Microsoft's $521 Million Dollar Patch

In 2003, a federal court ruled that Microsoft must pay $521 million to a Chicago-based Eolas Technologies company and the University of California. (Source: cnet.com)

Eolas sued Microsoft on the basis that the software giant infringed upon its patent that allows web browsers to embed and execute interactive programs -- what we know today as "ActiveX Technology" for Internet Explorer.

Now almost three years later, the Eolas vs. Microsoft fiasco is finally coming to a close. According to Internet News, on Tuesday, April 11th, Microsoft will be releasing a patch related to the lawsuit that effectively disables ActiveX.

How the April 11th Patch Affects You

The first is a cumulative security update for Internet Explorer, part of which will include code that alters the way the browser interacts with embedded interactive content. This is the code that is being pushed out as a result of the lawsuit.

The second patch related to the lawsuit is actually a "compatibility patch". This patch will temporarily revert Internet Explorer back to previous functionality with regard to how it handles embedded interactive content. This compatibility patch is being written to give Microsoft customers a 60 day grace period to rewrite their affected web applications. The patch will function until the June security update, at which time the changes brought upon by the lawsuit will become permanent.

ActiveX: an Open Invitation for Spyware

Besides being an interesting modern day David vs. Goliath, the lawsuit and Microsoft's response reminds us of the dangers of embedded interactive content. ActiveX is the primary technology Microsoft uses to deliver this content, and is the technology directly affected by the code change. Though ActiveX is responsible for bringing us "flashy" features, it is an inherently insecure way to deliver content.

Because ActiveX allows web sites to download and install software onto a user's computer -- sometimes without the user even knowing -- it has become a very popular method for Spyware authors to distribute their malicious code.

Though ActiveX was developed to make it easy to display interactive multimedia, its risks often outweigh the potential benefits. Moreover, with the code changes Microsoft is pushing out in response to the lawsuit, the effectiveness of ActiveX will not be what it once was.

For more great tips like this one, be sure to download David's free security newsletter to your mailbox, today!