Re: Active X exploit.

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Wed, 27 Aug 1997 21:25:23 +0100

> What ActiveX doesn't have is a sandbox. That's different than saying
> that there's no security.
>
> ActiveX controls are _signed_ DLLs. You run the code if you trust the
> signer. If you do, you know that no one has tampered with the code since
> the signer signed it.
>
> That's more secure than what I buy at the store.

When sir, was the last time you walked into a store and every time you
looked at a package it automatically installed itself and ran ?

Signing things is good practice, and its one I'm pleased to see many
OS and product vendors adopting. Automatically running things that are
signed is a different matter.

Alan