Brian Hook on the ActiveX Experience 523
Obiwan Kenobi writes "Brian Hook of id software fame got around to developing on ActiveX and found some minor grievances, particularly in the security department. To quote: "I've been doing some ActiveX coding on the side for a couple days, stuff I'm not familiar with, and I'm just flat out _appalled_ at how bad that entire API and design is. I can make an OCX that basically formats your hard drive, stick it on a Web page with a tag, and if your security settings are set low enough, you'll start formatting your hard drive the minute you visit my Web page.""
Gee, that's news... (Score:5, Funny)
Re:Gee, that's news... (Score:3, Informative)
Re:Gee, that's news... (Score:5, Insightful)
Re:Gee, that's news... (Score:2)
An unsigned control can come from anywhere, a signed control comes from the signing authority.
Would you install a firefox extension from a random web site or only from those that you trust?
Re:Gee, that's news... (Score:5, Informative)
Re:Gee, that's news... (Score:3, Insightful)
Same is true for a firefox extension. By installing the extension, you're saying that you know and trust the originator of the extension.
Code signing allows you to KNOW the originator of the control - they had to pay money to Verisign (or whoever) to sign their code, which rules out a lot of random malware.
Now then, it IS possible to hide the origin of the control (if the control comes from "You must agree to load this control to view your Div
Re:Gee, that's news... (Score:4, Insightful)
Does Verisign review the source code for the controls that its certificates are applied to? I think not.
About the only thing that we can "trust" is that Verisign got a check from the developers. The ability to mail a check != trustworthiness.
Re:Gee, that's news... (Score:3, Insightful)
OK, so in your search you find that the extension was signed by a company in the Bermudas or India or something. Do you really care to take it further than that?
"Of course you have to trust the CA who issued the certificate that signed the control"
There are no trustworthy CAs. They've all made mistakes, and there will be mistakes in the future. The whole CA thing, mandated through browser warnings and such, is a "false sense of security" scam.
Re:Gee, that's news... (Score:5, Insightful)
Sure. But you know the signer. And you agree to install it.
I'd rather have the Java model, where it requests specific permissions. I actually don't know the author, unless it's MS or Macromedia or someplace similar. Real security is proactive, not reactive. Besides, most software absolves itself of all responsibility, so what could you really do? Show up at their door with a baseball bat?
You trust the extension... (Score:3, Insightful)
There's a slight difference.
Re:Gee, that's news... (Score:3, Insightful)
Not so with Firefox extensions. You have to look for them, choose to install them (by clicking on an install link) then accept to install it. It's no different than downloading and installing an
Re:Gee, that's news... (Score:3, Insightful)
Futhermore, the
Re:Gee, that's news... (Score:3, Insightful)
Re:Gee, that's news... (Score:5, Interesting)
well, it is pretty obvious. although the key phrase here is "if the user's security settings are set low enough."
i mean, any operating system is vulnerable to an exploit if it's security infrastructure is sufficiently loose. if you set your entire filesystem to 777 then you're completely vulnerable on any unix-based os too.
the real questions here are:
Re:Gee, that's news... (Score:5, Interesting)
Re:Gee, that's news... (Score:2)
Of course, the second requirement is exceedingly hard to guarantee, but it still beats the Windows situation where no bugs are required to provide the attacker with an entry point.
Unless you consider ActiveX a bug in itself. Which you probably should.
Re:Gee, that's news... (Score:5, Insightful)
Re:Gee, that's news... (Score:3, Insightful)
Re:Gee, that's news... (Score:5, Insightful)
The problem is, there aren't many OS's out there that arbitrarily run dangerous code from a web page with no interaction from the user other than visiting the page in question, low security settings or not.
Bingo. (Score:5, Insightful)
That's it exactly.
To put it another way, if you change a single setting in a single program (IE) any web page can zap your system. To make your *nix box as insecure, you have to change the file permissions for every single file on the system.
IE is a single point of failure. That's what makes the comparison invalid. You'd have to go out of your way to screw up a *nix box that bad.
Re:Bingo. (Score:5, Insightful)
The obvious problem is that it's much more common to run Windows as "root" than it is on *nix, for various reasons. Not the least of which is the fact that *nix users usually are smart enough to use one account for administration, and other for doing "user" stuff. Also not the least of which is that many Windows apps aren't written in such a way that it's feasible to run them in non-root mode.
