Re: ActiveX
From: hmm (anonymous_at_discussions.microsoft.com)
Date: 05/23/04
- Next message: fred: "MS cumulative patch for May 2004"
- Previous message: q: "Re: Is this possible? ("
- In reply to: Lionel Fourquaux: "Re: ActiveX"
- Next in thread: Lionel Fourquaux: "Re: ActiveX"
- Reply: Lionel Fourquaux: "Re: ActiveX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 May 2004 11:25:46 -0700
Is this how spyware/adware is installed on computers
without users knowing (assuming they already have it set
up in IE to allow unsigned/unsafe ActiveX to downloaded
without prompt)?
>-----Original Message-----
>Because an ActiveX control are full-blown programs, that
>can do anything the user can. This is very useful if you
>want to display something that can't be described using
>only HTML (e.g. PDF documents, MathML), or if you have to
>access the user's computer in some way (think of Windows
>Update), but it's a security risk in two ways: if a
>trusted ActiveX control has a security bug, or if you
>install a malicious control, you're giving full control
>of your user account to any website you visit.
>
>You should at least disable the installation of unsigned
>controls and disable the execution of untrusted controls.
>(I think it's the default configuration for IE). To be
>more secure, you can disable all ActiveX controls in the
>Internet zone, and use the trusted zone for websites for
>which you want ActiveX controls. Of course it means that
>any content provided in this way will not be displayed.
- Next message: fred: "MS cumulative patch for May 2004"
- Previous message: q: "Re: Is this possible? ("
- In reply to: Lionel Fourquaux: "Re: ActiveX"
- Next in thread: Lionel Fourquaux: "Re: ActiveX"
- Reply: Lionel Fourquaux: "Re: ActiveX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
