Forwarded-by: Aaron Brown <abrown@eecs.harvard.edu>
Forwarded-by: David Holland <dholland@hcs.harvard.edu>
From: deejay@cu-online.com
This article is an attempt to expand on the points that Wired Magazine
raised in its article "Will ActiveX Threaten National Security?",
available at http://www.wired.com/news/.
In the article, Mr. Garfinkel argues that since ActiveX allows arbitrary
executables to be executed on a user's machine *without the user's
knowledge or consent*, and since at least one branch of the military has
adopted MSIE (an ActiveX enabled browser) as its standard, Microsoft is
compromising national security.
These points are pretty obvious to anyone with even novice-level knowledge
of the way computers work. Running strange programs on a network-enabled
computer is clearly dangerous; what is particularly chilling is the fact
that Microsoft, in its eagerness to conquer the Internet, ignored the
danger and not only implemented such a scheme, but is giving it away and
giving people financial incentives to adopt its browser.
Would you like to know what kinds of things a hostile program can do to
your computer? Well, just imagine that I had, instead of posting this
article, referred you to a web page. And that your web browser of choice
is Microsoft Internet Explorer. Then right now, through a hostile
program, I could be using your computer to:
* Send a death threat to the president of the United States.
* Email me all your confidential letters, and using the data therein
to blackmail you.
* Scramble all the documents on your hard drive. This is even worse
that formatting your hard drive, because there's no way to
"unscramble" documents.
Of course, I wouldn't do such a thing. But are you willing to bet your
computer that *nobody* will ever do such a thing? As Fred McLain has
demonstrated, a single ActiveX control (called, appropriately, "ActiveX
Exploder") can shut down your computer. The source code for the ActiveX
Exploder control is available, and it's only a matter of time before a
malicious person creates a version that does something like what I've
described above, or even worse.
Proponents of ActiveX have pointed out that there are two obstacles
to people using ActiveX maliciously.
The first obstacle is that MSIE won't automatically download an ActiveX
control unless it has been digitally signed by Verisign. Since the only
way to get a Verisign signature is to agree "not to use the signature for
malicious purposes", this will supposedly stop people from doing anything
dangerous with it.
However, the flaw in this scheme is that criminals don't obey contracts.
Sure, they'll "agree" to the contract, and then go ahead and write viruses
anyway. So the Verisign signature is worthless.
The second obstacle is that it takes resources to run a web site. Someone
who can afford to run a reasonably popular web site will have too much to
lose by putting viruses on his web page. Therefore, you are "safe" as
long as you only go to web sites owned by large corporations. (A point
that Garfinkel made, by the way.)
But suppose someone hacks a popular website? Suppose a million users come
to visit Yahoo one morning, and get their hard disks formatted as a
reward? Yahoo would undoubtedly be damaged from such an attack, and might
even go under in a flurry of lawsuits. Is any corporation willing to take
the risk of losing millions of dollars and all kinds of goodwill just
because someone hacked their web server? It could happen to anyone...
Microsoft has made a mistake which cannot be undone. Millions of users
now own unsecured copies of Microsoft Internet Explorer, and those users
will be in danger for months, even years. And this means that Microsoft
has created an incentive for popular websites to actively discourage the
use of Microsoft Internet Explorer.
In addition, Microsoft is making ActiveX a first-class citizen in its
future operating systems. Not only will you be in danger every time you
visit a web site, you'll be in danger whenever you connect your Windows
system to a network.
The very concept of ActiveX demonstrates a dangerous naivete on
Microsoft's part. ActiveX is doomed, and it just might drag Microsoft
with it.
-- Jack Wilson, deejay@cu-online.com
ps. Be sure to read that article! http://www.wired.com/news/