Re: ActiveX security hole reported.

• To: "John C. Pavao" <pavaojc@rixix.sod.eds.com>
• Subject: Re: ActiveX security hole reported.
• From: Jeremey Barrett <jeremey@forequest.com>
• Date: Fri, 16 Aug 1996 16:53:29 -0700 (PDT)
• cc: www-security@ns2.rutgers.edu
• In-Reply-To: <3214A346.523@rixix.sod.eds.com>

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 16 Aug 1996, John C. Pavao wrote:

> Jeremy,
> 
> It's frightening to see messages like the one you replied to.
> 
> It sounds like we're heading for a Darwinistic future for the Web,
> Internet, and computing in general. A future where people who want to
> use their personal computers for "low-brow" tasks like doing their
> finances, recreational web browsing, etc., without desiring to become
> sysadmins and programmers will be weeded out and relegated to the
> uninformed masses.  Only the computer elite, who can dedicate all of
> their time and effort to keeping abreast of things like Java and ActiveX
> deserve to be able to use their computers with a telephone line
> attached.  

That's the problem with things like ActiveX, which undermine the ability
of users to just go about their business. If ActiveX had a security
model worth a dime, users would not have to know about the implications
of running x, y, or z, they'd just do it. 

Java has a better model, which at the moment is safe (aside from bugs).

> 
> To say that the average user should be smart enough to not choose OK
> when choosing OK is just what you have to do all the time to do anything
> in Micro$oft Windows (name your version, name your application) is like
> saying that soldier should have known better than to step on that
> landmine because it was buried in the ground.  

Exactly.

> 
> Those of us who seem to feel that it's just too bad for the cutting-edge
> technology illiterate would do well to remember that maybe people who
> don't make their living running other people's computers hardly have
> time to learn the pitfalls of the latest thing to pop out of the WWW
> fad.  I have no interest in learning medicine, but I want a bottle of
> aspirin that it's safe to take.  Shouldn't the doctor be able to sit
> down at his computer and be able to use the web without having to learn
> a second profession AND getting his computer FUBARed?

With ActiveX, M$, which has consistently touted its easy UI, is putting
an enormous burden on the average user, who does not and should not know
about the problems/implications therein. It's the exact opposite of what
they are supposed to be good at (which they aren't of course).

Those of us that do know a thing or two should fight as much as possible
to have crap like ActiveX tossed so that unsuspecting users are not
turned away from the net because using it crashed their machine, or
wiped their disk, etc etc...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                        jeremey@forequest.com
The ForeQuest Company                           http://www.forequest.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.forequest.com/people/jeremey/pgpkey.htm
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhUJ4S/fy+vkqMxNAQH2KQQAnK5Qd6htNO2aR+/xpRQYv2nddMETfxzj
AFWua1MNzeojhVNj0ljn+iM4op+q8XMrsnvH4hTvO+fp6LiXs6MDFZ1lb3SwWN1A
Xn94Y6gvfRk3C9FCCWcmKvasElmpb/r+KkDiqaoJSlNQBk1TuVINFVtzx2Z+o6FT
KCgyE2oAHYo=
=99j6
-----END PGP SIGNATURE-----

• Re: ActiveX security hole reported.
• From: "John C. Pavao" <pavaojc@rixix.sod.eds.com>

• Previous: Client-side includes
• Next: Re: ActiveX security hole reported.
• Index(es):
  • Index
  • Thread