14 DAY TRIAL // One of the enhancements introduced into Windows Vista in terms of security is related to the way the latest operating system from Microsoft mitigates ActiveX threats. ActiveX controls have been around since the release of Internet Explorer 4.0, and the Internet distributed executable code proved to be one of the greatest sources of malware for Windows users. Windows Vista contains a mitigation designed to manage ActiveX controls dubbed the ActiveX Installer Service. By default, the service is switched off, but it can be easily embedded. All you have to do is make your way through the Start Menu to Control Panel, and choose the Uninstall or change a program option. On the left hand side menu, click on the Turn Windows features on or off, agree to the User Account Prompt and the ActiveX Installer Service will be at the top of the Windows Features list. Simply check the box next to it in order to activate the service.
"One common hurdle in the development of a secure desktop environment is how to mitigate the threats surrounding malicious ActiveX controls while still providing an appropriate level of application compatibility in your environment. This has been a challenge with desktop operating systems for many years. The new ActiveX control Installer Service (AxIS) in Windows Vista addresses concerns specific to the management of ActiveX controls in corporate environments. AxIS provides a simple and manageable way for standard users, who wouldn't ordinarily be permitted to install ActiveX controls, to install them from approved Web sites. Group Policy control over AxIS allows IT administrators to determine which controls users can install, regardless of which permissions they have," revealed Rob Campbell, Senior Technical Specialist and Joel Yoker, Senior Consultant on the Microsoft Federal team.
The ActiveX Installer Service is not featured in the Vista editions destined for home users. In this context, neither Windows Vista Home basic, nor Windows Vista Home Premium versions of the operating system feature the service. Only the Business, Enterprise and Ultimate SKUs of Vista deliver the ActiveX Installer Service. Essentially, AxIS can be configured via Group Policies settings in accordance with a list of trusted sources.
"When an object tag directs Internet Explorer to invoke a control, AxIS takes the following steps checks that the control is installed. If not, it must be installed prior to use; checks the AxIS policy setting to verify if the control is from a trusted source. The specific check matches the host name of the URL specified in the CODEBASE attribute of the object tag against the list of trusted locations specified in policy and downloads and installs the control on the user's behalf," Rob Campbell and Joel Yoker added in the "The ActiveX Installer Service in Windows Vista" article.