What is Digg?35 Comments
- iSEPIC, on 10/12/2007, -0/+12From the real article:
"Microsoft introduced the service at the TechEd conference in Boston and said it will be an optional component on the Ultimate, Business and Enterprise SKUs of Windows Vista. The service is expected to debut in Windows Vista RC1 (Release Candidate 1) and will only be enabled on clients where it's installed."
So, blame your compamy, not Microsoft. - nTensify, on 10/12/2007, -3/+13"and will only be enabled on clients where it's installed."
Until the next big Worm goes around flipping the switch on your box without you knowing. - Odweaver, on 10/12/2007, -4/+13Why do they even have ActiveX still? Is it's main purpose to promote windows defender?
- inactive, on 10/12/2007, -0/+8Um, because millions of corporate web applications rely on ActiveX? Just a guess... ;)
- jrbrewin, on 10/12/2007, -1/+7and of course, they could take the apple attitude of telling their software developers to re-write every couple of years, because they simply don't care.
- Matt2k, on 10/12/2007, -0/+6ActiveX / COM is just a standard way of linking external components. It's used outside the browser all throughout the system.
- apeatling, on 10/12/2007, -1/+6"Not all businesses who write software have the luxury of rewriting everything every time MS comes out with a new OS"
- Well, it's been 5 years since the last consumer OS. - Kent767, on 10/12/2007, -1/+6Because many companies relied on ActiveX controls for their products, (my company included). Some of which is prohibitively expensive to upgrade at the current time.
So if a business wants their product to be supported when their customer upgrades to windows vista, it only makes since for windows vista to support it. Not all businesses who write software have the luxury of rewriting everything every time MS comes out with a new OS. Backwards compatibility is a huge deal for users and developers alike. - iSEPIC, on 10/12/2007, -1/+6http://support.microsoft.com/?kbid=154544
You can think of it as the pre- AJAX idea I suppose. but yeah, turn this ***** off by default unless you have apps (like the submitter is pointing out) that need it - and there are a LOT of them - and it (obviously) will be too expensive to convert them to work with the more secure model of Vista, rather than just make Vista less secure - it's all about $$$ and time. - EmmEff, on 10/12/2007, -2/+7And here begins riddling Vista with security holes...
If it's an option, hackers will just find a way to enable that option through other means.
Vista will be no more secure than anything before it. - Tyrax, on 10/12/2007, -0/+4Thank you Matt2K, you are actually correct. Comments on this topic goes to show that most people complain about ActiveX and most people have no idea what it is.
Simply put, its how the browser does Flash or Quicktime or Shockwave. Firefox does the this too, so it can be just as insecure. The difference is in the installation method. Mozilla has the plug-in finder service which only works with the companies they partner with. If Microsoft did that we would be hearing ANTI-TRUST ANTI-TRUST. - inactive, on 10/12/2007, -2/+6the whole XmlHttpRequest-thing was invented by microsoft, and IS related to ActiveX, as it initially was a component of ActiveX.
furthermore, it's a proprietary thing. to make it popular, though, it was necessary that mozilla supported it too, of course working different from microsoft's model.
it is *definitely* related to ActiveX. - cquinnd, on 10/12/2007, -0/+3The worm still cannot install it.
- twistymcgee, on 10/12/2007, -0/+3You can also configure internet explorer so that it will only run activeX on trusted sites. Then only add the sites you trust (like that one activeX your company uses that you know is safe).
- tychop, on 10/12/2007, -4/+7Security? Security? We don't need no stinkin' security !!
- PapaMoomin, on 10/12/2007, -0/+3Microsoft have to do this in order to keep backwards compatibility with a lot of legacy apps that big business still use. As long as this is turned off by default and only permitted to be used with the few specific and trusted sites the user needs then it should not be too much of a problem. At least it's probably a smaller problem than completely breaking these legacy apps.
The downside is that a lot of people will be lazy and leave it turned on for everything. That's where the security issues will appear.
People will demand backwards compatibility, people will demand security. It's always going to be a compromise between the two. - jrbrewin, on 10/12/2007, -0/+3there was a more technical reason for developers to migrate from early versions of asp, to later technologies. They were not forced to, there is some form of legacy support for things like CDONTs in later versions of iis, for example, which do not require a full re-write of code. Agreed, re-writing an active-x control to another 'safer' plugin format wouldn't require a re-write also, but it would still be too costly for some organisations to even consider.
the point about firefox and active-x support is a non-issue, since
a) firefox wasn't even around in its current form when active-x was created
b) firefox choose not to support what they want to support, in the same way they choose not support what they don't want to. If a business wants to choose active-x (even in a legacy capacity) over another method of rich functionality, that is their choice, and nothing to do with microsoft wanting to keep people from using a different browser.
remember, ie is free. They want people to buy vista.. afterwhich they don't really care what browser they use. - takeda, on 10/12/2007, -0/+2"why would a company intentionally create a technology which in hindsight was so wrong, the amount of bad press microsoft has receieved should be testement to that"
Because this (as many other Microsoft's features) supposed lock in user with windows and Internet Explorer.
