Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Is Active-X really so bad?

Reply
Thread Tools

Is Active-X really so bad?

 
 
Jackeline D
Guest
Posts: n/a
 
      04-11-2004
In my house we like to download to Yahoo LAUNCH music video clips.
http://launch.yahoo.com/. I use IE because Firefox and Opera do
not work on sites like this.

Following some warnings about Active-X I went to IE > Tools >
Internet Options > Security > Custom level > and set the following:

(1) Download signed Active-X controls - PROMPT
(2) Download unsigned Active-X controls - PROMPT
(3) Initialize and script Active-X controls not safe - PROMPT
(4) Run Active-X controls and plug-ins - PROMPT
(5) Script Active-X contols marked safe for scripting - PROMPT

The result now is that Yahoo LAUNCH (and other web sites) are
almost unusable because some message pops up asking if I approve of
this or that to do with Active-X.

I would *never* accept a program via Active-X whether it is marked
as safe or not. So do I really need to switch off all these
Active-X options in order not be be exposed to some danger?

---

As a bit of background, I found this:
http://www.cs.princeton.edu/sip/java-vs-activex.html
"The main danger in ActiveX is that you will make the wrong
decision about whether to accept a program."

Is that the main danger? That's all? I can live with that!

But is that site incorrect in what it suggests? Another site says:
"some security experts say ActiveX does not deserve its bad
reputation".
http://www.newsfactor.com/story.xhtml?story_id=20390

So mayb eit is all overstated by some people?

Can you folks here please advise me on how to proceed. Should I
set (4) about to ACCEPT? Or instead should I use the "trusted
sites" feature in IE? Or both? Or something else?

Thanks!
 
Reply With Quote
 
 
 
 
Lanwench [MVP - Exchange]
Guest
Posts: n/a
 
      04-11-2004
Add the site(s) to your IE Trusted Sites - does that help?

Jackeline D wrote:
> In my house we like to download to Yahoo LAUNCH music video clips.
> http://launch.yahoo.com/. I use IE because Firefox and Opera do
> not work on sites like this.
>
> Following some warnings about Active-X I went to IE > Tools >
> Internet Options > Security > Custom level > and set the following:
>
> (1) Download signed Active-X controls - PROMPT
> (2) Download unsigned Active-X controls - PROMPT
> (3) Initialize and script Active-X controls not safe - PROMPT
> (4) Run Active-X controls and plug-ins - PROMPT
> (5) Script Active-X contols marked safe for scripting - PROMPT
>
> The result now is that Yahoo LAUNCH (and other web sites) are
> almost unusable because some message pops up asking if I approve of
> this or that to do with Active-X.
>
> I would *never* accept a program via Active-X whether it is marked
> as safe or not. So do I really need to switch off all these
> Active-X options in order not be be exposed to some danger?
>
> ---
>
> As a bit of background, I found this:
> http://www.cs.princeton.edu/sip/java-vs-activex.html
> "The main danger in ActiveX is that you will make the wrong
> decision about whether to accept a program."
>
> Is that the main danger? That's all? I can live with that!
>
> But is that site incorrect in what it suggests? Another site says:
> "some security experts say ActiveX does not deserve its bad
> reputation".
> http://www.newsfactor.com/story.xhtml?story_id=20390
>
> So mayb eit is all overstated by some people?
>
> Can you folks here please advise me on how to proceed. Should I
> set (4) about to ACCEPT? Or instead should I use the "trusted
> sites" feature in IE? Or both? Or something else?
>
> Thanks!



 
Reply With Quote
 
 
 
 
kulm_nd
Guest
Posts: n/a
 
      04-12-2004
Have you added Yahoo to your TRUSTED zone? Beware of unknown sites if you
turn on ActiveX but you can have some Trusted sites to avoid having to ok
scripts and ActiveX.

