[4611] in WWW Security List Archive
Re: more active-x
daemon@ATHENA.MIT.EDU (Christopher Petrilli)
Fri Feb 28 03:38:03 1997
Date: Fri, 28 Feb 97 01:25:34 -0400
From: Christopher Petrilli <petrilli@amber.org>
To: "Gretchin Lair" <gretchin@uscolo.edu>, <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
In reply to Gretchin Lair at gretchin@uscolo.edu:
>
>i'm not a big active-x fan, but this might add more fuel to the fire...
>
>gl.
>
>--------------------------------------------------------------------------
>
>*** Finjan launches ActiveX Security Manager
>
>Finjan Software Tuesday announced SurfinShield Xtra, allowing Internet
>users to enforce ActiveX and Java desktop security. Through
>SurfinShield Xtra, the desktop web user can control the type of
>ActiveX or Java applet allowed to enter the desktop, the functions
>those applets are allowed to perform and the kinds of resources they
>may or may not be permitted to access. ActiveX Security Manager,
>included in SurfinShield Xtra, enhances ActiveX technology and brings
>Internet security for the desktop to a higher level, the company said.
>For the full text story, see
>http://www.merc.com/stories/cgi/story.cgi?id=1687943-700
The big problem with this is that it doesn't allow CENTRAL enforcement.
That's the whole problem of putting the enforcement in the user's hands.
I as an IS manager see the users as largely boobs who can't turn on their
machines, much less protect company assets.
Chris
