Infografías de ActiveX
Bienvenidos a la página Web de Alirio Jeanton
Infografía
Activex3
http://www.iseran.com/ActiveX/
ActiveX
Is it worth the risk?
ActiveX -even with code signing- is fundamentally insecure. Turn off all ActiveX support (download & scripting) in your browser on the Internet security zone and in Outlook and Outlook Express- and see if it fundamentally degrades your Internet experience.
Why ActiveX is insecure
1. ActiveX controls are just Windows programs downloaded from Web sites and run on your PC.
2. The browser verifies the "digital signature" of the program to ensure that it has not been modified since it was written, but can not verify that the control has good intentions -it, and you, have to trust the developers.
3. Most programmers are better at and more concerned with getting working code out the door rather than formally verifying program security. This makes it likely that they have left in small security weaknesses.
4. Any security weakness can be exploited by malicous people to do things which the control developers never intended
Let's face -most applications ship with bugs. Do you think they ship without security holes too?
Consider the preloader control, published and signed by Microsoft. Intended to permit a background prefetch of web pages, it enables web sites to download an execute Java applets with a local rather than remote URL, or to snoop round a hard disk looking for well known files. Which is exactly what we do in The
ActiveX Hard Disk Explorer
The hard disk explorer sounds a lot worse than it is, but that's mainly because I was too lazy to write a decent enough amount of code to take advantage of the problem.
For more information, read our full MS Word document, ActiveX Security, which contains a detailed analysis of the issue and provides options for users and MIS departments to secure their systems.
Microsoft was notified of existence of our secuirty loophole in early May '99: a patch was issued by the end of the month. This demonstrates exactly how seriously they are starting to take security. However others -particularly Robert Smith of Phar Lap software, took the idea to heart and went through the whole gamut of ActiveX controls shipped with PCs. These controls come from MS, and from all the "added value" software that home PC vendors ship.
The result: it is obvious that lots of software developers mark their applications as 'safe for scripting', when they are utterly unsafe. Even the early release candidates of Windows 2000 shipped with some controls (the imaging one in particular) which are security loopholes. Anyone can send you an email with a reference to this control and they have relatively unrestricted access to your hard disk. Is that what you intended?
The other issue is that six months later, the access logs of this web site show that some people are still downloading and running the page. That is because the browser needs to be updated for the fix to apply -there is no easy way for automatically revoking a control without editing IE or the end user's registry.
What you can do
As a PC user, you can
· Alter Outlook and Outlook Express to browse in the 'restricted sites' zone, not the laxer 'Internet Zone' (under Mail/Settings)
· Disable all scripting, activeX, Java and cookies from the restricted sites rights (Internet Explorer: Tools/Options/Security/Custom
· Disable ActiveX from the Internet zone too (safety first!)
· Disable all prompting for the execution of untrusted/unsigned controls from the local and Intranet zones
As a developer, you should
· not mark controls as safe for scripting when they arent. By doing so you may be making yourself legally liable.
· Write applications which run happily on systems with tighter security settings that the default (case in point Encarta 2000 complains whenever you run it that the Internet Zone settings have been customised)
· Consider very carefully whether you need ActiveX on your web site. It can do great things, but can people trust it? If you can solve the same problem differently with some more server side work, why not do it that way?