Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesActiveX Files

November 1997 / Inbox / ActiveX Files

The otherwise very good ActiveX cover story (September) includes some disinformation in David Linthicum's sidebar on security. Simply put, ActiveX has no security model. The infamous Exploder control that powers down a Windows PC was signed with a Verisign certified signature ( http://www.halcyon.com/mclain/ActiveX ). Microsoft claims that Authenticode, its code-signing framework, is a security model. It is not. It's an authentication framework.

"If a control destroys your system," you say, "at least you'll know whom to beat up." This is sill y. What if the government passed a regulation that thieves must wear name tags if they break into a house when the owners are not present, and then the FBI rat ionalizes it by saying, "If a thief steals you blind when you're not home, at least you'll know whom to jail"? I don't think so.

Any hostile ActiveX control worth its salt will erase all traces of itself before proceeding with the rest of the dirty work. Since ActiveX is Win32-omnipotent, it can do anything. ActiveX may have its place in the developer's toolbox, but it's not a suitable model for executable content.


Research scientist
Reliable Software Technologies
gem@rstcorp.com

no exception. -- David Linthicum

I want to thank the folks at BYTE for writing that excellent article, "ActiveX Demystified." There is, however, something that came to mind after reading it. Does ActiveX open Microsoft to a new era of unrelenting competition? Think about it. By dividing applications into objects that follow the Component Object Model (COM) spec, Microsoft has created many more targets subject to competition. It is difficult to unseat an entire suite of applications (as Corel has found out), but now, small and hungry software firms can target spelling checkers, TCP/IP handlers, peripheral drivers, and many other objects. Are we going the way of software widgets? Is Microsoft going the way of GM, where, in order to keep costs down, it will have to subcontract? The future that ActiveX will bring will be interesting indeed.

Joseph Almeida
Brampton, Ontario
joe.almeida@sympatico.ca
Up to the Inbox section contentsGo to next article: P&S'ing for DollarsSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network