John,

The point of the article is that YES, ActiveX allows an exe on your machine
and it can do what ever it wants.  No argument there.

But ALSO that Mozilla & Firefox's XPCOM allows the same thing - unrestricted
access to the machine.  Yet we never hear about that.

But wait, I *DO* agree with you on one point!  It is DANGEROUS to install an
activex!  And I'll only do it from a company that I highly trust and expect
the activex.  And then it probably wouldn't be a consumer based application.

Bob in Indy


-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On
Behalf Of Jones, John (US)
Sent: Wednesday, January 31, 2007 8:00 AM
To: PC Technical Discussion for iSeries Users
Subject: Re: [PCTECH] Is ActiveX safe?

I don't know about others but IMO ActiveX is bad for two main reasons:

1. Like you mentioned, it is only available on the Windows platform,
specifically to the IE browser.
2. As someone else mentioned yesterday, it allows code to execute on
your PC.

As to point one, unless Vista's draconian DRM is toned down a lot I've
little intention of using it so my home machines will stay at Windows
2000 and XP.  Any upgrades will be to Linux, which means no ActiveX
support.  Any online vendor who wants some of the thousands of dollars
per year I year spend online will not require ActiveX.

Point two, this means that ActiveX can be a distribution method for
malware (viruses and whatnot).  An AX component can write to your hard
drive, which means it can not only populate your system with malware but
could be malware itself.  You now have some ability to block AX --
either all or nothing or based on limited criteria -- but the onus is on
the end user to know what they're doing and we all know how effectively
that works.

Go to http://isc.sans.org/ and search for ActiveX to see a list of
Windows vulnerabilities that AX plays a part in.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5559 was
disclosed just this past October and can potentially allow an attacker's
code to execute (the more benign impact is a DoS/IE crash).  There is no
fix but there are two workarounds: Either disable AX or use RegEdit
(again, not something users should be expected to do) to disable a
specific function.

--
John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787 F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx]
On Behalf Of Scott Klement
Sent: Tuesday, January 30, 2007 5:24 PM
To: PC Technical Discussion for iSeries Users
Subject: Re: [PCTECH] Is ActiveX safe?

Hi Bob,

But of course, it is PC to knock MS and considered bad form to say bad

things about poor Sun, Apple, etc who as "everybody" knows are the
innocent victims of the big bad Gates Machine.

The only criticism I've seen of Microsoft in this thread is that ActiveX
(which is a Microsoft invention) isn't cross-platform.  That article
confirms that this is the case -- it refers to XPCOM as cross-platform,
while making it clear that ActiveX is native Windows code.

Are you saying that we shouldn't blame Microsoft for the fact that
ActiveX
isn't cross platform?   Or perhaps even that we should blame Apple or
Sun
for that?

Seems pretty clear to me that if Microsoft designs, writes, supports,
markets, popularizes, and distributes a product.  And Sun and Apple
aren't at all involved in that process...   perhaps it's Microsoft, not
Sun or Apple who should be blamed for the shortcomings?  What am I
missing?
--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list To post a message email: PcTech@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/pctech.


This email is for the use of the intended recipient(s) only.  If you have
received this email in error, please notify the sender immediately and
then delete it.  If you are not the intended recipient, you must not keep,
use, disclose, copy or distribute this email without the author's prior
permission.  We have taken precautions to minimize the risk of
transmitting software viruses, but we advise you to carry out your own
virus checks on any attachment to this message.  We cannot accept
liability for any loss or damage caused by software viruses.  The
information contained in this communication may be confidential and may be
subject to the attorney-client privilege. If you are the intended
recipient and you do not wish to receive similar electronic messages from
us in future then please respond to the sender to this effect.

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.