With the Web, it is not always a case of “what you see is what you get”

As you open up different web pages, a lot of content loads. Media-rich sites like YouTube or FaceBook are the norm today. However, such interactive pages may contain hidden scripts and cross-reference vulnerabilities that can start a system-wide infection on your computer.

Beyond traditional text, pictures, and animations, today’s Web 2.0 pages often contain programming code that can activate and run special commands in the background. If that code is subverted by hackers to exploit a vulnerability in the web browser, this can have serious ramifications for your security.

ActiveX and JavaScript are hackers’ favorite targets among browser features today. The Firefox browser doesn’t support ActiveX, so at least the ubiquitous ActiveX vulnerabilities won’t hurt Firefox users. You can also restrict the loading of other elements through its Options menu. But, once you do that, you will also block legitimate JavaScript content that’s used by a large number of legitimate web pages. While IE does support ActiveX, it also offers more flexibility; you can disable both potentially unsafe elements while allowing them to be loaded for trusted sites that you specify. This is done through IE’s Security tab. Many security programs, including Outpost, can also block these elements from running, allowing only whitelisted sites to use this code.