Re: It's COBOL, Jim, but not as we know it...

Richard wrote:
On Dec 9, 5:00 pm, "Pete Dashwood"
<dashw...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Richard wrote:
On Dec 9, 1:46 pm, "Pete Dashwood"
<dashw...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Robert wrote:
On Tue, 9 Dec 2008 11:31:42 +1300, "Pete Dashwood"
<dashw...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Here's what SHOULD happen:

1. You click the link in the newsgroup message.(ONLY ONCE...
don't double click it...)

2. The logon page opens, followed a few seconds later by the
cobdata page opening in the background. (You should maximize the
login page if it isn't already.)

3. You login or register. It succeeds. You click "Resume" and the
standard download dialog for the ZIP file appears.

4. You download. Close the page. The standard cobdata page
remains.

(since Sunday, there have been 7 successful downloads.)

Here's what CAN happen:

1. Both the login and COBDATA main page appear simultaneously.
This has to do with browser delay and/or server workload. If it
happened, it shouldn't happen consistently. Everything will still
work, but it could be confusing to a user.

2. The login page may be minimized and all you see is the COBDATA
main page. This has to do with Browser settings or tabs if you
are using a tabbed browser.

3. The COBDATA page is obscuring the login page. Minimize the
COBDATA page and it should reveal the login page.

4. Your Firefox browser blocks the login page as a pop-up. That's
what happened to me. I told it to stop blocking pop-ups for this
site.

Damn! I took special care to make sure the thing works in Firefox
(even identifying and installing the Firefox add-in needed to
support ActiveX/COM into my updated Firefox browser...) but I never
thought about popups...
- )

And I thought that one of the main reasons for using Firefox was to
_stop_ being infected with ActiveX.

Gosh Richard, perhaps you were ... mistaken?

ActiveX is just code like any other computer code. It can be used
for good or it can be used for bad.

It is actually no more dangerous than any other kind of script.(An
ActiveX control has no more permissions on your system than a Java
Bean, for example.)

That is simply not true. An ActiveX control that has been loaded by a
webpage onto a Windows system is just another executable and has
access to everything that any other program can do, such as writing to
the disk.

But it can't get to your system via that route unless you enable and allow
it. There was a time when IE used to simply download the component
transparently. That doesn't happen any more. That's why I need for people to
do a separate install of the component before they can run the demo.

It has to be installed and registered. It has topass authentication and mmay
have a signed digital signature which guarantees you are getting what you
thought you were getting. All of this has a bearing on the permissions (like
file writing) that it ends up with. It can be disabled in seconds by
de-registering it, unlike a virus, trojan, or backdoor. It is VISIBLE on
your system.

As someone who has been writing these components for over a decade now I can
honestly say I have allowed controlled ActiveX downloads to my system and
have never had a problem with it. Security in the last few years has been
much improved as Howard alluded to.


A Java applet (which is what can be in a webpage) runs in a sandbox
and cannot write to the disk, or access other processes.

The "sandbox" is a set of security measures which seriously limit the
usefulness of applets. So much so that Sun has now chosen to emulate the
MicroSoft system of signed authentication which is used by ActiveX controls.

http://www.javaworld.com/javaworld/jw-05-1997/jw-05-security.html


While both can be security risks (especially on Windows) ActiveX is
while working exactly as designed and Java only is when it can exploit
a flaw.

You could see it that way. I don't. But then, I don't write malicious
components that do damage while working "exactly as designed".


Many millions of people find ActiveX components to be useful devices
that enhance their computer use. Calendars, juke boxes, and very
effective online virus scans from companies like Panda and Trend are
all implemented by means of ActiveX controls.

The mere fact that virus scans are necessary is an indication that the
security model is completely wrong.

The model is evolving. It is no more "wrong" than any other model would have
been. Investment of many millions has been made into improving it. Judging
today's model by what was true yesterday, is simply misleading.

Pete.
--
"I used to write COBOL...now I can do anything."


.

Relevant Pages

  • RE: Active X error attempting to connect to RDP through RWW
    ... I understand that when you select a computer in RWW ... browser is going to attempt to download a Microsoft Remote Desktop ActiveX ... Remote Web Workplace requires the Microsoft Remote Desktop ActiveX control. ... Your browser's security settings may be preventing you from downloading the ...
    (microsoft.public.windows.server.sbs)
  • Re: How to disable ActiveX Security warning ?
    ... when you do that you are "punished" by having a warning pop-up every damn time you hit a page with an ActiveX control. ... What he wants to do is to stop the warning pop-up, not loosen his security. ... No popups. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: Active X error attempting to connect to RDP through RWW
    ... message about IE not allowing the installation of Activex and shows a problem ... Remote Web Workplace requires the Microsoft Remote Desktop ActiveX control. ... Your browser's security settings may be preventing you from downloading the ... Please note that you need to be a local admin to install Active X controls. ...
    (microsoft.public.windows.server.sbs)
  • Re: Dynamically creating an ActiveX on a WPF/Windows .Net app
    ... ActiveX control and exposes them as a fully featured Windows Form ... Below is the early binding code generated by the designer to use the ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework)
  • Re: Remove "Your current security settigs prohibit running ActiveX controls ..."
    ... I'm not aware of any method which can remove the security warning. ... But, when you set the Kill-bit to Flash ActiveX control, you don't get the dialog - but Flash is blocked silently. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)