--

************************************************

g-w


"Jackeline D" <(E-Mail Removed)> wrote in message
news:94C8EF3A0D46753F89A@130.133.1.4...
> In my house we like to download to Yahoo LAUNCH music video clips.
> http://launch.yahoo.com/. I use IE because Firefox and Opera do
> not work on sites like this.
>
> Following some warnings about Active-X I went to IE > Tools >
> Internet Options > Security > Custom level > and set the following:
>
> (1) Download signed Active-X controls - PROMPT
> (2) Download unsigned Active-X controls - PROMPT
> (3) Initialize and script Active-X controls not safe - PROMPT
> (4) Run Active-X controls and plug-ins - PROMPT
> (5) Script Active-X contols marked safe for scripting - PROMPT
>
> The result now is that Yahoo LAUNCH (and other web sites) are
> almost unusable because some message pops up asking if I approve of
> this or that to do with Active-X.
>
> I would *never* accept a program via Active-X whether it is marked
> as safe or not. So do I really need to switch off all these
> Active-X options in order not be be exposed to some danger?
>
> ---
>
> As a bit of background, I found this:
> http://www.cs.princeton.edu/sip/java-vs-activex.html
> "The main danger in ActiveX is that you will make the wrong
> decision about whether to accept a program."
>
> Is that the main danger? That's all? I can live with that!
>
> But is that site incorrect in what it suggests? Another site says:
> "some security experts say ActiveX does not deserve its bad
> reputation".
> http://www.newsfactor.com/story.xhtml?story_id=20390
>
> So mayb eit is all overstated by some people?
>
> Can you folks here please advise me on how to proceed. Should I
> set (4) about to ACCEPT? Or instead should I use the "trusted
> sites" feature in IE? Or both? Or something else?
>
> Thanks!



 
Reply With Quote
 
billh
Guest
Posts: n/a
 
      04-12-2004

"Jackeline D" <(E-Mail Removed)> wrote in message
news:94C8EF3A0D46753F89A@130.133.1.4...
> In my house we like to download to Yahoo LAUNCH music video clips.
> http://launch.yahoo.com/. I use IE because Firefox and Opera do
> not work on sites like this.
>
> Following some warnings about Active-X I went to IE > Tools >
> Internet Options > Security > Custom level > and set the following:
>
> (1) Download signed Active-X controls - PROMPT
> (2) Download unsigned Active-X controls - PROMPT
> (3) Initialize and script Active-X controls not safe - PROMPT
> (4) Run Active-X controls and plug-ins - PROMPT
> (5) Script Active-X contols marked safe for scripting - PROMPT
>
> The result now is that Yahoo LAUNCH (and other web sites) are
> almost unusable because some message pops up asking if I approve of
> this or that to do with Active-X.
>
> I would *never* accept a program via Active-X whether it is marked
> as safe or not. So do I really need to switch off all these
> Active-X options in order not be be exposed to some danger?
>
> ---
>
> As a bit of background, I found this:
> http://www.cs.princeton.edu/sip/java-vs-activex.html
> "The main danger in ActiveX is that you will make the wrong
> decision about whether to accept a program."
>
> Is that the main danger? That's all? I can live with that!
>
> But is that site incorrect in what it suggests? Another site says:
> "some security experts say ActiveX does not deserve its bad
> reputation".
> http://www.newsfactor.com/story.xhtml?story_id=20390
>
> So mayb eit is all overstated by some people?
>
> Can you folks here please advise me on how to proceed. Should I
> set (4) about to ACCEPT? Or instead should I use the "trusted
> sites" feature in IE? Or both? Or something else?
>
> Thanks!


Short answer is that if you only go to reputable sites you aren't likely to
have a problem. I have browsed with ActiveX on for years using MS Internet
Explorer and haven't had trouble. However, I stay away from seedy sites,
cracker sites etc. Unfortunately it only takes one rogue site and you'll
have a problem. I regularly run Adaware6, Spybot and a anti-virus program.
The only thing I regularly find are some dull tracking cookies.
Billh


 
Reply With Quote
 
Gary
Guest
Posts: n/a
 
      04-12-2004
Install Spyware Blaster from here
http://www.javacoolsoftware.com/spywareblaster.html and use the Immunize
feature that comes with Spybot and that will keep tracking cookies and also
from any site from hijacking your browser.
 
