On Aug 14, 2:23 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
wrote:
> Microsoft kills more third-party ActiveX controls
> ,----[ Quote ]
> | Microsoft Corp. today issued "kill bit" updates for ActiveX controls from HP
> | and a Washington state developer, the third time it's disabled third-party
> | add-ons in the last four months.
Every time the "ActiveX makes Windows Swiss Cheese Security" story
resurfaces, Microsoft puts out an "ActiveX Killer" patch. It wreaks
havoc on Windows users, and corporate customers and individuals end up
blocking or backing out the upgrade.
This absolves Microsoft of liability for the vulnerability. In
effect, any company that blocks the "ActiveX killer" is effectively
choosing to disable a critical security patch. As a result, if a
successful exploit virus wreaks havoc a week later, Microsoft can't be
sued, because they offered a fix and the victim refused to install it
or removed it.
> | One security researcher linked the release to a new program Microsoft
> | announced last week that's designed to help other vendors find and fix bugs
> | in their own software.
Not to mention that Microsoft is not terribly happy with Adobe right
now, since they have been supporting Linux more aggressively (and seem
to be quite happy with the decision), A killer like this would keep
IE users from seeing flash and PDF documents. Of course, FireFox uses
plug-ins, so the tactic might backfire and drive people to FireFox,
since this would allow the users to have the security without having
to sacrifice their favorite features.
This may be another situation where Microsoft's "damage control" may
do more damage to Microsoft.
> http://www.computerworld.com/action/article.do?command=viewArticleBas...
|
|
