Microsoft's Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors' Faces

Dr. Roy Schestowitz

2009-07-29 18:00:06 UTC
Modified: 2009-07-29 18:00:06 UTC

Summary: Proprietary Web rears its ugly head -- again

THE most detailed (as in references-filled) post that we have about ActiveX is this one. We also wrote about Novell's support of ActiveX and now we discover that the latest ActiveX flaw affects even Adobe and Cisco.

Microsoft's ATL problem is spreading. Many other software vendors are affected, among them Adobe and Cisco. The total number of vendors with vulnerable controls is currently unclear. In an interview with heise Security, Microsoft executive Andrew Cushman confirmed that it is not known how many ActiveX controls are affected. Cushman said this is the first time a Microsoft library has been affected by a security problem. According to the executive, Redmond appreciates that this patch not only affects corporate IT teams, but also requires action from software developers.

A highly effective solution would be to ban ActiveX controls, as some companies have been doing for years; ActiveX controls were arguably added for competitive reasons despite the obvious dangers. It helped Microsoft create an Internet Explorer monoculture in the late 90s. A relationship between vulnerability and monoculture was also mentioned in this new E-mail. It is about another proprietary stain on the Web: Flash.

This highlights an unfortunate instance of monoculture -- nearly everyone on the internet uses Flash for nearly all the video they watch, so just about everyone in the world is using a binary module from a single vendor day in, day out.

The World Wide Web was built on standards, which were intended to be implemented independently by many capable vendors. Then came Microsoft. This potential departure from standards puts at great risk the entire Internet. ⬆

"Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also."

--Bill Gates [PDF]

Comments

Yuhong Bao

2009-07-30 03:25:46

On the matter of patching libraries like what MS just did with ATL, the LGPL requires that anyone be able to modify LGPL libraries linked into a program, regardless of whether that program is proprietary or free software. This way, if you want or need to patch a library (say to patch security vulnerabilities), you don't have to wait for the vendor to relink the program.
Yuhong Bao

2009-07-30 03:32:27

Actually, though in general what I just said about patching LGPL libraries is true, in the case of ATL properly patching the hole may require modification to the source code of the programs linking with ATL. The changes needed were documented in this page from MSDN: http://msdn.microsoft.com/en-us/visualc/ee309358.aspx