This isn't to say that Active-X isn't dangerous...it is. But the big difference between *nix and Windows here, is that *nix is run by somewhat security-savvy people, and Windows (often) isn't. With "user-friendly" linuxes coming out, many of which login as root by default, a lot of that protection will go away.
The average user simply isn't willing to have an "administrator" account that they have to use every time they want to install an app. That fact means that for *nix to go mainstream, a lot of security inherent in *nix philosophy will have to be lost.
Luckily, mozilla/firefox are being designed in such a way that they are much less likely to exploit lax security than IE is. This will only partially mitigate the problem, though, as people dumb enough to click on a random link and run the program can still get screwed.
-Dan
Ever heard of OS X? (Score:5, Informative)
My wife isn't terribly computer savvy (at least, she wouldn't be if she weren't married to a CompSci person), but she's perfectly content with Mac OS X asking for her password before updating system software. It's an immediate red flag that something important is about to happen, and I think she'd be extremely hesitant to type it in response to clicking on a link to a web page.
Re:Bingo. (Score:3, Insightful)
1) I did not say Unix cannot have privilege escalation vulnerabilities. Like any multi-user operating system that implements actual privileges, it can. I said that Windows and Windows software is "riddled" with such vulnerabilities, as in it has a ridiculous number of them.
2) I'm not talking about buffer overflows, I'm talking about privilege escalation. While the former can lead to the latter, the latter does not require the former. Buffer overflows are n
Re:Gee, that's news... (Score:2, Insightful)
and MOST people run with IE set for trust everything because they have had trouble with the random poorly designed bank site.
so many people can get hosed easily. that is why we block ALL active X at the firewall. no active X for any reason what-so-ever. and it does not affect our company one tiny bit except keep us a bit cleaner of spyware.
Re:Gee, that's news... (Score:2, Insightful)
----------
Bullshit
Re:Gee, that's news... (Score:5, Insightful)
Really? So, if I chmod 777 my, uh,
Are you sure?
See, to do this, you have to get a script or something to run on my system to delete these locations. Show me where even lowly jscript allows for this...
Now, I'm no jscript guru, so I did a google search for jscript delete files [netreach.net] and, on at least the first page or two, only came up with stuff having to do with the ".NET framework" or involving ActiveX!
And the point isn't that files can be deleted, the point is that the API for ActiveX allows somebody to do this remotely.
Re:Gee, that's news... (Score:2, Insightful)
Regards,
Steve
Grammar check, please! (Score:5, Funny)
It's lose, darnit, lose lose LOSE !
Wait a minute, you actually meant to say "loose", didn't you?
Between using "lose/loose" correctly and not writing "This begs the questions:", I'm prompted to ask: what are you doing on Slashdot? We don't take decent grammar lightly around here, bucko.
He's one of us (Score:3, Informative)
You are a liar, sir. (Score:3, Informative)
The default button (which I think is "Ok") will let the thing run.
The default button is and always has been "NO".
Other Big News Items: (Score:5, Funny)
- Apple has released new products!
- DVD CSS encryption has been broken!
- RIAA threatened by P2P networks!
- Darth Vader is Lukes Father!
- BSD is dying!
Its good to keep up to date on all the latest news.
Re:Other Big News Items: (Score:3, Funny)
Thanks for ruining the movie for me.
Do it (Score:5, Funny)
Please. DO IT NOW. Thanks.
Re:Do it (Score:5, Funny)
Re:Do it (Score:4, Funny)
Re:Do it (Score:2)
Re:Do it (Score:3, Funny)
It's doable.
Back in the Windows 95 days when I was fifteen, Best Buy's computer sales department pissed me off so badly at a particular store that I added the format statement to the autoexec.bat files on their demo computers as I browsed around. They installed security software in that particular store after that.
At some point Microsoft modified format.exe (or was it format.com?) to make it clear the buffer before prompting for yes/no.
So... (Score:5, Funny)
Re:So... (Score:2)
Easy Formatting (Score:5, Funny)
Bonus! (Score:3, Funny)
Yep, sounds like a great deal.
