Microsoft debuts security program to address ActiveX issues
February 19, 1997 6:15 PM ET
By Maria Seminerio
In the wake of a controversy stirred by hackers who claimed they
found a way to use ActiveX code to make bogus money transfers,
Microsoft Corp. today announced the formation of a program to educate
users about the security risks of executable code.
Microsoft officials, who hastened to point out that any executable
content downloaded from the Internet carries a potential risk, whether
it's a Java applet, an ActiveX control or a browser plug-in, said the
Web Executable Security Advisor Program will help users identify and
guard against security breaches.
The program includes regularly updated information available on
Microsoft's Web site (www.microsoft.com/security/) and plans for
interactive online discussions on the issue as well as a customer
roundtable conference on security concerns about executable code.
"This issue is by no means tied exclusively to ActiveX," said Tod
Nielsen, general manager of developer relations at Microsoft, in
Redmond, Wash. Nielsen dismissed the contention of some developers
that Java code bypasses security problems.
"The concept of a sandbox is great, but in order to build applications
that users can use to save [historical data] such as checking account
programs, you need to bypass the sandbox," Nielsen said. "This is not
a Java-vs.-ActiveX thing. It's any executable."
Concern over the security of ActiveX code was heightened two weeks ago
when a German hacker organization claimed it had changed the code into
a tool to transfer funds from the bank accounts of PC users running
financial software applications.
Microsoft maintains that users setting their browsers to "medium" or
"high" security should be safe from the hacked ActiveX code, adding
that users of its Authenticode technology can verify the origins of
any ActiveX code they download.
Copyright(c) 1997 Ziff-Davis Publishing Company. All rights reserved.
|
zurück