ActiveX Security
Unlike Java, ActiveX does not have a sandbox in which to confine
potentially dangerous applets. An ActiveX program can do anything
done by other programs, for example:
• Run and delete files
• Send e-mail and faxes
• Activate other programs
Security is based on what is called 'an Authenticode System' and 'Code
Signing'. Unfortunately, the authentication certificates that should
endorse the digital signatures provide little or no assurance
whatsoever, because of the way the certification is implemented. When
an ActiveX-enabled browser runs an ActiveX applet, it:
1. Examines the digital signature.
2. Supposedly verifies the signature.
3. Executes the applet upon verification.
4. Asks for the user's permission to run the applet if the signature is
not pre-authorized.
5. Runs the program without doing any further checks on how the
applet might affect the user's system.
ActiveX Security Summation
Since one cannot have confidence in the authentication mechanism,
applets should be regarded as insecure. Rogue ActiveX applets have
already caused quite a bit of havoc. Examples include Runner, which
starts the command.com program and consequently runs any
command on the PC. Cuss-out goes into the e-mail program and sends
out crude letters to the last ten people who were e-mailed. The nasty
thing is that this usually passes unnoticed unless one gets a response.
Solutions
Suggested solutions have involved the use of firewalls. For instance, a
few techniques were suggested by the Princeton group to detect Java
applets at the firewall and ways to circumvent them:
• Examine byte sequence in Java files.
• Search for .class file extensions.
• Parse HTML pages.
No comments:
Post a Comment