Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesBug of the Month

Nov ember 1996 / Bits / Bug of the Month

Be Careful Out There!

This month's choice isn't a bug per se, but rather a dramatic example of what can happen when good people download bad ActiveX controls. Fred McLain, CEO of Apropos, a software engineering company, wrote an ActiveX control to illustrate the potential dangers in downloading ActiveX programs. If you're using the final version of Microsoft's Internet Explorer 3 and download his Exploder control , it performs a clean shutdown of your Windows 95 system.

"I'm warning visitors to my Web page [ http://www.halcyon.com/mclain/ActiveX ] that you have to be careful," McLain says. He p oints out that someone else could just as easily write an ActiveX control that formats your hard drive or does other equally bad things.

Exploder went through the Authenticode process, in which controls are submitted to VeriSign, the digital-authentication company that is working with Microsoft. With Authenticode, a software publisher signs its code with a unique digital signature, which confirms to users who published the control and that it hasn't been hacked.

Microsoft says Authenticode wasn't designed to guarantee that users won't download malicious code, but that the technology does provide a measure of accountability on the Internet. McLain is not convinced that's enough.

"If I were to put a loaded pistol on the table with a note indicating who owns the gun, that won't prevent a 3-year-old from walking in, picking up the gun, and accidentally shooting himself," says McLain. "The note wasn't enough to prevent the accident." At press time, McLain was putting the final touches on a version of Exploder that does another clean shutdown, this time of Windows NT.

Send yours to edejesus@bix.com !

Even Authenticated Controls Can Explode

screen_link (26 Kbytes)

Up to the Bits section contentsGo to previous article: Go to next article: FlashPix: Future Graphics Lingua Franca?SearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM   E
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network