J
Jonathan N. Little
Joe said:Jose wrote:
I'm not as knowledgable as Andy but I might be able to spew forth
something useful here.
It really boils down to common sense and the idea that you cannot
completely eliminate ALL risk. You have to use your best judgement and
life in general always has some risk.
99.9 times out of 100 you should say NO to those controls because most
of it is junk and some of it is downright nasty. If you're in the
seedy part of town looking for something you really ought not be
looking for and you get a message that in order to get the trinket you
want, you have to let the control install. Seems to me common sense
should tell you that's not a very good idea.
Funny thing about ActiveX, if you go in a tweak your IE security
settings to prompt on all ActiveX activities (several settings) and in
the normal course of browsing you will be prompted to death, but other
non-ActiveX browsers, e.g., Firefox, will traverse the same sites
without any limitations. So ActiveX isn't solely for installing
controls, but IE wants to run ActiveX in the normal course of browsing,
but here is the rub, ActiveX has access to Windows COM (Component Object
Model or in other words the Windows OS) with privileges to add, modify
and delete local files and install and uninstall local executables. I am
not saying that they all do, but they have the capability to do so. I
think Mr Bill is a Trekkie and believes where everyone wears a white
hat. I personally want a distinction between 'local' and 'remote' data.
The privileges required in dealing with such should be different. Using
the same tool for both IMHO invites abuse.
<snip>