WebDeveloper.com �: Where Web Developers and Designers Learn How to Build Web Sites, Program in Java and JavaScript, and More!   
Web Developer Resource Directory WebDev Jobs
Animated GIFs
CSS
CSS Properties
Database
Design
Flash
HTML
HTML 4.01 Tags
JavaScript
.NET
PHP
Reference
Security
Site Management
Video
XML/RSS
WD Forums
 Client-Side
  Development

    HTML
    XML
    CSS
    Graphics
    JavaScript
    ASP
    Multimedia
    Web Video
    Accessibility
    Dreamweaver
    General
    Accessibility
    Dreamweaver
    Expression Web

    General

 Server-Side
  Development

    PHP
    Perl
    .NET
    Forum, Blog, Wiki & CMS
    SQL
    Java
    Others

 Site Management
    Domain Names
    Search Engines
    Website Reviews

 Web Development
  Business Issues

    Business Matters

 Etc.
    The Coffee Lounge
    Computer Issues
    Feedback




More on ActiveX Versus Java Security Are you secure?

Now let's look at ActiveX. You said "Microsoft says you wouldn't pick up a random floppy off the street and run the software on it, so why should you do so with an untrusted application?"

Microsoft is right but their argument does not apply to Java, only to ActiveX. There are no permissions or safeguards on what an ActiveX control can do. Instead, Microsoft had to implement this code signing business to establish a trust level. The exposure to damage by ActiveX applets is not controlled at all, unless you, the user decide not to run something on your machine. They have no intrinsic safety system.

Microsoft has demoted Java into a Common Object Model implementation language. Meanwhile, JavaSoft is silent and continues to let Microsoft pick the arena and the set the terms of the battle. In the meantime, you and the rest of the trade press go along with what Microsoft says and tar Java with the same ActiveX security brush.

Thanks Bob. Turning to Bob Matsuoka, president of The Soho Internetwork Co., an all-NT ISP (so you know he thinks highly of SOME Microsoft technology):

Microsoft, with its efforts to push their "windows-centric" Internet, has consciously taken a step backward to reduce security problems associated with net-based computing, compared to efforts by Netscape and Sun.

ActiveX, OLE by another name, is an extension of desktop and LAN-based computing. It works best in a closed environment with known security. Java has been (re)written as an Internet technology. Its "sandbox" mode is far, far more secure than ActiveX.

My point is that Microsoft should be more forthcoming about ActiveX. Their continual statements to the effect that "yes, it has security holes but so does Java and Plug-Ins" is disingenuous at best. The naive user (as you so well pointed out) can not use them safely over the web, while Java applets can greatly enhance anonymous network computing. This is a crucial difference in technologies! We look at ActiveX in the same way we do Visual Basic. It's a great technology but has no business on the Internet.

Thanks Bob #2. John S. Quarterman, a long-time Internet analyst and author and President, Matrix Information and Directory Services, weighs in with this caution: "Microsoft has become an "authority" on the Internet, largely because people use its sloppy software. Like IBM before it, the Microsoft name sells, and its mistakes tend to slide off onto innocent bystanders or onto the substrate, which in this case is the Internet."

Finally, I leave you with a comment from Yusuf Mehdi, the product manager for Microsoft's Internet Explorer. "On average, I think Java is safer than ActiveX."

This article is copyright 1996-1998 David Strom. It originally appeared in David Strom's own Web publication at STROM.COM.



HTML5 Development Center


Recent Articles