 Print this article |
 Email to friend |
Author: Richard Lowe
ActiveX uses an interesting method for enforcing security ... it doesn't.
Well, that's not exactly true. What happens is when a web page requests an
ActiveX control the browser determines if that control is already loaded
onto your system. If it is the ActiveX control is executed. If not,
is asked if it is okay to install the control. Additional information about
where the control came from and it's security implications is also included.
The theory behind this security model is the user knows what's best for his
system. In my humble opinion, this is pure hogwash (a stronger expletive
came to mind but this is a family site). Is your average web surfer really
knowledgeable enough to make a decision like this? Look at it this way, by
installing an ActiveX control you are assuming it is secure, won't damage
your system and is bug-free. You are basically trusting completely the
company which created the control, the developers and the people
distributing the image.
Yes there are security certificates involved, but those are relatively easy
to get. Also remember how many security problems have been reported
involving ActiveX controls.
I don't know about you, but when I get that little box stating a site wants
to install an ActiveX control, my first impulse is to hit the NO box,
quickly followed by the BACK key. This may seem a bit paranoid, but I use my
computer all day long and I depend upon it for business and pleasure. Why
would I want to put it at any risk for some silly little ActiveX control?
The web is a huge place and there are plenty of other sites to look at.
My advice to ( Next Page )
Rate this article:
(No ratings yet)
Saving ...