India.com a Click-baiting, SEO-Spamming, Slopfarming Heap: They do this almost every day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, October 25, 2025: IRC logs for Saturday, October 25, 2025
Without XBox Consoles, XBox is No More, It's Just a Brand (More Rumours of Microsoft Ending XBox, Then Laying Off Lots of Staff): All signs indicate that Microsoft wants to "exit" the XBox business (not brand), but it does not want to publicly admit this as it would alarm staff and shareholders
Gemini Links 25/10/2025: Portugal, Midnightpub, and "Tech Right Admins": Links for the day
Almost 2026 Already (When We Turn Twenty): In just over a year the site will turn 20
When "Sponsored Feature" in The Register MS Means Ponzi Scheme Promotion From the Communist Party of China (CPC): the promotion of a financial scam
Week of EPO Leaks: Workers of the EPO Are Getting a Pay Cut While Prices Rise Fast: More to come in the next few days
Microsoft is Finally Giving Up on XBox, The Chief Says the Grapes Are Sour Anyway: Microsoft loses hundreds of dollars on each XBox that it sells
Slopwatch: LinuxSecurity, UbuntuPIT, and Various Slopfarms Propped up by Google News: Why can't Google News do better than this?
Links 25/10/2025: Two New Smokescreens for Scam Altman and ‘TikTok USA’ Remains in Limbo: Links for the day
Bad faith: can't change Debian Social Contract (DSC) without unanimous consent of every joint author: Reprinted with permission from Daniel Pocock
Confirmed: Very Close Friend of Bill Gates and Microsoft's Biggest Patent Troll Nathan Myhrvold Flew the Lolita Express (a Gateway to Pedophilia), According to Bill Gates-Sponsored Seattle Times: There is no speculation or any "conspiracy theories" here;' those are verified facts
Gemini Links 25/10/2025: "The Highest Leader of The Global Civil Society Community", SSL Certificates Causing Bitrot: Links for the day
Links 25/10/2025: Target Layoffs and "Shutdown Sparks 85% Increase in US Government Cyberattacks": Links for the day
"Big Data" Was a Big Lie: Remember "Big Data"? Remember "Data Scientists"...?
statCounter Has Been Broken for a Long Time: Considering the huge proportion of Web requests that come from LLM bots (more so this past year or two), statCounter may struggle to justify the operating costs
Techrights Anniversary Party on November 7th: Let us know if you need any accommodation-related arrangements
Trends That Must Alarm Microsoft and Mozilla: Expect Firefox to no longer be supported by various sites in the US
Why Microsoft Became the Layoffs Leader: The corporate media is projecting or signalling its own dishonesty when it tells us that Microsoft is a very "valuable" company while the data shows Microsoft is also a "market leader" in layoffs
Speaking for Ourselves and Letting the Facts Speak for Themselves: we've already published over 50,000 pages
For Second Time in a Day The Register MS Takes Money From Private Companies to Sell a Ponzi Scheme: Do not have empathy for those who have zero empathy towards you
IBM is Misleading IBM Shareholders: IBM is still all about vapourware and buzzwords
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, October 24, 2025: IRC logs for Friday, October 24, 2025
The Serial Slopper Starts Up - or Restarts - His Plagiarism Machine (LLMs): Serial Sloppers like these don't belong in news sites. That's why he got sacked by BetaNews.
Links 24/10/2025: Esperanto Music History, Anxiety, and New Portals: Links for the day
[Video] Richard Stallman's Talk in Sweden, Attended by Nearly 700 People, is Now Online: The Web page is in Swedish, but the talk is in English
Slopwatch: LinuxSecurity.com, Linux Journal, and Pet Slopfarms of Google News: Why does Google News still advance these fake sites to the top of search results?
Links 24/10/2025: Inequality Grows, Billion-Dollar Scam Center Industry: Links for the day
Links 24/10/2025: "Independent Media in Cambodia is Collapsing" and Serious F5 Breach: Links for the day
Coping With the Site Going More Mainstream: Fame is no laughing matter
They Never 'Put Down' Corporations: There are "pests" that are traded in Wall Street
21 Pages in Less Than 7 Hours is No Joking Matter: We've become a lot more effective and efficient
Correct Information is a Valued Asset in the Age of Slopfarms and Public Relations (PR) or Spin: Publishing suppressed facts is never easy
The Register MS Continues to Bag Money to Promote a Ponzi Scheme, Even Money From China: Today in the front page
analytics.usa.gov: The Only Supported Version of Windows (This Past Week) is Only Used by About 13.9% of People in the US, the Home Base of Windows: Even Vista 7 is still used more
Rust is Very Secure: If only Rust itself is secure
Who Will be Held Accountable for Breaking Ubuntu by Imposing Rust on Otherwise-Functional Programs, in Effect Replacing GNU With Proprietary Microsoft (GitHub)?: they're practical people who merely point out that a bunch of buffoons not only ruin Ubuntu but also every future distro based on Ubuntu
Generation Chaff - Phase VIII: In Summary: Like "Science" with a capital "S", what we see here commercial interests usurping everything
Generation Chaff - Phase VII: Curtailing Alternative Media: There was always an obligation - a collective duty of sorts - to uphold independent journalism
Generation Chaff - Phase VI: Centralisation of Information (X, Cheetok/Fentanylware): Would you trust information when controlled by such people?
Generation Chaff - Phase V: Censorship of Dissent (Painted as Harassment or Terrorism): Censorship is all around us now
Generation Chaff - Phase IV: Apps Only Few Companies Decide On: Tools are being collectively confiscated, under the premise or false prospect of "security"
Generation Chaff - Phase III: Slop and Plagiarism: A lot of the current so-called 'economy' is built upon false valuations
Generation Chaff - Phase II: "Cloud", Blockchains and Other Hype: For those of us who turned down those propositions there was a struggle; we needed to justify not having skinnerboxes or "social" accounts in some site run by a private company
Generation Chaff - Phase I: Social Control Media: IRC predates the Web
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, October 23, 2025: IRC logs for Thursday, October 23, 2025
More Clues Shed on Collapse of Microsoft XBox: XBox is basically circling down the drain as Microsoft implements 2-3 waves of layoffs each month
'Vibe Coding' Doesn't Work: In a lot of ways, so-called 'Vibe Coding' is already considered vapourware or a passing fad promoted in the media by managers who try to justify mass layoffs, especially ridding companies of "very expensive" software engineers
Links 24/10/2025: Microsoft's Killing of XBox Connected to Revenue/Profit Problems, "How Elon Musk Ruined Twitter": Links for the day
Gemini Links 24/10/2025: 86,400 Seconds and "Society's Task": Links for the day

Microsoft's Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors' Faces

Comments

Recent Techrights' Posts