Active X Controls

[binxgook]

All of a sudden I am getting a toolbar that pops up saying "This site might require the following Active X Control: 'Macromedia Flash Player 8' from Macromedia, Inc. Click here to install. Why would I be getting this all of a sudden? I have heard bad things about active x |shocking|

[dirtyjumbo]

I was getting flooded with spy- and adware all the time and ever since I turned of my ActiveX I've never had any problems anymore..

If I don't trust a site that has ActiveX I just click NO!!

[Greenguy]

I went to a site yesterday that had it & since mine it turned off, the site gives you a step-by-step diagram as far as how to turn it on - pretty clever marketing.

[ecchi]

The important thing the site is looking for is 'Macromedia Flash Player 8' not Active X. However it is good to mistrust auto downloads, because although Flash is a standard add on, there is always a possibility that this is being poped by someone else and they are hoping you will download their software/dialler/virus thinking it is Flash. If you want to install a Flash player on your browser it is best to go to their site directly and install from there rather than following the link on any pop ups.

[SirMoby]

I leave Active X off in Internet Explorer. When I want to surf Google Maps I just use the amazingly slow browser known as Fire Fox.

[ecchi]

RE: "I just use the amazingly slow browser known as Fire Fox" Why ? Leave it in the same box as Active X:

"Cupertino, CA- Leading internet security watchdog Symantec has issued a report showing that Mozilla browsers, including the latest, patched version of FireFox, contain more vulnerabilities than Microsoft’s Internet Explorer." (Source: Ynot news)

[SirMoby]

Quote:

Originally Posted by ecchi

RE: "I just use the amazingly slow browser known as Fire Fox" Why ? Leave it in the same box as Active X:

"Cupertino, CA- Leading internet security watchdog Symantec has issued a report showing that Mozilla browsers, including the latest, patched version of FireFox, contain more vulnerabilities than Microsoft’s Internet Explorer." (Source: Ynot news)

Thanks for that statement. I hadn't read that article but knowing open source I figured it would have plenty of vulnerabilities. I only use Fire Fox for checking my own sites and Google Maps and I think those sites are safe

[RawAlex]

Quote:

Originally Posted by ecchi

RE: "I just use the amazingly slow browser known as Fire Fox" Why ? Leave it in the same box as Active X:

"Cupertino, CA- Leading internet security watchdog Symantec has issued a report showing that Mozilla browsers, including the latest, patched version of FireFox, contain more vulnerabilities than Microsoft’s Internet Explorer." (Source: Ynot news)

Ecchi, Firefox is safer for the same reasons that any software product that has low lmarket share is: very few people write exploits for them.

If I want to expose a large number of inDUHviduals to a virus, malware, or spyware, I would always use an IE exploit. I would rather work to catch out the 90% of people using that browser, as opposed to the 10% using other browsers.

Just as importantly, IE is the "standard"... the default. It is what people with limited technical knowledge are most likely to use.

I would also be interested to see how they count "vunerabilties" - and I would be interested to see what percentage of end users actually have an up to date and patched IE browser.

Alex

[ecchi]

I am no fan of Microsoft (actually Gates is first against the wall when I become president of the world) but as to "I would be interested to see what percentage of end users actually have an up to date and patched IE browser" I would guess a larger proportion than those on any other browser, because of their "critical update notification" thing.

I agree with you that more people write exploits for Microsoft products than any other software, but unfortunately this means that most people who use other software assume they are "safe" so are not so protective of their security. I would guess that, through fault of the user rather than the software, non-Microsoft products get more successful "break-ins" than actual Microsoft products.

Oh, and I lied when I said "Gates is first against the wall when I become president of the world", he is actually SECOND against the wall when I become president of the world, first place go to a guy who fired me for farting in the jewellery repair area.
|fart|

[RawAlex]

Ecchi, perfect example: My sister uses dialup. At 56k, some microsoft updates take all night to download. She would rather I come pickup her computer once every 3 or 4 months and run the updates as one big pile. The last one she truly did was the one that locked up your system if you didn't complete it. Otherwise, they have turned off the automated updates because they are on dialup.

