 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
|
|
 |
|
 |
 Host your site on our high performance virtual domain and non-domain accounts.
|
|
ActiveX: A security risk? Published on 6/13/97 The answer to this question is a definite no. ActiveX is not a major security hazard. There are many people who will say otherwise, but in many cases, their logic is flawed. ActiveX controls are reusable software components used to bring added functionality to a web site or desktop application, and they should not be a cause for alarm. Part of the problem may be the overblown criticism ActiveX receives from many trusted computer publications. They constantly remind us of "rouge ActiveX controls," that have potential to destroy our computer systems. The fact is, these so-called malicious controls are very uncommon. Most of the time, they are created for demonstration purposes only, and not released on the Internet. In one unidentified publication, a reader asked a question regarding a security issue that they've heard about, involving ActiveX. The author's reply: "An ActiveX control...is a full-fledged Windows application that can easily take complete control of your machine...To avoid the problem...simply use a browser that doesn't support this dangerous feature." This suggestion is irresponsible and completely unnecessary. Would you stop using your computer to protect it from potential viruses? No, you wouldn't. So should you stop using ActiveX controls to protect yourself from a virtually nonexistent security issue? We don't think so. Anybody who has installed an ActiveX control will know that the process doesn't happen behind your back. In Internet Explorer, a authenticity certificate is displayed before installation, giving you the option to cancel or continue the procedure. This security feature is a technology called Authenticode, which requires that all ActiveX controls be digitally signed by their authors. So if you ever install a questionable control, you'll know exactly who is responsible. Many people have no problem downloading and installing browser plug-ins; but in reality, this is a far greater security risk than ActiveX controls. There are no security measures in place for plug-ins. The only assurance you have is knowing where the plug-in came from. For ActiveX controls, this information is always presented to you before installation can even occur. Another comparison people make to ActiveX is Java. It is true that Java applets are theoretically safer than ActiveX controls, but only because of a severe tradeoff. Java applets are confined to a "sandbox" within the browser, where they can only operate with limited functionality. Specifically, Java applets are blocked from directly accessing the local operating system. ActiveX controls are significantly more versatile, however, because they are not limited to this "sandbox." Because of this, ActiveX controls can be built to perform a wider variety of complex tasks. Basically, ActiveX controls are not major security concerns. They are a lot safer than they are portrayed to be. If you're willing to stop using ActiveX controls, go right ahead; but remember, you'd also be giving up on their immense functionality. |
|
|
|
 |
|
Home | About | Feedback
| Downloads | Search Copyright © Michael Yigdall and Jonathan Strine |