Microsoft is doing that all the time. - PhatBoyG, on 10/12/2007, -0/+2They seemed to leave out that these controls would run in a sandbox similar to the code access security of .NET and are there to make it so adminstrators don't have to temporarily grant admin access to a user so they can see a flash banner or any other type of activeX content. Yes, Flash = ActiveX, along with a ton of other things that people take for granted on the web. And yes, people may != you. :)
- jrbrewin, on 10/12/2007, -1/+2i'm not entirely sure how you think removing the necessity for users to have administrative, or power user rights before they can deploy active-x controls is not thinking about security after everything else? The fact remains every OS these days is as secure as the next as long as users do not run as administrative users (or in windows' case, administrative or a power user) reference http://adminfoo.net/node/460
as long as vista makes the simple step of making users, by default, standard users, we shall see windows finally making the mature step towards proper security. - jrbrewin, on 10/12/2007, -0/+1of course i do, and i remember netscape being every bit as underhanded as microsoft during that time, and every bit as unthoughtful about proprietry technologies and services that they tried to force down our necks. Or did you conveniently forget about that bit? :-)
- neohx_7, on 10/12/2007, -0/+1Wow, it seems like a lot of commentors aren't aware of the need to deploy Active X controls in a corporate environment. I really hope MS makes this work without leaving a hole.
- takeda, on 10/12/2007, -0/+1@jrbrewin:
During that time there was Firefox's father - Netscape.
And I'm sure you remember the browser wars. - link470, on 10/12/2007, -0/+1lol, awsome.
- iSEPIC, on 10/12/2007, -4/+4Yes, but the famous words will appear "why not do like OSX and say ***** legacy apps" - well I guess if they do, they too will become like OSX and have a much smaller piece of the pie. This is the VERY WAY MS made it big, things work, and they work w or w/o security being number one... I hear ya I do.. but this is the truth, security came second (they thought your network would be secure and if you moved your server to an insecure network, you'd be smart enough to change the settings ----but the fact remains, this insecure but far far far easier to use model worked, and made them number one in the numbers --- now it appears they are at that again, to make sure they don't fall in the numbers game.
- takeda, on 10/12/2007, -1/+1Too bad their backward compatibility newer works when it should.
Try to run old games on windows XP.
I needed to install Windows 98 on separate partition to get backward compatiblity :) - foolfromhell, on 10/12/2007, -2/+2Time to start phasing it out
- CmdrDataM, on 10/12/2007, -0/+0From a Corporate Environment we have been using a locked down state for many years. Users can't install active-X controls. Good state that creates lots of work enabling those required controls but the benefit is that you don't get a lot of unknown.
What we need is something similar to what Firefox has but with the ability to set it up internally and allow controls that have been internally certified to be installed at the user level. I would sooner take a user request, put the control on a test machine and review it then stamp it certified for all others than remotely connect to each machine to install the control.... Shouldn't cause an anti-trust because it would be managed internally or provided by an external entity, service provider etc similarly to certificates.
This is what I would exepect Vista to be able to accomplish with Active Directory. - bpapa, on 10/12/2007, -1/+1Oh, well I don't follow those things cause I'm not much for the Windows platform. I always thought Active X = security holes.
I did some COM programming back in the day, that was a pain in the arse. - takeda, on 10/12/2007, -2/+1@dvfreelancer: I agree, ActiveX was only invented and forced to keep their users chained to IE on Windows.
There were already technologies that could do the same, but MS wanted to create their own. - bpapa, on 10/12/2007, -5/+3LOL I thought they were getting rid of active X? I can't believe they are still keeping it around... jesus.
- inactive, on 10/12/2007, -5/+3They just don't seem to catch on. Vista roll out would have been the perfect opportunity to nudge companies away from reliance on ActiveX. They haven't had any problems burdening companies with re-write expenses in other areas. Legacy ASP conversions to .NET, .NET 1.1 to .NET 2.0 framework, but the worst tool ever deployed on the internet, with the possible exception of FrontPage, nooooo we have to "save" that one.
Don't suppose it's to keep Firefox from picking up any more market share by tying apps and users to ActiveX, do you? Nah, couldn't be that... - jrbrewin, on 10/12/2007, -6/+4of course, since bill is short of cash. *rolleyes*
come on guys.. this is legacy. Yes, microsoft's implementation of active-x was bad, but not intentionally - why would a company intentionally create a technology which in hindsight was so wrong, the amount of bad press microsoft has receieved should be testement to that. Unfortunately now, microsoft has to think about customers who need to use legacy technology such as active-x, maybe because of old costly software implementations where they cannot afford to re or retrospectively re-develop the implentation. In such a case there is a real need from a enterprise PoV to get that software (whcih they have deemed safe) installed on to workstations within the organisation. do they
a) elevate user priveleges, or
b) implement a centeralised, managed way to deploy active-x controls to user workstations without elevating user priveleges? given the options, option b seems more secure.
as for the point that active-x is comparable to ajax is, for many many reasons, laughable. - olddirtycr, on 10/12/2007, -9/+7Why the flying #$#$ does windows still have activex anyways? Honestly...
- GTanaka, on 10/12/2007, -9/+2It's been long enough for Vista already. Time is money for M$ now.
Bill knows when to bail.
© Digg Inc. 2009
— Content created and posted by Digg users is