Activex Technology

ActivexTechnology is one of several key MicrosoftImprovements that is backfiring on MicrosoftCorporation in this AgeOfMalware.


What is ActiveX

A ComComponent that is "Internet enabled", slimmed down from the OLE to support "content push". It was a huge success in the battle to wrestle market share from NetscapeNavigator's plugin architecture.

As a competitor to JavaLanguage, it may have checked the growing demand for Java because ActivexTechnology can be delivered through much cheaper mechanisms such as VbClassic and ActiveXscripting. As the market share of MicrosoftWindows grew, it made business sense for developers to think first of ActivexTechnology, further aided by its ability to deliver superior "user experience". The price was platform independence.

see http://www.active-x.com/articles/whatis.htm, http://www.webopedia.com/TERM/A/ActiveX_control.html

And from the vendor archives, see http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnaractivex/html/msdn_faq.asp

History of ActiveX


News about ActivexTechnology

Dec04 discovered flaw helps phishing (a type of SocialEngineering) scams even for WindowsXp SP2 machines at http://www.computerworld.com/securitytopics/security/story/0,10801,98413,00.html


ActivexSecurity?

What ActiveX offers, in the form AuthentiCode? (DigitalSignatures for components), is not so much security as accountability. AuthentiCode? is designed to make it hard to spoof a component's credentials. This permits you to decide whether to download and run a component based on whether you trust the component's creators. Once you've said "yes", an ActiveX component has no restrictions on what it can do.


Resources


Now a liability

see http://www.usatoday.com/tech/news/2004-11-09-firefox-sidebar_x.htm

MS article above was selling the benefits of autodownload, transparent installation at the time of publication.


CategoryMicrosoftTechnology

EditText of this page (last edited November 1, 2005) or FindPage with title or text search