You know... (Score:3, Funny)
Re:You know... (Score:5, Funny)
Re:You know... (Score:2)
does he mean... (Score:2, Informative)
Why not just create a "zone" hopper, then he doesn't have to worry about your settings. Better yet, just use one of the existing ones.
First Post (Score:4, Funny)
Formatting C: 5% Complete
Funny! (Score:2)
Whoever mod'd that down to -1 as Offtopic didn't read it properly
Please (Score:2, Funny)
Wouldn't it be more useful... (Score:4, Interesting)
Anyone surprised? (Score:3, Interesting)
ActiveX is an aweful problem, I guess the only reason IE users are as safe as they are is the level of integrity in many website (better than we have thought in the past maybe...)
Btw, thanks for the FP editors
iD software fame? (Score:2, Informative)
I think he's more famous for creating glide when he was at 3DFX
Wow (Score:2)
And a posting on Slashdot says a Microsoft thing in bad. Amazing!!!
Re:Wow (Score:2)
I've set back the security settings on my family's Win2k box, but have to set it lower when I go to do system updates. The problem is that a lot of users, not truly realizing the threat of low settin
Oh, no! (Score:5, Funny)
I hope virus writers won't find out about this!
More Ammo (Score:5, Interesting)
Re:More Ammo (Score:5, Funny)
Re:More Ammo (Score:2)
Re:More Ammo (Score:2)
adj.
There is irony here, but will leave it to you to discover. (cue smily emoticon)
Re:More Ammo (Score:2)
for the longest time i pronounced this with an "s" - "lacksadaisical".
seems like it's at least a marginally popular alternate spelling... google returns around 1,100 for with the "s", though 143,000 without.
i wonder where the difference originated.
[ flacco invokes some anti-off-topic spells and shit. ]
Crazyness (Score:4, Interesting)
I shutter at the thought of running any code that I (or at least someone else) has not inspected. Just another reason to use Firefox [firefox.com] and other opensource [gnu.org] software.
Re:Crazyness (Score:2)
Hey, I bet he could make money (Score:5, Funny)
Re:Hey, I bet he could make money (Score:5, Funny)
Vapor design (Score:5, Insightful)
1. Examine more or less how competition works
2. Quick! Make a prototype and flat-out obvious bugs
(Missing step: redesign well taking into account security considerations)
3. Overhype
4. Profit!
So now we're stuck with an obsolete plugin model, which Microsoft neglects to fix because this would break backwards compatibility.
THE END.
Yeah, well... (Score:2)
I thought that aside from the VeriSign problems, it's a pretty good system. It sure is easy for people to use.
But now, with the various security problems, the only thing I can recommend is giving people instructions to download and install things on their computer. And so that makes it important to have simple installers.
I'd say that once again, Apple is doing best in this area.
Re:Yeah, well... (Score:5, Interesting)
Microsoft makes it pretty clear that arbitrary code can be ran from a web page in the security dialog.
What is lacking is sandboxing. Here is a typical example. I go to a site to use a service. It has an active X control. I need to use the control, but don't fully trust them. My options are A) find another service, or B) run it and hope for the best. That is unacceptable. There needs to be an option C) run it in a sandbox, and don't let it read my files, or overwrite anything. I mean this is not brain surgery here. Java can do it, and Sun does not have the OS code.
Nothing new. (Score:4, Insightful)
I'm dumbfounded by this.
And editors, you're not helping any by posting stories like this. It's all too obvious that this article was posted because it fits the anti-MS slant quite well. That's all fine and good, but this article brings absolutely NOTHING to the table except another excuse to bash MS and an OLD MS technology.
Re:Nothing new. (Score:2)
More suitable? In the security sense, you mean? In that case, it's Microsoft's fault that he's able to code an ActiveX app in MFC at all! Not his.
Re:Nothing new. (Score:2)
Re:Nothing new. (Score:2)
Comment removed (Score:5, Interesting)
Re:Nothing new. (Score:5, Insightful)
In practice, I find this article very interesting for what it is: the findings of someone who is a recognised programmer into a field he has no knowledge about; and that prove that all the ghastly rumours about ActiveX are true, not hype. Now whether it should be on /. is another question.
