Acer May Be Bugging Computers

tomjen writes "What if a well known laptop company had silently placed an ActiveX Control on their computers that allowed any webpage to execute any program? Well Acer apparently has and they have (based on the last modified-by date of the file) been doing this since 1998. 'Checking the interface of the control reveals it has a method named "Run()" as shown below. The method supports parameters "Drive", "FileName", and "CmdLine". Isn't it strange for a control that's marked "safe for scripting" to allow a method that is suggestive of possible abuse?'"

Re:I'm not impressed with this IE7 "improvement"

[suv4x4]

You may be shocked to realize that Firefox plugins and extensions don't run in any sandbox at all. They in fact have access to any resource Firefox has, which on a Windows machine is usually administrator capabilities.

So what was the beef with ActiveX again?

Oh, and in Vista, IE7 runs in limited mode even on admin accounts, so ActiveX controls are limited too. Firefox so far doesn't take advantage of this.

It's easy to open wide a big mouth and flame Microsoft, but the thing is: how is the competition better?

I won't be surprised if all it's better about (in terms of security) is that it's less popular and thus less targeted by malware authors. We've seen some of this during the Firefox adoption boom, but I'm afraid IE7 might kill the further adoption of Firefox so I can prove it.