I would suspect that many dialup (especially AOL) users are in the same boat.

4% of all surfers to findpics are using a version of IE lower than 6.0, which means they are certainly not even up to patched to 18 months or more ago.

The other part of it is Active-X and other "non browser" features of the IE browser. Support for local zones and other issues are where most of the security issues happen. Moving content from "untrusted" (can't run anything local) to "trusted"(can screw you over in an instant) is the goal of all hacks and security exploits. Getting something inside the gates (pun intended) of you system is the key. Most of those things exist because the browser is also the "control panel" and "file viewer" and "search" and all those other things on your PC. (heck, you can open up control panel, and type http://www.cnn.com in the bar at the top and be surfing). That situation is where almost all of the issues come up with microsoft, the dual nature of their browser.

Firefox and others are not really made to do the same things, so many of the obvious places to look for good security holes are not there to work with.

Alex

[ecchi]

Yeah forgot about the number of people still on dial up. I come from Britain where a larger percentage of people are on broadband than in North America, so I tend to forget that in places like USA and Canada a lot more people are still on dial up.

RE: "Firefox and others are not really made to do the same things, so many of the obvious places to look for good security holes are not there to work with" - What you say makes sense, but that means that since there are a lot more security holes in Firefox than IE, the coders at Firefox must be really sloppy. I'm glad I don't use it.

[ecchi]

God, in re-reading my last post I just realised that from what RawAlex said, the coders at Firefox must be even more sloppy that the coders at Microsoft. I didn't think that was possible.

[raymor]

That Firefox/IE 6 "study", done by Microsft's business partner Symantec
for Microsoft, is totally and absolutely bogus. For example the first of 3
major problems is that it compares the number of NEW security issues
exploited in IE 6 in certain months four years after it's release to the total
number of theoretically possible security issues ever considered by Firefox
developers. It does not count any of the thousands of major security issues
widely reported (and widely exploited) in the first 4 years after IE 6 was released,
only new ones that were found in the first half of this year.

[raymor]

Oh I forgot to reply to the original post.
You have good reason to be concerned about ActiveX.
An ActiveX control is a full and complete Windows
program which can do anything that any other program
can do. I once wrote and ActiveX control which directly
accessed the user's video card memory, analyzed and
manipulated their broswer cache, and and took control
of several menu items in the browser including File -Save
and even the print screen key.

If this toolbar is valuable enough to you that you are willing
to have Flash running all the time in order to use it, go directly
to Macromedia's site to install it rathet than clicking "OK" on
any dialog that pops up. Be forewarned though that the programming
of the Flash viewer has been roundly criticized. One common problem
is that Flash doesn't limit CPU usage or frame speeds, so a common
animation technique used in Flash presentations will use up 100%
of your CPU, bringing your machine almost to a halt.

[MrYum]

Quote:

Originally Posted by raymor

One common problem
is that Flash doesn't limit CPU usage or frame speeds, so a common
animation technique used in Flash presentations will use up 100%
of your CPU, bringing your machine almost to a halt.

Not even going to get into the Firefox/IE debate

Suffice it to say, with Firefox properly tweaked...it's the fastest browser I've used.

That's an interesting and enlightening point on Flash Raymor. I built this machine by hand, so I tend to keep an eye on things. One of which is cpu core temps and usage.

Since this board and others started running sponsor flash banners, I've noticed my core temps run much higher than normal when I leave the board active in a window. Doesn't actually slow the machine down appreciably, but I don't like to spike my core temps unless necessary either. So, I bounce around the site until I get a page that has an animated gif instead of flash. Core temps immediately drop back to normal levels.

I'd been thinking there must be something wrong with my machine...good to know that's not the case. Thanks for the info

[ecchi]

RE: "One common problemis that Flash doesn't limit CPU usage or frame speeds, so a common animation technique used in Flash presentations will use up 100% of your CPU, bringing your machine almost to a halt." - Thanks for that info, it would explain why sometimes Windows crashes when all I have open is a few browser windows.