[Techtalk] why is Active X in web pages evil, but not
Perl/PHP/Javascript?
Kai MacTane
kmactane at GothPunk.com
Thu Jan 20 07:28:03 EST 2005
At 1/19/05 09:58 AM , Walt wrote:
>Am I mistaken, or is one of the greatest evils the
>fact that it's only supported in Internet Explorer...?
>Can/Do any other browsers support ActiveX?
Personally, I'd consider that "an evil", but not the greatest one, not by a
long shot. I think the greatest evil is that an ActiveX control can pretty
much do *anything* to the reader's machine, from formatting the hard drive
to installing spyware to whatever else - combined with the fact that
ActiveX normally runs without any confirmation dialog, or any other notice
to the user that anything is happening at all.
Of course, you can set your browser to not run ActiveX, or not run certain
kinds of ActiveX, or prompt you before doing so. But it didn't used to be
the default. (WinXP SP2 has changed that.)
And that's another problem with ActiveX: now some machines will blithely
run any ActiveX they encounter, without even asking the user, while others
will not even consider it (despite being Widnows machines running IE). And
you have no way of knowing for sure which is which. (Of course, JavaScript
and even Java share this problem.)
The fact that MSIE is the only browser that ever can or ever will run
ActiveX is another part of the evil, yes. But I don't consider that nearly
as evil as the security problems mentioned above.
(Indeed, many "average, uneducated web users" have only recently been
exposed to the word "ActiveX", and their primary knowledge of it is "It's
the stuff that lets web sites install spyware on your machine and change
your home page. You want to keep it turned off." I expect use of ActiveX
will decline sharply over the next year or so. The spread of Firefox will
only hasten it.)
--Kai MacTane
----------------------------------------------------------------------
"And you can swallow, or you can spit
You can throw it up, or choke on it
And you can dream, so dream out loud
You know that your time is coming 'round
--U2,
"Acrobat"
More information about the Techtalk
mailing list