Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers

ArticlesActiveX Security

September 1997 / Cover Story / ActiveX Demystified / ActiveX Security
David S. Linthicum

Downloading executable content from unknown Web sites might be risky. Who knows what this little application is going to do once it's on your system? Two main security concepts have emerged to combat malicious executables: code signing and the sandbox model.

ActiveX uses code signing, specifically the Microsoft Authenticode technology. Authenticode allows you to verify the origin of a control and thus assess its reliability and safety. If a control destroys your system, at least you'll know whom to beat up. Independent certificate authorities (CAs) like VeriSign issue the digital signatures to mark the code. Developers have to pay for the certificates, and in order to be considered for a certificate you must pass through a screening process. The digital signature is 1024 bits and thus essentially impossible to reverse engineer.

Authenticode is based on Microsoft's code-signing proposal now being evaluated by the World Wide Web Consortium. Authenticode uses X.509 v3 cryptography certificates as well as the PKCS #7 and #10 signature standards. The digital signature uses both a public key and a private key, known as a key pair. Only the private key owner knows the private key, while the public key is available to the world. The private key is used to generate the signature, and the public key is used to validate it.

The Java sandbox, in contrast, provides highly restrictive security. An applet can't perform unauthorized system functions (e.g., allocate memory) or read and write from disks or other devices. Because some developers have found the sandbox too restrictive, recent versions of the Java Development Kit also support code signing and different degrees of protection. Consequently, if an applet is signed and trusted, it might be able to exit the sandbox into another protection domain where it may be able to do file I/O, for example.

Cost is also an issue. If you're going to add a signature to your code, you have to pay the CA. While larger software development shops won't feel the pain, those that create shareware in their basement might not be able to afford the certification or pass the CA's background check.

Not Quite So Secure

screen_link (57 Kbytes)

Authenticode warns you that you're about to install some bit of software, but it doesn't protect you after you click Yes.

Up to the Cover Story section contentsGo to previous article: ActiveX SecurityGo to next article: Java and ActiveX
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network