well, I see your point. I think there are quite a few people who find it much easier to stick with the mare familiar microsoft OS s and apps just because open source software is new to them- I'd like to point out tho that there are a few of those users (MY mom for instance- after win98 crashing for the Nth time due to spyware and other problems she's sworn off windows and is using linux now) who once they find out that there is an alternative, will opt for software that gives them more control and freedom as far as how their computers work: enter FF and LINUX
I completely agree - The whole essay is full of misleading information and assumptions based on the premise that Microsoft's code signing system works- whish is untrue. I dug up this link somewhere (prolly following a link from slashdot:) ) it explains not only why Active x is a problem, but also how useless code signing actually is
Q: Doesn't Code Signing and Microsoft's AuthentiCode technology prevent people from distributing malicious ActiveX controls?
A: No. Code Signing simply attempts to identify who signed the control. Anyone can go out and get a code signature. It's a pretty much automatic process. You go to a web site, give them a name, address, credit card number and some other stuff (none of which have to be yours), click "I Agree" on a page full of legal jargon, and pretty soon you get an e-mail with the information you need to sign the control in it. Once you have your Digital ID, you can sign any unsigned ActiveX control. Nobody reviews these controls! In other words, a signature doesn't tell you who wrote the control and it doesn't tell you if the control is safe or not. Heck, with the number of hot credit card numbers out on the net, it doesn't even tell you for sure who signed it. A danger is that seeing that a control is signed will give folks a warm fuzzy feeling about the control, and encourage them to run it, even though it does not guarantee their safety!
Slashdot Mirror
well, I see your point. I think there are quite a few people who find it much easier to stick with the mare familiar microsoft OS s and apps just because open source software is new to them- I'd like to point out tho that there are a few of those users (MY mom for instance- after win98 crashing for the Nth time due to spyware and other problems she's sworn off windows and is using linux now) who once they find out that there is an alternative, will opt for software that gives them more control and freedom as far as how their computers work: enter FF and LINUX
I completely agree - The whole essay is full of misleading information and assumptions based on the premise that Microsoft's code signing system works- whish is untrue. I dug up this link somewhere (prolly following a link from slashdot :) ) it explains not only why Active x is a problem, but also how useless code signing actually is
F AQ .htm
http://www.halcyon.com/mclain/ActiveX/Exploder/
Q: Doesn't Code Signing and Microsoft's AuthentiCode technology prevent people from distributing malicious ActiveX controls?
A: No. Code Signing simply attempts to identify who signed the control. Anyone can go out and get a code signature. It's a pretty much automatic process. You go to a web site, give them a name, address, credit card number and some other stuff (none of which have to be yours), click "I Agree" on a page full of legal jargon, and pretty soon you get an e-mail with the information you need to sign the control in it. Once you have your Digital ID, you can sign any unsigned ActiveX control. Nobody reviews these controls! In other words, a signature doesn't tell you who wrote the control and it doesn't tell you if the control is safe or not. Heck, with the number of hot credit card numbers out on the net, it doesn't even tell you for sure who signed it. A danger is that seeing that a control is signed will give folks a warm fuzzy feeling about the control, and encourage them to run it, even though it does not guarantee their safety!