Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brian Hook on the ActiveX Experience

Posted by Hemos on from the poorly-made-and-maintained dept.

Obiwan Kenobi writes "Brian Hook of id software fame got around to developing on ActiveX and found some minor grievances, particularly in the security department. To quote: "I've been doing some ActiveX coding on the side for a couple days, stuff I'm not familiar with, and I'm just flat out _appalled_ at how bad that entire API and design is. I can make an OCX that basically formats your hard drive, stick it on a Web page with a tag, and if your security settings are set low enough, you'll start formatting your hard drive the minute you visit my Web page.""

4 of 523 comments (clear)

  1. Security was never needed by jellomizer · · Score: 3, Informative

    Active X was never meant to be completely secure. It was designed to be faster and more powerful then Java. And it is that, faster because all the code runs natively with no virtual machine, and more powerful because all those annoying security designed are non existent. That is why it is so widely used. And that is why IE systems are full of spyware, that are spamming everyone! But during this time in the late 90s. IT wasn't thinking of security. And why should they. Hacker only came in on non firewalled systems. Downloading an untrusted active X control is just like downloading any other program be it a trogon or a virus, these usually worst case just messed up your files or in nasty cases put bad sectors on your disk (But I think that is an urban myth, I haven't studied virus that much to know for sure). So that was a user error. And with Windows 95 and 98 as a primary OS they already had access for mess up the drive from the system anyways. So while a lot of people were going THINK OF SECURITY MAN! They just go well it is faster then java plus I easily save files to the disk. I am using this.

    The move to a strong security model just started to really happen by the year 2000 when common people started getting high-speed internet access at less cost then the companies are paying for their T1 lines. Then they started clamoring to make everything secure but because they laid off the bulk of their IT employees they became under manned to fight security. So it is now a long slow process of building up IT security.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. Re:Ah blah.... by Trigun · · Score: 3, Informative

    ...I can tell you you can create some pretty cool stuff in a short time.

    Like a webpage that formats your hard drive!

  3. Re:Gee, that's news... by realdpk · · Score: 4, Informative

    A signed control can come from anywhere, too. A lot of spyware is signed.

  4. Ever heard of OS X? by Just+Some+Guy · · Score: 4, Informative
    The average user simply isn't willing to have an "administrator" account that they have to use every time they want to install an app.

    My wife isn't terribly computer savvy (at least, she wouldn't be if she weren't married to a CompSci person), but she's perfectly content with Mac OS X asking for her password before updating system software. It's an immediate red flag that something important is about to happen, and I think she'd be extremely hesitant to type it in response to clicking on a link to a web page.

    --
    Dewey, what part of this looks like authorities should be involved?