[2677] in WWW Security List Archive
Re: ActiveX - Arrogance rules
daemon@ATHENA.MIT.EDU (Alan Olsen)
Sun Aug 18 19:21:18 1996
Date: Sun, 18 Aug 1996 14:23:39 -0700
To: tcooper@ix.netcom.com (Tom Cooper ), www-security@ns2.rutgers.edu
From: Alan Olsen <alano@teleport.com>
Errors-To: owner-www-security@ns2.rutgers.edu
[I am going to clarify a few of my previous statements on ActiveX here. I
am not going to succumb to the flame fest that Mr. Cooper seems to be
desiring here.]
At 08:24 AM 8/18/96 -0700, Tom Cooper wrote:
>Alan,
>
>In your rant about all those morons ruining the Net you forgot to
>mention the source of your paycheck.
>
>>From your sig file:
>Alan Olsen -- alano@teleport.com -- Contract Web Design &
>Instruction(it's in the sig file).
>
>
>So you work for a firm that helps losers and morons get onto (and clog)
>the Net. Hmmm.
My paycheck (as you put it) is paid by people designing for the web, not the
people using the web. It is my job to give them product that is usable by
the widest number of people, without overassuming knowledge or capabilities
on the part of the user. It is my belief that ActiveX assumes that the user
knows a hell of alot more about security concerns than they can possibly
know. (Not only that, but it makes assumptions that can bite anyone, no
matter what their level of knowledge.) I don't know how much contact you
have had with "real world" users of the web, but they don't know anything
about security (except what the media has told them) and they do not want to
know. They want it to work like their TV or Microwave. Just plug it in and
it works...
>Despite the chest beating and rants about idiots not knowing what they
>are doing (all technically true), many of us realize that if the Net
>were full of fellow geeks who understood technology, we'd all be out of
>work.
True, but we are discussing security models here. You cannot expect each
and every user to know what an app can or cannot do to them. And "evil"
apps do not have to be as dramatic as the "Internet Exploder" ocx... The
app could do alot in the background while it is putting up "useful" content
with the user none the wiser.
>My only request is for more content and less noise. I understand the
>technical proficiency of the average end user, and that they are paid
>to do boring things like bring in money to pay my high salary as a
>technologist.
>
>I joined this list not to feed my ego but to keep abreast of security
>vulnerabilities on the web.
I do not see you adding content to the argument here, only flames.
If you want to add content here: Do you think ActiveX is a "good thing" and why?
I have been trying to point out why I think it is bad and why I do not trust
it. The defenders of ActiveX seem to believe that the assurance of a signer
improves the likelyhood that it is a good app. I believe that in a large
company, subversion of the signing authority is a possiblity. A possibility
that should not exist in a good security model.
You are missing the point of what I was posting.
ActiveX allows you to do pretty much want as long as it is properly signed
by a "trusted authority" or if the user clicks on an OK button. (Actually,
I have seen reports that the new version of IE 3.0 gives you the choice of
"OK" and "Help", but no way to "Cancel" on an untrusted ActiveX app.)
This means that if I have someone who is a "trusted signer" according to the
browser, then they can have pretty much free run of the client computer. I
have a real problem with this.
Here is a good paranoid scenerio for you:
Company X has the ability to sign apps. Someone in marketing at Company X
decides that having a control on their web page to gather marketing info
(e-mail address, apps used (with serial numbers), browser history file and
the like). To make it unobtrusive (i.e. suspicious to the user), they make
the control do something useful or interesting. Because they can get this
app signed in a way that most browsers will trust (or they have a big
company name to inspire trust enough to get users to use the app) there will
be nothing that will alert the user that the app contains code that rips off
personal data.
ActiveX does not have a good security model because the above is possible.
You may say that the above will not happen because of ethical concerns in
that company. (I have worked for companies that would do things far less
ethical if given half the chance. (They are in court now for some of
them.)) Given that few (if any) people actually disassemble the apps that
run on their machine, the chances of getting caught are slim to none.
To have security based on a plea to authority instead of a firm set of rules
is foolish. I would have thought that Microsoft would have done better, but
if you want to put your trust in them, go right ahead.
If you want other examples of Microsoft's "commitment" to security, I
suggest you look at the nice large security holes in the Frontpage Extensions.
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
|`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.|
| http://www.teleport.com/~alano/ | alano@teleport.com |
