Summary

ActiveX is a popular code-distribution platform with a fair amount of potential security holes. ActiveX’s security is based around the concept of signed digital code. If you follow Microsoft’s strict dogma of only accepting signed code, the risk of hostile ActiveX code is minimal. However, the lack of signed code means the decision to trust a particular piece of code is often left up to the user, who is not able to make an educated evaluation. It is hoped that Microsoft grants granular security to the ActiveX model and wraps controls in a protective cocoon, like the Java sandbox. Chapter 11 completes a four-chapter discussion of malicious code in the Internet browser environment. Chapter 12, on email attacks, is related because most of what we just discussed can happen in an HTML-enabled email client.

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.