[4268] in WWW Security List Archive
Re: Netscape and ActiveX (was Re: Sceptic ...)
daemon@ATHENA.MIT.EDU (Peter Gregory)
Thu Feb 6 18:56:21 1997
Date: Thu, 6 Feb 1997 13:11:36 -0800
From: peter.gregory-unix@mccaw-stg.com (Peter Gregory)
To: WWW-SECURITY@ns2.rutgers.edu, rdenny@dc3.com
Errors-To: owner-www-security@ns2.rutgers.edu
> On Feb 6, jwp@checfs1.ucsd.edu wrote:
>
> > ActiveX capability is far too
> > useful to be ignored by anyone seriously attempting to challenge MS in the
> > business marketplace.
>
> ActiveX is far too dangerous for anyone in the business marketplace to use
> except in an all MS intranet. And then... they'll have created an island. Can
> you say SNA?
The Feb. 3 '97 edition of Network World has a front-page article called
"ActiveX Marks New Virus Spot." (www.nwfusion.com to see the article
in its entirety). The first couple of paragraphs read:
Like many companies, Lockheed Martin Corp. has come to rely on Microsoft
Corp. technology. But when it comes to Lockheed's intranet, one thing
the company will not abide is ActiveX, a cornerstone of Microsoft's Web
efforts.
The reason? ActiveX can offer virus writers and hackers a perfect network
entree. "You can download an ActiveX applet that is a virus, which could
do major damage," explains Bill Andiario, technical lead for Web
initiatives at Lockheed Martin Enterprise Information Systems, the company's
information systems arm. "Or it could grab your proprietary information
and pass it back to a competitor, or worse yet, another country."
The ActiveX problem is simple. The technology is based on OLE, which allows
one application to launch another. By definition, then, ActiveX has the
potential to access a user's hard drive, and control applications and files.
Java applets, in general, are currently not allowed to access a hard drive
or files, or open up new net connections.
Lockheed will wait for Microsoft to resolve these issues before endorsing
ActiveX.
(end of quotation... the article goes much farther).
Enjoy,
-pg
--
Peter Gregory [NICname PG11] peter.gregory@attws.com
IT Manager, AT&T Wireless Services, Strategic Technologies Group
