A Reason Not to Use IE Explorer?

JQ Johnson jqj at darkwing.uoregon.edu
Sun Nov 24 16:35:30 EST 1996


Thomas Dowling notes that the issues surrounding ActiveX security are
well known.  I agree, but it seems to me that the sandboxing vs signing
debate generally tends to be posed in the context of personal or
corporate PCs, not in the context of shared student facilities or
public access facilities such as library webstations.  I wonder if we
might have special needs that in fact have NOT been well-rehashed.

In particular, Microsoft argues that signing of ActiveX controls
provides the same level of security as existing software distribution
mechanisms.  If you trust MacroSoft Inc. enough to buy and install
their geewhiz punctuation corrector, then you should be equally willing
to trust their digital signature and download an activeX control from
them.  On my own machine I don't want to risk getting a virus that
might interfere with my work, so I can be depended on to practice safe
se..  I mean safe downloading.  This argument might be valid for
personal machines but not for shared facilities.  I suspect most sites
don't allow students to install random commercial or freeware software
on their public access stations.  Do we trust our users enough to allow
them to download and run arbitrary programs, even if there is a robust
way to identify the commercial vendor of some of the software?  Will
ActiveX drive us all to switch to Windows NT?


More information about the Web4lib mailing list