Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft Security Software Windows

South Korea Begins To Deprecate ActiveX 95

jones_supa writes The reliance on proprietary technologies to deliver web services varies from country to country. South Korea's ActiveX problem has been in the news before. Yonhap brings us a short report that the government plans to finally start cleaning up this troublesome technology from public websites later this month, as Korea gears up to create a more friendly Internet environment. The country's online financial websites and shopping malls often use ActiveX to have their payments and identification programs securely downloaded to users' personal computers.
This discussion has been archived. No new comments can be posted.

South Korea Begins To Deprecate ActiveX

Comments Filter:
  • by Anonymous Coward

    I'm pretty sure nearly every story posted on Slashdot about ActiveX had at least 50 responses that included the words "M$".

    • Heh! We can always go and see: Google Search: site:slashdot.org activex [google.com]

      Here's an ActiveX discussion in Slashdot from 10 years ago: Brian Hook on the ActiveX Experience [slashdot.org]

      • 10 years ago isn't long enough. Go back 15 and everyone that wasn't drinking the kool-aid already knew it was complete garbage, and yet Microsoft kept trying to force it down people's throats.

    • responses that included the words "M$"

      "M$" looks like a string variable in old-skool line-numbered BASIC, and Microsoft started out publishing BASIC interpreters. Could "M$" mean "The company should have stuck to BASIC and not branched into microcomputer operating systems"?

      • by dbIII ( 701233 )
        If they had stuck with Xenix we may not have ended bottom lip deep in a malware swamp listening for approaching speedboats.
        • If they had stuck with Xenix we may not have ended bottom lip deep in a malware swamp

          Could you explain how that might not have happened? Xenix (which became SCO OpenServer) was just Microsoft's port of AT&T UNIX to PCs. UNIX is just as vulnerable to malware as Windows: if you trick the user into elevating to install something, something will be installed.

          • Starting with a multiuser approach and being aware of a network that early on is likely to have made all of the difference.
            Most of the shit is a legacy of having a single user non-networked environment for so long.
            Currently it's a single click on an email to infect all the available network shares with cryptolocker - nothing about elevating to install something at all.
            • by tepples ( 727027 )

              Even in a networked environment, if you can convince the owner of a home PC to download a binary package and elevate to install it, you 0wn his PC. Trusting your operating system's default repository doesn't help if a trojan poses as a type of desirable software that's often excluded from repos on licensing grounds [pineight.com], such as games or media players.

              • Seriously guys - every time I give an example of malware on an MS platform I get modded down - grow a pair instead of living in denial.

                Back to the above poster, yes it may still happen in environments where security was considered from day one but I'm convinced the years of no privelage separation at all has resulted in the scale of the current problem.
  • Holy shit snacks, does that mean that one day I might be able to use Korean government or online banking website with Firefox???

    Probably not, the country's extremely monocultural when it comes to computing tech. ("Not Invented Here" [wikipedia.org] was one of the problems in the first place. [kanai.net]) For example, nearly all the PCs there are Windows/Intel/nVidia combos... you really need to jump though hoops and/or be really specific when ordering computers to get anything else. And, only people at Daum [daum.net] and KAIST [kaist.ac.kr] seem to even hav

    • by hjf ( 703092 )

      Yes. We do some warranty stuff for LG. Their website is IE6-only (older versions on compatibility mode). It uses a SHITLOAD of ActiveX components for really, really dumb things. Like: Grid Views, Drop Down Views, etc. It's the typical "I'm used to a desktop app so I expect a web app to behave exactly like a desktop app, with pop-up windows and all other controls". This is endemic with MS developers.

    • Extremely monocultural? As opposed to the US, where... what, if I recall correctly, Linux has a 1.5% desktop market share and Macs are around 5% or so? South Korea is certainly worse off, but honestly, it's a little hard to argue about a "monoculture" in South Korea when in reality it's only a few percentage points away from the rest of the world in terms of PC OSes.

