Supporting ActiveX is to act negligently

When driving a new vehicle, most drivers are shocked if you tell them: "There is at least one detonator in your car - does that reassure you or make you afraid?" Only when you add that, "the airbag is inflated by the detonator and a well measured explosive device" to they heave a sigh of relief.

In security matters - similarly to in medicine - sometimes the dose dictates the damage and usefulness. The old question is: what can a foreign program do on my computer and how are program and data files different?

Wau Holland - Chaos Computer Club senior president

With well known ANSI keyboard drivers it was an easy thing to put a character string on the Return key instead of a character; for example: "Return key temporarily out of order - use ENTER". That happened over 15 years ago on a mailbox system and led to very irritated users. It was not so harmless to do the reprogramming for when the user was leaving the mailbox and to add DEL *.*, including all the return codes and a double confirm with both Y and J.

That was a direct attack: it was the user who deleted his hard disk this way and no-one else. 15 years ago the data networks only opened up large computers to the outside. Nowadays all of the computers on the Internet are open. Sun tried to take account of this risk when defining Java. For all Java's weaknesses, security has been considered and the keyholes are of a defined size.

At Microsoft ActiveX was "just made" and every simple obstacle block provides access to the computer's inner sanctum. In the definition of the law on white collar crime there is just the talk of computers having to be "particularly secure". Microsoft has invented a new variant: "particularly insecure".

Someone bringing software supporting ActiveX onto the market is acting without due regard. Bill Gates seems to have difficulty grasping that at the moment. When the first legal proceedings are taken against Microsoft on account of gross negligence, then it will be an expensive lesson for Bill.