So, you've setup a firewall and antivirus software, cured yourself of the urge to open every email attachment and you're ready to sit back and relax. You're safe now, right? Well, you're safer, but let's look at another area of vulnerability. ActiveX and spyware.
Chances are pretty good that somebody or some machine has installed spyware on your machine already, if you're running Windows. The activities of spyware can range from collecting information on what web pages you visit to be unloaded when you visite specific websites to collecting your every keystroke and sending it to a friend or stranger.
You might be wondering how such intrusive software could possibly be installed on your computer without your knowledge. Excluding the possiblility that someone in your family or your boss, purchased spyware and installed it through the network or at your desktop, the most common way to pick up spyware and the one of greatest concern is through a technology called ActiveX. ActiveX has been an important technology on Windows for many years. It connects the desktop to the internet in ways that allow you to install useful software from a remote location. The use of ActiveX is so common that most take it for granted and that's where the problem lies.
You should always question why an application would need access to your system. If a friend sends you a greeting card that asks you to install an ActiveX component from a company you don't recognize and trust, to view it, I would recommend that you skip it, since the application could have used well-known plug-ins, such as Flash, QuickTime or RealPlayer to display the same content. These plug-ins are also installed with ActiveX, but from companies you know and trust. Chances are pretty good that there's something else in that program, since developing streaming content is much easier with these well-known applications than it is to write your own ActiveX control. It's not uncommon for someone to email me to ask what ActiveX controls that we've developed do before they install them. This is a good precaution.
You might have been warned by your antivirus software and Windows that installing this component may have unforseen consequences. Once you approve the installation, many antivirus tools will never notice what the program is doing, and many won't recognize spyware in routine scans.
Trend Micro offers a free online scan at http://housecall.antivirus.com that demonstrates the effectiveness of their PCCillan product. This scan will pick up all of the spyware that I've encountered over the years, but of course I can't warrant it to find everything. Another interesting thing about this link is that it also uses an ActiveX control to download the scanner to your PC. Obviously, this is an ActiveX control that I would trust and there is good reason to install it, since there are no other common applications that will do the same thing for me. You should encounter the standard warning below when you visit the link. Read these and think about them when you see them. If you don't encounter this warning, you should visit Tools>Internet Options>Security>Custom Level and check Prompt under Download ActiveX controls in Internet Explorer.
The author has no affiliation with Trend Micro and statements made here in no way warrant Trend Micro products or products of other verndors to be successful in protecting your computer from virus and worm infection or other vulnerabilities.