|
|
Posted by Jonathan N. Little on 01/21/06 17:38
Joe Barta wrote:
> Jose wrote:
>
>
>>... and while I'm at it, sometimes when I visit a site I get a
>>prompt that says "Would you like software such as Active-X
>>controls to run?"
>>
>>How am I supposed to answer the question? It's either YES or NO,
>>but the prompt gives me no indication of =what= software is being
>>proposed to run, =who= is asking, and what it will =do=. This
>>stuff runs on MY COMPUTER, where I have lots of important stuff.
>>I would treat the question the same way I would treat the plumber
>>who asks "would you like me to look around at stuff like your sink
>>drains and file cabinets?"
>
>
>
> I'm not as knowledgable as Andy but I might be able to spew forth
> something useful here.
>
> It really boils down to common sense and the idea that you cannot
> completely eliminate ALL risk. You have to use your best judgement and
> life in general always has some risk.
>
> 99.9 times out of 100 you should say NO to those controls because most
> of it is junk and some of it is downright nasty. If you're in the
> seedy part of town looking for something you really ought not be
> looking for and you get a message that in order to get the trinket you
> want, you have to let the control install. Seems to me common sense
> should tell you that's not a very good idea.
Funny thing about ActiveX, if you go in a tweak your IE security
settings to prompt on all ActiveX activities (several settings) and in
the normal course of browsing you will be prompted to death, but other
non-ActiveX browsers, e.g., Firefox, will traverse the same sites
without any limitations. So ActiveX isn't solely for installing
controls, but IE wants to run ActiveX in the normal course of browsing,
but here is the rub, ActiveX has access to Windows COM (Component Object
Model or in other words the Windows OS) with privileges to add, modify
and delete local files and install and uninstall local executables. I am
not saying that they all do, but they have the capability to do so. I
think Mr Bill is a Trekkie and believes where everyone wears a white
hat. I personally want a distinction between 'local' and 'remote' data.
The privileges required in dealing with such should be different. Using
the same tool for both IMHO invites abuse.
<snip>
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Navigation:
[Reply to this message]
|