      Besides, more and more people are moving away from PCs to phones and phablets for day to day computing needs, and Samsung phones (and Android

      • Desktop share doesn't matter. Server share, supercomputer share, and embedded share matter. Why? Because that reflects the mindshare of the geeks and their bosses who pay for the stuff. That means it's not a hard sell to say a customer-facing stuff should be compatible with Mac and Linux, because it would be pretty silly to make software you can't test within its own box, even if you do need to test it with typical customer boxes and OSs before you release. Year windows dominates, but you still see billboar
  • From a simpler era (Score:4, Insightful)

    by Baldrake ( 776287 ) on Saturday March 21, 2015 @09:23AM (#49308227)
    I worked with ActiveX technology close to 15 years ago. It was a much simpler era, where there was little need to worry about platforms other than Windows+IE, and where most of us hadn't really caught on yet to how ruthless the hackers were going to become. And frankly there wasn't a whole lot of alternative for pushing real app functionality from the web in those days. Some people were using Java, which certainly wasn't any more secure, and eventually Flash began to gain traction. So it's not completely hard to understand how we got where we are.
    • True, ActiveX was just one of several bad ideas that became "standards" during the web's explosive growth period. Others that came to mind were the blink tag, Flash (as you mentioned), Java (for the web, a terrible idea), and the abortion of a scripting language known as JavaScript. JavaScript is just the lesser of the evils of the technologies and no one has been able to push forward a replacement, though several have tried.

      • My favorite was the <marquee> tag. Worked a lot better than today's javascript-powered scrollers.
    • by Art3x ( 973401 )

      It was a much simpler era, where there was little need to worry about platforms other than Windows+IE

      You were part of the problem.

  • ActiveX (Score:5, Informative)

    by Dan East ( 318230 ) on Saturday March 21, 2015 @09:59AM (#49308361) Journal

    In case anyone is wondering what ActiveX is, it's essentially a Windows program you download that runs natively on your computer. It gets to draw to the specified element in the browser, which makes it look like it's part of a webpage. There isn't (or wasn't) any kind of sandboxing or security once the ActiveX component was installed - it could do anything it wanted on your computer like any other Windows program, because that's essentially what it was. The only security was whether or not you installed the ActiveX component in the first place. If I remember correctly they are really just DLLs, and used Component Object Model for the standard in which the DLL exposes methods, etc.

    • It is aided and abetted by what are known as Browser Helper Objects, which are further code downloaded from the internet and run natively in your computer without any user intervention or even a notification. Thus the ActiveX dll is merely the entry way. Anything from anywhere gets to run anything on your computer through ActiveX and BHOs. In retrospect it looks like a very dumb idea. But back then, for PCs, the P as in Personal was the dominant part. No clear distinction between user, admin and the owner.
      • by tlhIngan ( 30335 )

        And ActiveX got a severe makeover in IE7. So much so that practically everything broke. Which is why IE6 hung around so long.

        Of course, you have admit that South Korea is FINALLY getting around to fixing it given IE7+ has been around for years now. I'm guessing Windows 7 and XP Mode support is getting harder to come by?

  • by Anonymous Coward

    In Korea it is required to use a government sponsored certificate for all online transactions, and the certificate is available only if you have an ActiveX supported computer. This sounds very stupid but it is true.

    Now that Microsoft has abandoned ActiveX, the Korean government has to give up ActiveX. The plan is to rewrite the ActiveX code and future online customers need to download and install an .exe file for handling the certificate. The real problem is not ActiveX. The real problem is the Korean gover

  • 'For example, “COM supports an undocumented feature called channel hooks. Well, they are semidocumented in the Win32 header files and in Don Box's ActiveX/COM column (MSJ, January 1998). Microsoft does not officially support channel hooks on either Windows NT 4.0 or Windows 2000 If you're still reading, then you've acknowledged that disclaimer and I can get into the details”' ref [sonic.net]
  • ...is not the adverb I'd use when talking about ActiveX.
  • Working in Korea once I needed to install a package with apt-get but the file came down empty. I asked around and it turns out that to download anything on the corporate network you had to install this active-x component which looks to see if a storage device is connected to USB. If a device is connected the download still won't work, but you can still make a local copy of the file, plug in the USB key, and copy the file that way, which is what we did on a windows box.

    Half measures all over the place.

Every successful person has had failures but repeated failure is no guarantee of eventual success.

Working...