. No matter how many are chased out of office for various reasons, there will be more, and soon.

Regular readers of this blog know that anti-virus/spyware security software found on typical computers stand less than a fifty-fifty chance of stopping one of these attacks. If this assertion is new to you, please look at one or more other posts in this blog.

How Can Windows XP Users Protect Themselves?

They can follow Microsoft’s recommendation and disable select functions. Or, they can get some additional security software that is designed to stop the kinds of attacks that your antivirus software misses. I’ve got another post on the way that answers the question: do limited user accounts (LUA) deter these attacks?

AppGuard and EdgeGuard Protect Windows XP Computers from Microsoft Video Control ActiveX Attacks

If AppGuard is installed and guarding your computer, there’s only one thing you should do, and this is really a moral thing, get those you know to install something like AppGuard. Anyone can trial all of its features for 30 days for free. If your or others wonder what’s so great about AppGuard, the answer is that it provide the most protection for the least amount of effort and disruption. There are other security software products that can stop a higher percentage of possible attacks. However, they are considerably more difficult to fully set-up and tend to be quite annoying with their frequent pedantic chatter.

EdgeGuard protects enterprise computers from this Microsoft Video ActiveX attack, practically all other ActiveX attacks, attacks on the DirectShow vulnerability, and pretty much nearly every attack you’re likely to encounter. The difference between AppGuard and EdgeGuard is simple. AppGuard is a subset of EdgeGuard. EdgeGuard will protect, control, and audit enterprise computers located anywhere and in near-real time, providing total operational awareness.  Most enterprise security software intended to stop zero-day attacks is severely underutilized or dormant because its too complex to set up and maintain.  EdgeGuard can be deployed by any person that can install a web browser.

Neither AppGuard users nor EdgeGuard administrators need to implement the Microsoft workaround that disables the Microsoft Video ActiveX control.  Generally speaking, when these security software products are guarding a PC, ActiveX controls do not have to be disabled.  Additionally, if one wishes to open a malware infested Microsoft Word document, for example, one can safely do so when guarded, exceptions are extremely rare but possible.  No security solution offers 100% protection.

Posted: Wednesday, July 8th, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback