Todd
Some firewalls can block ActiveX, but a more realistic approach, IMO, is the one taken
by several software vendors in that rather than summarily blocking ActiveX they
attempt to evaluate its intentions. See December 1 issue of Network Computing
(www.networkcomuting.com) for a review of four such products.
Joe
>>> "Todd Anderson" <[EMAIL PROTECTED]> 12/26 1:54 AM >>>
how can activeX (exttremely dangerous) be blocked out? Please excuse my
ignorance, but can you just restrict certian TCP ports or does something
else need to be done?
-----Original Message-----
From: Jeremy Epstein <[EMAIL PROTECTED]>
To: Stefan Hartweg <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Monday, December 21, 1998 2:51 PM
Subject: Re: deactivate Java, JavaScript and ActiveX?
>Stefan,
>
>I won't try to be comprehensive, since so much has been written on the
>topic, but...
>
>* Allowing ActiveX is *extremely* dangerous: ActiveX applets, even those
>that have digital signatures, can do absolutely anything they want to the
>machines behind the firewall. So unless all users only visit Web pages
>that are completely trustworthy and you have nothing of value (in which
>case, why use a firewall), don't allow ActiveX.
>
>* Allowing Java is *moderately* dangerous: There have been some significant
>bugs found in some Java implementations that can allow bad things to
>happen. But this can be mitigated by using the latest versions of
>browsers. There are surely other bugs out there still...
>
>* Allowing JavaScript is *slightly* dangerous: There have been bugs found,
>but I've not heard of any that could cause any damage or leakage of data.
>There are definitely ways to get denial of service attacks using
>Javascript, but I view that with less alarm than outright export or
>destruction of data.
>
>On a scale of 1-100, where 1 is completely safe and 100 is unbelievably
>dangerous, I'd rate ActiveX as 100, Java as 10, and JavaScript as 8.
>
>Speaking for myself only, and having nothing to do with my employer's
>products.
>
>--Jeremy
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
