What vulnerabilities does ActiveX have that FF doesn't? In both cases you a
prompted if you want to install, and in both cases if you say yes you get
infected.
Eli
----- Original Message -----
At 09:39 AM 16/06/2005, Eli Allen wrote:
Just because it doesn't support ActiveX doesn't mean anything. As I said,
spyware requires IE
Except that it avoids all the ActiveX nasties out there. Which is
currently the main infection vector, as I understand it.
is nothing inherent about ActiveX other then it being the popular way of
doing things so if another interface becomes popular I'm sure spyware will
take advantage of it.
It depends on how the new interface is written. So far, the FF team has
worked to remove vulnerabilities whilst MS has not (at least not as fast.)
I recall that last year MS' solution to ActiveX attack was to tell people
to disallow any ActiveX controls - including ones from MS. Not a pretty
sight when a company can't even guarantee it's own controls are a)safe or
b) actually from itself.
But as FF becomes more popular, it will become more of a target. Just as
Apple or Linux will as they grow market share.
T
