Another Day With My PC

One of the ways by which malware could get in to your system without strict passport or visa filtering is via e-mail. Indeed, hackers don’t need to cut their way through firewalls by using this point of entry. They don’t even need to hope and pray for a security software glitch to get their creation inside one’s PC. All they have to do is cross their fingers and wish that the user is either gullible or careless.

There’s no hard and fast rule in detecting infected or malicious e-mails. Having the attachment scanned by an antivirus is the best way by which you could determine if the e-mail file is infected. However, an e-mail may have no attachment but it could still do damage. Some malicious e-mails contain links purporting to lead to clean and legitimate Web sites. Of course, the user would be lead to a bogus page where he could either be phished for information or be infected with various types of viruses or spyware through harmful ActiveX controls.

Putting a scarlet letter on filenames that are reported to be infected won’t do you too much good, either. No self-respecting hacker would give their creations on a silver platter to virus hunters. Malicious files mimic chameleons and change names all the time to escape detection.

I’m not saying that you shouldn’t open your mails and resort back to your local post office like the good old days. What I’m stressing is that you shouldn’t rely on just one single malware-detection method. A combination of two or more of the means mentioned above would ensure that your computer won’t be possessed by unwanted applications through malicious e-mail attachments or links.

Talk about timing or coincidence. While I was giving a short discourse as to what ActiveX is and the possible dangers that it may bring, Symantec and Microsoft were already giving advisories on the recent spates of malware infection caused by the ActiveX control for the Snapshot Viewer made for Microsoft Access.

Symantec reported that the attacks are being perpetrated through a toolkit that could be used even by novices. The fact that this program is being disseminated on the Internet aggravates the problem.

Microsoft’s security advisory on the matter revealed that the ActiveX trap are set by creating bogus Web sites that seem harmless or legitimate. Upon accessing the infected page, the user would be prompted that an ActiveX control needs to be loaded in order for the site to be displayed properly. Once the malicious ActiveX control is allowed to run, the hacker would then be able to use or access the unsuspecting user’s PC to execute damaging codes or instructions.

Microsoft has yet to release the patch that would cover the problem. Until then, be wary of the Web sites that you visit. If you can’t stop yourself from checking the page, then at least refrain from acting on the ActiveX prompts that you get.

There used to be a time when Web sites were as exciting as your newspaper’s business section. There were hardly any picture on the Web pages back then and interaction was limited to the e-mail address of the webmaster. Surfing the Web 10-15 years ago was like browsing through huge post its!

Web page design has come a long way since then. Text-only Web pages are already relics of the past. Nowadays, you could hardly find any site that has no pictures, videos, or graphical options or controls which allow you to interact with the page. All these would not have been possible if Microsoft had not created ActiveX.

What is ActiveX?

ActiveX is an innovation by Redmond which allows programs to be executed and/or loaded on the Web Site. The codes that ActiveX execute enable the surfer to interact with the page as it gives him a variety of options as to how he could wander about in the site. Take for example your favorite NBA team’s Web site. Whenever you visit their page, you’ll almost always be prompted if you would want ActiveX controls to be executed. Click “yes” and you’ll be presented with a wide array of features, such as being able to vote for your favorite player or view the highlights of last night’s game. Click “no” and you’ll be stuck with a page that doesn’t have much flare to keep you from leaving after 10 seconds.

Is it Dangerous?

While ActiveX controls make the waves we’re surfing on more interesting, it could also make them very perilous. Take note that ActiveX works by executing codes embedded on Web pages. If the codes contain malicious instructions, then you’ll probably be spending your next weekend reformatting your hard drive and reinstalling all your programs and files, that is if you were able to back up all of your precious data.

You should therefore be very cautious in clicking the links that you see. If the URL seems dubious, don’t click on it. If you have the curiosity of a cat, then at least don’t immediately run the ActiveX controls of the page when you’re prompted for it. Examine the index page first before you respond to prompts or queries.

Install Safeguards

While Internet Explorer prompts you if a Web page wants to execute or run an ActiveX control, thereby keeping you safe from malware infection, such feature doesn’t provide you with an adequate security or safeguard. Malicious codes usually target the Windows registry first. Hence, investing in a registry cleaner is imperative. Hackers have more than one ingenious method by which you could be tricked into running a malicious ActiveX control. If you do fall for those, your registry cleaner and antivirus would be there to catch you.

• Sep 5 : Cartoon of the Week
• Sep 5 : Tamron Announces New Ultrawide-Angle Zoom Lens
• Sep 4 : Microsoft Gets Serious About App Virtualization
• Sep 3 : Commodore Joins Netbook Bandwagon
• Sep 2 : Google Gives Picasa a New Face