[cap-talk] 'IX/Windows API problem for POLA? Polaris
John Carlson
john.carlson3 at sbcglobal.net
Fri Nov 18 23:15:09 EST 2005
Jed at Webstart wrote:
> At 05:16 PM 11/18/2005, Karp, Alan H wrote:
>
>> > >The reason for polarizing just the browser on consumer machines is to
>> > >reduce the support costs. Since most of the bad stuff gets
>> > >onto those machines through the browser,
>> >
>> > through plugins and such as above?
>>
>> Mostly through ActiveX controls.
>
>
> Hmmm. Perhaps that's an area where I don't know enough to ask
> the right questions. I haven't used IE for some time and I don't really
> know what the issues are with ActiveX. Presumably Polaris can
> "polarize" other browsers such as Firefox?
>
I have seen ActiveX controls that allow the attacker to run downloaded
machine code inside your browser if you go to his/her webpage. It's
a matter of finding a flaw in an ActiveX control, I'm fairly sure. I
am not
sure if one can download an ActiveX control, and install it without the
user knowing something is happening. Anyone else care to clarify?
John
More information about the cap-talk
mailing list