Security was never needed (Score:4, Informative)
The move to a strong security model just started to really happen by the year 2000 when common people started getting high-speed internet access at less cost then the companies are paying for their T1 lines. Then they started clamoring to make everything secure but because they laid off the bulk of their IT employees they became under manned to fight security. So it is now a long slow process of building up IT security.
Re:Security was never needed (Score:2)
I can remember thinking "oh my god, this can never be secure" when hearing about both of these happenings. So it was definitely on peoples horizon, at least on mine, and from somewhere, I must have gotten it
So no, there is no need to excuse Microsoft here. They kn
Re:Security was never needed (Score:2)
Re:Security was never needed (Score:2, Interesting)
Just because Microsoft (or rather their corporate strategists) was thinking "leverage OS monopoly into market domination", doesn't justify a cavalier disregard for what was going on around them; just because Windows 98 had security problems doesn't mean security wasn't an issue. This is especially true when copying technology tha
Submitted by Obiwan... (Score:2)
Site visit results in disk reformat. Sad thing is: (Score:4, Insightful)
Like the man said about tsunami alerts in the United States: "There's still a large segment of the population that would go get their kids out of school so they could drive to the beach and watch the big waves..."
Re:Site visit results in disk reformat. Sad thing (Score:5, Funny)
Those who still do not believe in natural selection raise their hands. No-one? Didn't think so.
Wow, you could make a whole new trolling link! (Score:2)
NOTE: If you don't know about goatse, don't look it up. It was never funny and it'll turn your stomache.
Re:Wow, you could make a whole new trolling link! (Score:2)
Too Bad Rest of World Doesn't Understand (Score:3, Interesting)
Not that any OS that doesn't use ActiveX is perfect...nothing is. But allowing the OS to be commanded through something as commonplace as a Web page or email is just ASKING for it.
"No networked computers on my ship," says Adama in the new Galactica series. That point saves their asses from the other ships of the fleet, whose computers were rooted by the Cylons and quickly destroyed because of over-integration.
Sure, it's fiction. But fiction has a grain of fact in it to make it real.
Re:Too Bad Rest of World Doesn't Understand (Score:2, Funny)
That's the most wonderful sentence I've ever read.
Fiction
I think my brain is about to explode.
This is not news... (Score:2, Insightful)
Ah blah.... (Score:2, Interesting)
In a word bullshit..
Ie done ActiveX programming on and off for 6 years now, and while there are theings to be desired in the model, I can tell you you can create some pretty cool stuff in a short time.
Re:Ah blah.... (Score:3, Informative)
Like a webpage that formats your hard drive!
But, but ,but ... (Score:4, Funny)
He'd never lie to us, would he?
Other Choices? (Score:2)
Why is it still being used? what are the other choices?
Man, I can't believe I read that... (Score:2)
This is "news for nerds"?
JennyTheSlutwhore.exe (Score:2)
So can a program (Score:2)
That being said, with a trusted ActiveX app you can do a lot with the OS. The problem is that most users are too trusting (or their browsers are, if the security settings are too low).
developers, developers, developers! (Score:2)
Read versus write (Score:2)
Which is more damaging, deleting the email of a person cheating on their spouse, or forwarding it to the spouse?
ActiveX was never designed for the web (Score:3, Insightful)
It was used in VB to drag and drop controls and parts of applications. Thats it.
For example you could slap together an app that uses Excel by using the ole (activeX) control from the program and putting it on the form.
Anyway its powerfull and security is not an issue since it was designed to be used in internal apps at compile time by VB and VC developers.
MS was panicked by netscape plugins wbecause ms didn't control it. What MS should have done was base ActiveX on ole, take out some features and add security oriented ones in return. Instead they gave out the ole controls with a dumb hackable trust based pop-up as a bandaid solution for the security.
Old News (Score:3, Informative)
Over the years, the view of the critics have proved accurate. Java applets have had a few security problems - usually related to buffer overflows in the VM. ActiveX has been and continues to be a security disaster.
Re:Old News (Score:3, Informative)
Re:ActiveX Experience (Score:4, Funny)
Re:Old (Score:2)
Re:Interesting pass times (Score:2)
PS... (Score:4, Funny)
You seem to have misspelled "horribly horribly worse" as "better" there. Hope that helps. Have a nice day.