Andu, Chipp says:<snip> > > b) be certified as 'safe' by a reputable 3rd party (the Microsoft > > approach).
Andu replies:<snip> > This is what tripped me in your previous message too, and this is what I > was referring to as the illusion of security being worse then no security > at all. The 3rd party 'certification' I was referring to is through Verisign Certificates (not Microsoft), the *same* guys who do the SSL server IDs. Over 90% of SSL (Secure Socket Layer) websites use Verisign, so apparently they are a trustworthy source. Remember the purpose of security certificates is merely to provide a means whereby you can trust entities (companies and people) on the internet. A security certificate does not in any way imply a web site is "good", will protect your privacy or will deliver your products. Of course there are ways to 'spoof' a certificate, but in any case, the user will still get a popup window asking if they want to install the ActiveX control, unlike something that autoruns on page load. Certainly no technique is perfect. -Chipp _______________________________________________ metacard mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/metacard