[4639] in WWW Security List Archive
Re[2]: more active-x
daemon@ATHENA.MIT.EDU (dharris@kcp.com)
Mon Mar 3 21:04:51 1997
From: dharris@kcp.com
Date: Mon, 3 Mar 1997 16:41:06 -0600
To: Gretchin Lair <gretchin@uscolo.edu>, www-security@ns2.rutgers.edu,
Christopher Petrilli <petrilli@amber.org>
Errors-To: owner-www-security@ns2.rutgers.edu
All users are boobs? I was one (and still am, occasionally) and I disagree.
However, the users do tend to have their own goals which often are in conflict
with security. Say your policy is "no ActiveX except from internal sources" but
some user hears about a *really neat* ActiveX site, so s/he turns on ActiveX
"just this once", then forgets to turn it off. How much nicer it would be if
the policy enforcer could backstop the user's desktop with a central ActiveX
blocker...
______________________________ Reply Separator _________________________________
Subject: Re: more active-x
Author: Christopher Petrilli <petrilli%amber.org@cerberus2.kcp.com> at
INTERNET-MAIL
Date: 2/28/97 1:25 AM
In reply to Gretchin Lair at gretchin@uscolo.edu:
>
>i'm not a big active-x fan, but this might add more fuel to the fire...
>
>gl.
>
>--------------------------------------------------------------------------
>
>*** Finjan launches ActiveX Security Manager
>
>Finjan Software Tuesday announced SurfinShield Xtra, allowing Internet
>users to enforce ActiveX and Java desktop security. Through
>SurfinShield Xtra, the desktop web user can control the type of
>ActiveX or Java applet allowed to enter the desktop, the functions
>those applets are allowed to perform and the kinds of resources they
>may or may not be permitted to access. ActiveX Security Manager,
>included in SurfinShield Xtra, enhances ActiveX technology and brings
>Internet security for the desktop to a higher level, the company said.
>For the full text story, see
>http://www.merc.com/stories/cgi/story.cgi?id=1687943-700
The big problem with this is that it doesn't allow CENTRAL enforcement.
That's the whole problem of putting the enforcement in the user's hands.
I as an IS manager see the users as largely boobs who can't turn on their
machines, much less protect company assets.
Chris
