ActiveX is a powerful technology viewed by the experts as a blessing and a curse. On the one hand, the controls make it possible for a Web browser to interact with other desktop applications. But the lack of security in ActiveX could invite hackers to seize control of a computer system.
The technology has long been the target of security concerns. Last week's report stemmed from a conference in August, where a team of 20 security experts gathered to discuss vulnerabilities in ActiveX.
The workshop, sponsored by CERT Coordination Center, a security outfit funded by the Department of Defense, found that some of the concerns about ActiveX may be overstated. The group concluded, however, that security issues related to ActiveX could not be ignored.
"The report is a good heads up for a network administrator," said security expert Richard Smith, the technology officer at Privacy Foundation and a member of the workshop. "There are a lot of practical tips in the report that have never before been published."
The 50-page report, located at CERT's Web site, instructs software engineers and others how to adjust settings, tap into auditing tools and disable ActiveX controls to limit their use while in the Internet security zone.