Microsoft steps up and defends ActiveX

As expected, Microsoft today posted a Web site called “Web Executable Security Advisor” that defends ActiveX and explains the pros and cons of ActiveX, Java, and other Internet technologies. The site was planned after the news earlier this month that

Paul Thurrott

February 18, 1997

1 Min Read
ITPro Today logo in a gray background | ITPro Today

As expected, Microsoft today posted a Web site called “Web Executable Security Advisor” that defends ActiveX and explains the pros and cons of ActiveX, Java, and other Internet technologies. The site was planned after the news earlier this month that German hackers used an ActiveX control to steal money from people’s accounts electronically.

Microsoft’s argument for ActiveX is that any executable program—be it an ActiveX control, Java applet, or Netscape plug-in, that runs across the Internet has inherent security risks.

“If people let a stranger in the house and the stranger tied them up and stole their VCR,” said Tod Nielsen, general manager of developer relations at Microsoft. “Do they go to the police or move into another house?”

That’s a bit of a stretch, since most people don’t understand the security risks that ActiveX controls can contain. A better comparisons would be people changing the channels on the TV and having the TV suddenly tie them up and steal the VCR. No expects that the happen either, but that’s essentially what an ActiveX control can do to their computer. Think about that for a second.

Sorry, but “ActiveX security” is an oxymoron.

Microsoft has pledged to increase ActiveX security and I suppose this Web site is a good first step toward informing users about potential security risks. On the other hand, who’s ever going to see it?

Want more information?

Web Executable Security Advisor

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like