Reply With Quote
 
Peter Rossiter
Guest
Posts: n/a
 
      04-12-2004
"billh" <(E-Mail Removed)> wrote:

> Short answer is that if you only go to reputable sites you
> aren't likely to have a problem. I have browsed with ActiveX
> on for years using MS Internet Explorer and haven't had
> trouble. However, I stay away from seedy sites, cracker sites
> etc. Unfortunately it only takes one rogue site and you'll
> have a problem. I regularly run Adaware6, Spybot and a
> anti-virus program. The only thing I regularly find are some
> dull tracking cookies. Billh



But what exactly is it that might happen to their PC if they go to
a rogue site?
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      04-12-2004
In article <94C9DA8DF264F471AE@130.133.1.4>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> "billh" <(E-Mail Removed)> wrote:
>
> > Short answer is that if you only go to reputable sites you
> > aren't likely to have a problem. I have browsed with ActiveX
> > on for years using MS Internet Explorer and haven't had
> > trouble. However, I stay away from seedy sites, cracker sites
> > etc. Unfortunately it only takes one rogue site and you'll
> > have a problem. I regularly run Adaware6, Spybot and a
> > anti-virus program. The only thing I regularly find are some
> > dull tracking cookies. Billh

>
>
> But what exactly is it that might happen to their PC if they go to
> a rogue site?


A PC that is not properly patched, even without active-x controls, will
run the risk of being compromised by back-doors, droppers, etc...

If you visit new sites with Internet Security set to "Highest" you stand
a much better chance of NOT being compromised.

I've seen sites open shell apps that can actually run code at the users
privileges level on their system, you should always run as a User level
account on a Windows box when not performing administration functions.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Mailman
Guest
Posts: n/a
 
      04-12-2004
On Mon, 12 Apr 2004 21:29:05 +0100, Peter Rossiter wrote:

> But what exactly is it that
> might happen to their PC if they go to a rogue site?


An ActiveX control is a bit like a Java applet, but it is a real
(executable) program. That means that it runs with the exact privileges of
whatever user is logged-in, but without the protection offered by the Java
sand-box (which is pretty good, even if not perfect).

I leave the rest to your imagination.
--
Mailman

 
Reply With Quote
 
Peter Rossiter
Guest
Posts: n/a
 
      04-13-2004
Mailman <(E-Mail Removed)> wrote:

>> But what exactly is it that might happen to their PC if they
>> go to a rogue site?

>
> An ActiveX control is a bit like a Java applet, but it is a
> real (executable) program. That means that it runs with the
> exact privileges of whatever user is logged-in, but without
> the protection offered by the Java sand-box (which is pretty
> good, even if not perfect).
>
> I leave the rest to your imagination.
> --


Can such a program run automatically or does the user have to click
something to allow it to run?
 
Reply With Quote
 
Rob Schneider
Guest
Posts: n/a
 
      04-13-2004
Runs automatically if that's how you've setup IE. YOu can ask IE to ask
your permsision to run ActiveX programs when it detects them, but it
doesn't explain to you what it will do or anything.

Hope this is useful to you. Let us know.

rms



Peter Rossiter wrote:
> Mailman <(E-Mail Removed)> wrote:
>
>
>>>But what exactly is it that might happen to their PC if they
>>>go to a rogue site?

>>
>>An ActiveX control is a bit like a Java applet, but it is a
>>real (executable) program. That means that it runs with the
>>exact privileges of whatever user is logged-in, but without
>>the protection offered by the Java sand-box (which is pretty
>>good, even if not perfect).
>>
>>I leave the rest to your imagination.
>>--

>
>
> Can such a program run automatically or does the user have to click
> something to allow it to run?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
really interesting... or really dull. (depends on your attitude) TrevorBoydSmith@gmail.com Java 2 09-01-2006 04:38 PM
OT : But help really really needed re: Domain Name selling, hosting etc. problem nc HTML 1 02-03-2005 07:24 PM
REALLY REALLY WERID PROBLEM!!!!pls take a look Amir ASP .Net 3 01-23-2004 06:01 PM
really really mysterious IE6 problem--secure site ultraviolet353 Computer Support 7 11-22-2003 07:56 PM
MR. ED REALLY, REALLY LOVES THE D60 !!! Annika1980 Digital Photography 9 10-28-2003 04:53 PM



Advertisments