Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brian Hook on the ActiveX Experience

Posted by Hemos on from the poorly-made-and-maintained dept.

Obiwan Kenobi writes "Brian Hook of id software fame got around to developing on ActiveX and found some minor grievances, particularly in the security department. To quote: "I've been doing some ActiveX coding on the side for a couple days, stuff I'm not familiar with, and I'm just flat out _appalled_ at how bad that entire API and design is. I can make an OCX that basically formats your hard drive, stick it on a Web page with a tag, and if your security settings are set low enough, you'll start formatting your hard drive the minute you visit my Web page.""

12 of 523 comments (clear)

  1. Vapor design by Spy+der+Mann · · Score: 5, Insightful

    I think this could be considered as a proof of how ActiveX was vapor-designed by Microsoft to compete with original Netscape's plugins.

    1. Examine more or less how competition works
    2. Quick! Make a prototype and flat-out obvious bugs
    (Missing step: redesign well taking into account security considerations)
    3. Overhype
    4. Profit!

    So now we're stuck with an obsolete plugin model, which Microsoft neglects to fix because this would break backwards compatibility.

    THE END.

  2. Nothing new. by GeckoX · · Score: 4, Insightful

    I'm really finding it hard to give this guy any credibility at all. First off, none of the issues he cites are in any way new, these problems are old hat. But then to get all nit picky about the details of these issues by professing things like 'I don't use ATL, I write my ActiveX in MFC.' Shit, I don't even know where to begin. The guys just now digging into ActiveX and has decided flat out that MFC is the way to do it? Strike 1, and strike 2. Not immediately dropping it and moving on to something more suitable, you're out man.

    I'm dumbfounded by this.

    And editors, you're not helping any by posting stories like this. It's all too obvious that this article was posted because it fits the anti-MS slant quite well. That's all fine and good, but this article brings absolutely NOTHING to the table except another excuse to bash MS and an OLD MS technology.

    --
    No Comment.
    1. Re:Nothing new. by brunogirin · · Score: 5, Insightful
      I think you're missing the context here. First, this is a personal entry on a site that is read by very few users, it wasn't meant to be "news". Second, Brian, who had never done anything with ActiveX, decides to try the technology "on the side". He has heard all the horror stories about ActiveX but actually *using* the technology makes him realise that all the horror is real and, slightly amazed by his discovery, posts on that site. He is just expressing his dismay at the fact that all the horror stories about ActiveX are not myth but reality. Everyone of us does this: experiment to see for oneself and then share one's experiment with others. The findings might be old news for some but are not without interest.

      In practice, I find this article very interesting for what it is: the findings of someone who is a recognised programmer into a field he has no knowledge about; and that prove that all the ghastly rumours about ActiveX are true, not hype. Now whether it should be on /. is another question.

  3. Site visit results in disk reformat. Sad thing is: by The_REAL_DZA · · Score: 4, Insightful

    even WIDESPREAD coverage that the site is LETHAL to a computer wouldn't keep people from visiting it. When the "I Love You" virus hit a while back, we actually had users open the e-mail "just to make sure" it wasn't really someone sending them a love letter (like they EVER got them before and would SUDDENLY begin to, entirely by coincidence, right then...)

    Like the man said about tsunami alerts in the United States: "There's still a large segment of the population that would go get their kids out of school so they could drive to the beach and watch the big waves..."

    --


    This space intentionally left (almost) blank.
  4. Re:Gee, that's news... by jellomizer · · Score: 4, Insightful

    Well people start getting these warning messages and they realize that they are usually there to help them out they just go and lower their security settings so they don't get botherd by the messages. While the average useser plays dumb they will ineateate a high amount of intelegence to say get his online poker game to run. But after it corrupts his drive he will point to you and tell you to fix it.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. Re:Gee, that's news... by sepluv · · Score: 5, Insightful

    And what may I ask makes a signed active-X control any less dangerous than an unsigned one?

    --
    Joe Llywelyn Griffith Blakesley
    [This post is in the public domain (copyright-free) unless otherwise stated]
  6. Re:Gee, that's news... by All+Names+Have+Been · · Score: 4, Insightful

    i mean, any operating system is vulnerable to an exploit if it's security infrastructure is sufficiently loose.

    The problem is, there aren't many OS's out there that arbitrarily run dangerous code from a web page with no interaction from the user other than visiting the page in question, low security settings or not.

  7. Re:Gee, that's news... by mcrbids · · Score: 4, Insightful

    any operating system is vulnerable to an exploit if it's security infrastructure is sufficiently loose. if you set your entire filesystem to 777 then you're completely vulnerable on any unix-based os too.

    Really? So, if I chmod 777 my, uh, /tmp or /mnt/deleteme directory, you can make a web page that will delete it all from within my Firefox browser? On my Fedora Core 3 laptop?

    Are you sure?

    See, to do this, you have to get a script or something to run on my system to delete these locations. Show me where even lowly jscript allows for this...

    Now, I'm no jscript guru, so I did a google search for jscript delete files and, on at least the first page or two, only came up with stuff having to do with the ".NET framework" or involving ActiveX!

    And the point isn't that files can be deleted, the point is that the API for ActiveX allows somebody to do this remotely.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  8. Bingo. by Weaselmancer · · Score: 4, Insightful

    That's it exactly.

    To put it another way, if you change a single setting in a single program (IE) any web page can zap your system. To make your *nix box as insecure, you have to change the file permissions for every single file on the system.

    IE is a single point of failure. That's what makes the comparison invalid. You'd have to go out of your way to screw up a *nix box that bad.

    --
    Weaselmancer
    rediculous.
    1. Re:Bingo. by adiposity · · Score: 4, Insightful

      Actually, that's false. This is only true if you run in windows as "root" (Administrator). If you login into X-windows as root, you're just as vulnerable (assuming you are using a program like IE that will allow some script to do something malicious).

      The obvious problem is that it's much more common to run Windows as "root" than it is on *nix, for various reasons. Not the least of which is the fact that *nix users usually are smart enough to use one account for administration, and other for doing "user" stuff. Also not the least of which is that many Windows apps aren't written in such a way that it's feasible to run them in non-root mode.

      This isn't to say that Active-X isn't dangerous...it is. But the big difference between *nix and Windows here, is that *nix is run by somewhat security-savvy people, and Windows (often) isn't. With "user-friendly" linuxes coming out, many of which login as root by default, a lot of that protection will go away.

      The average user simply isn't willing to have an "administrator" account that they have to use every time they want to install an app. That fact means that for *nix to go mainstream, a lot of security inherent in *nix philosophy will have to be lost.

      Luckily, mozilla/firefox are being designed in such a way that they are much less likely to exploit lax security than IE is. This will only partially mitigate the problem, though, as people dumb enough to click on a random link and run the program can still get screwed.

      -Dan

  9. Re:Gee, that's news... by Waffle+Iron · · Score: 4, Insightful
    Of course you have to trust the CA who issued the certificate that signed the control

    Does Verisign review the source code for the controls that its certificates are applied to? I think not.

    About the only thing that we can "trust" is that Verisign got a check from the developers. The ability to mail a check != trustworthiness.

  10. Re:Gee, that's news... by Fulcrum+of+Evil · · Score: 4, Insightful

    Sure. But you know the signer. And you agree to install it.

    I'd rather have the Java model, where it requests specific permissions. I actually don't know the author, unless it's MS or Macromedia or someplace similar. Real security is proactive, not reactive. Besides, most software absolves itself of all responsibility, so what could you really do? Show up at their door with a baseball bat?

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"