IT Security Topic - Phishing

News	\|	Search

IT Security Topic — Phishing

Clarifying the role of "Active X"

ActiveX controls are only available in Internet Explorer on Windows systems. This feature allows the installation of software by companies if you deem the publisher to be trusted and the software to be necessary for greater functionality on your computer.

ActiveX controls should not immediately be considered dangerous as many of us use them everyday. Macromedia Flash, Shockwave, Adobe Acrobat, and Microsoft Windows Update are examples of these programs. ActiveX closely follows the "Plug-in" paradigm of other browsers, with the exception of requiring a download. ActiveX also provides an added security window showing that the authenticity of the application was verified.

The key here is trust: If a security window pops-up and asks you to install software, you should research who is attempting to install software on your computer and only grant the software the right to install if you will gain necessary functionality. The ability to download and install software is cross-browser and cross-platform; in fact ActiveX and Plug-ins have never been considered a vulnerability.

Here's an example of the security window:

Get Help

IT Service Center
303-735-4357 (5-HELP)
security@colorado.edu

Check out these other web sites to learn more about phishing:
Anti-Phishing Working Group offers consumer information on how to avoid phishing scams, what to do if you think you're a victim of one of these scams, and examples of recent attacks (as well as more than 100 screenshots of specific phishing scams).
Microsoft Security Solutions
PC World (search its news site for info on phishing, pharming, and other online dangers)
CERT
Gartner Security & Privacy

IT Service Center, 303-735-4357 (5-HELP from an on-campus phone), help@colorado.edu
Send comments about the web site to itsfeedback@colorado.edu
ITS Policies & Guidelines

Last reviewed: August 31, 2009