Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Rival] Microsoft Kills ActiveX Controls, Except Its Own

In comp.os.linux.advocacy, Rex Ballard
<rex.ballard@xxxxxxxxx>
 wrote
on Wed, 13 Aug 2008 17:17:51 -0700 (PDT)
<6d4d19de-afe1-4e4d-99bb-128d0dc7a01a@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>:
> On Aug 14, 2:23 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
> wrote:
>
>> Microsoft kills more third-party ActiveX controls
>
>> ,----[ Quote ]
>> | Microsoft Corp. today issued "kill bit" updates for ActiveX
>> | controls from HP and a Washington state developer, the third
>> | time it's disabled third-party add-ons in the last four months.
>
> Every time the "ActiveX makes Windows Swiss Cheese Security" story
> resurfaces, Microsoft puts out an "ActiveX Killer" patch.  It wreaks
> havoc on Windows users, and corporate customers and individuals end up
> blocking or backing out the upgrade.
>
> This absolves Microsoft of liability for the vulnerability.  In
> effect, any company that blocks the "ActiveX killer" is effectively
> choosing to disable a critical security patch.  As a result, if a
> successful exploit virus wreaks havoc a week later, Microsoft can't be
> sued, because they offered a fix and the victim refused to install it
> or removed it.

If one can call that a repair.  One *can* call it a fix,
as in "the fix is in", of course -- but that's a bit different.

Nice...but it does more or less indemnify them, AFAICT.
Not that viruses care; if one kills ActiveX Control XYZZY0,
then the evil malware manglers simply release ActiveX
Control XYZZY1.

If they're really clever, the ActiveX Killer can't key on
XYZZY to kill all potential viruses, because that would
kill a very legitimate and desirable ActiveX control
as well.

A dimwitted fix for a rather nasty problem, IMO.

>
>> | One security researcher linked the release to a new program Microsoft
>> | announced last week that's designed to help other vendors find and fix bugs
>> | in their own software.
>
> Not to mention that Microsoft is not terribly happy with Adobe right
> now, since they have been supporting Linux more aggressively (and seem
> to be quite happy with the decision),   A killer like this would keep
> IE users from seeing flash and PDF documents.  Of course, FireFox uses
> plug-ins, so the tactic might backfire and drive people to FireFox,
> since this would allow the users to have the security without having
> to sacrifice their favorite features.

And then there's the little issue that Firefox is
encroaching on the 30% usage statistic anyway.  Is IE8
going to be so exciting that we'll abandon Firefox
en masse?  I highly doubt it.

(I still wonder why IE7 got that GUI facelift.  It just confuses me.)

>
> This may be another situation where Microsoft's "damage control" may
> do more damage to Microsoft.
>
>> http://www.computerworld.com/action/article.do?command=viewArticleBas...
>


-- 
#191, ewill3@xxxxxxxxxxxxx
Useless C++ Programming Idea #110309238:
item * f(item *p) { if(p = NULL) return new item; else return p; }
** Posted from http://www.teranews.com **

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index