OT: ActiveX?

Lili wrote on 2/7/2006, 2:16 PM

Is ActiveX a "bad", or in any way risky thing to install on my editing computer?

I sometimes get a message that I can't open a certain file from the web unless I download ActiveX controls, and somewhere I read or heard that this could compromise my system's security. Is there anything to this, or am I being needlessly cautious in this respect?

thanks for any replies:-)

Comments

jrazz wrote on 2/7/2006, 3:05 PM

You need to consider the source of the active x content. Is it a website you trust? Are you sure that it is the website you meant to type in? Then yes, it is probably safe. If you stumble upon a site and the site asks you to download active x content, I wouldn't do it, unless you know for sure that it is legitimate.

Not all active x content is bad. Just be cautious in where you go. If you have another computer that you don't edit on, use it for internet purposes.

j razz

riredale wrote on 2/7/2006, 4:53 PM

ActiveX is a Microsoft browser thing, and has been a channel for some bad stuff in the past. Some web sites use it, many do not.

If you get a chance, you might want to download and try out the extremely popular new browser called "Firefox." It does NOT use ActiveX at all, and still people seem to be very happy with it. In other words, I think ActiveX was an interesting idea that will fade away due to the liabilities it brings to the table.

fldave wrote on 2/7/2006, 4:57 PM

With the big ActiveX exploit about six months ago, Microsoft's initial solution was to shut off all Internet Explorer ActiveX functions. A large portion of the internet pages didn't work then. The second patch put the real fix in and "loosened" the restrictions on ActiveX a bit.

In IE, go to Tools/Internet Options/Security/Custom Level. There I run:
Automatic prompting for Activex controls - disable
Binary and script behaviors - Enable
Download signed Activex controls - prompt
Download unsigned Activex controls - disable
Initialize and script ActiveX controls not marked as safe - disable
Run ActiveX controls and plugins - enable
Script ActiveX control marked safe for scripting - enable

I think Microsoft keeps a list of "safe" controls. It's the unsafe ones you need to run from. If you are on a questionable site and they want to install something, say no and leave the site.

Coursedesign wrote on 2/7/2006, 5:42 PM

...and make sure you're not on a spoofed site!

Like mypaypal.com or paypal.custsvc.com (that hypotethical domain is "custsvc.com", registered to the Russian mafia, not Paypal, that just happens to be the name of a subdomain here).

For a while it was even possible for some sites to mask the real address in the address field by just painting over it with bofa.com etc. This doesn't work anymore in IE, but IE is a totally obsolete browser anyway.

I couldn't live without tabs for starters, and I sleep better without Active X.

Don't use Netscape which has both Mozilla and IE rendering engines, I suspect this means that you are still vulnerable.

jrazz wrote on 2/7/2006, 6:38 PM

I do like the IE 7 beta. Multiple home pages, thumbnail page displays, page magnification.
I use firefox as my main and I run IE7 on my other monitor when I need to pages up at one time.

j razz