Microsoft's Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors' Faces

Dr. Roy Schestowitz

2009-07-29 18:00:06 UTC
Modified: 2009-07-29 18:00:06 UTC

Summary: Proprietary Web rears its ugly head -- again

THE most detailed (as in references-filled) post that we have about ActiveX is this one. We also wrote about Novell's support of ActiveX and now we discover that the latest ActiveX flaw affects even Adobe and Cisco.

Microsoft's ATL problem is spreading. Many other software vendors are affected, among them Adobe and Cisco. The total number of vendors with vulnerable controls is currently unclear. In an interview with heise Security, Microsoft executive Andrew Cushman confirmed that it is not known how many ActiveX controls are affected. Cushman said this is the first time a Microsoft library has been affected by a security problem. According to the executive, Redmond appreciates that this patch not only affects corporate IT teams, but also requires action from software developers.

A highly effective solution would be to ban ActiveX controls, as some companies have been doing for years; ActiveX controls were arguably added for competitive reasons despite the obvious dangers. It helped Microsoft create an Internet Explorer monoculture in the late 90s. A relationship between vulnerability and monoculture was also mentioned in this new E-mail. It is about another proprietary stain on the Web: Flash.

This highlights an unfortunate instance of monoculture -- nearly everyone on the internet uses Flash for nearly all the video they watch, so just about everyone in the world is using a binary module from a single vendor day in, day out.

The World Wide Web was built on standards, which were intended to be implemented independently by many capable vendors. Then came Microsoft. This potential departure from standards puts at great risk the entire Internet. ⬆

"Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also."

--Bill Gates [PDF]

Comments

Yuhong Bao

2009-07-30 03:25:46

On the matter of patching libraries like what MS just did with ATL, the LGPL requires that anyone be able to modify LGPL libraries linked into a program, regardless of whether that program is proprietary or free software. This way, if you want or need to patch a library (say to patch security vulnerabilities), you don't have to wait for the vendor to relink the program.
Yuhong Bao

2009-07-30 03:32:27

Actually, though in general what I just said about patching LGPL libraries is true, in the case of ATL properly patching the hole may require modification to the source code of the programs linking with ATL. The changes needed were documented in this page from MSDN: http://msdn.microsoft.com/en-us/visualc/ee309358.aspx

On the Internet, Nobody Knows Microsoft and Windows Are Becoming Niche Players Until Data is Shown Correctly, Not Microsoft-Sponsored Articles in Microsoft Publishers: Microsoft controls a lot of publishers and thus it controls information
All That's Left of MSNBC (Microsoft-NBC) is Microsoft NOW: When plutocrats and large corporations (even deep in debt) buy all the communication channels
Accessibility Isn't Overrated: Making things simpler typically means better accessibility
IBM Operatives Inside The Register MS and More Shady Money to Follow: The Register MS bites every banknote it can sink its teeth into
Slopwatch: Serial Sloppers and Slopfarms in Google News (e.g. Linux Journal and WebProNews): Google plays an active role (if not deliberately then through utter neglect and carelessness) in plagiarism
Links 20/08/2025: Mass Surveillance Framed as "Artificial Intelligence" (All Old Things Reworded to Misframe Old Computer Issues), Europe Resists Capitulation to US(SR): Links for the day
Gemini Links 20/08/2025: Trips and Permacomputing: Links for the day
Links 20/08/2025: Oracle Layoffs in India, "AI" Scammers/Profiteers Admit It's a "Bubble", Softbank-Saudi (Oil) Control Tech Companies: Links for the day
Social Control Networks Give You False Metrics to 'Addict' You To Them: Leaving social control media may seem hard, but the same is true for any other addiction
A Lot of What Happened in Twitter Was Bots, Botfarms, and Troll Farms. It's Even Worse Now (Under X.com) and People Are Noticing.: Last month we said the same was happening in YouTube
Microsoft May Have Become - at Least Partially - Like a Boiler Room Scam: Giving imaginary salaries using imaginary tokens based on imaginary value (with restrictions on conversion to cash)
In Vietnam, Microsoft's Search Engine "Market Share" Fell to Almost 0%, CocCoc More Than 5 Times Bigger: Why are people still investing in this company?
The Register MS, Paid to Promote "AI" Hype, Does "Sez" (Says) Pieces: every bubble-funded "news" site tries to make it a story about "AI"
Many Companies Are Run by Liars Who Ride Other People's Money: Or steal it
Before CoreAI There Was Builder.ai: GitHub isn't about "AI" (just a bunch of lies and storytelling for shareholders' patience)
Microsoft Windows in Croatia at New Lows: We've been keeping track of this trend for a while
Using the Best Tool/s for the Job: RSS Feeds and RSS Readers: Use RSS feeds. Reject those "modern" Web things
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 19, 2025: IRC logs for Tuesday, August 19, 2025
Gemini Links 20/08/2025: Neovim, XML, and Alhena 5.2.9: Links for the day
The Register's Slopfest: Remember when The Register UK (yes, UK) had better standards?
Latest Version of Windows (Vista 11) is a Failure 4 Years After Its Fake 'Leak': Vista 11 became more scarce this month
Improving Our Archives: Our old archives are still accessed a lot. Making them better is well worth the investment.
Things One Learns as a Litigant in Person at the UK High Court: Don't fear the official manuals
Slopwatch: Lots of Fake Articles From Fake "Linux" Sites and About "Linux": Google says it's committed to "AI" (it means slop, not AI); that seems like an excuse to dodge accountability
Links 19/08/2025: "Eavesdropping on Phone Conversations Through Vibrations" and Air Canada in Chaos: Links for the day
Gemini Links 19/08/2025: Niche Spaces and "AI Pasta Sauce": Links for the day
Links 19/08/2025: "NASA Is Giving Up on Climate Change Science" and "Earth's Continents Are Drying Out at an Unprecedented Rate": Links for the day
Microsoft said “GitHub and its leadership team will continue its mission as part of Microsoft’s CoreAI organisation.” But it's just an empty shell created earlier this year.: In short, it's not too clear what Microsoft has just done except dumping GitHub - i.e. mostly a Web site that loses a ton of money (it always lost money) - into some mysterious new bucket
Phil Wyett evidence & Debian Zizian plagiarism, modern slavery tendencies: Reprinted with permission from Daniel Pocock
IBM Layoffs in MCC, or Marketing, Communications and Corporate Social Responsibility (CSR): IBM and Microsoft inflate their share price by circular financing
In Many Countries People Move Away From Vista 11: Vista 11 has been available for download for 4 years already, but adoption has been poor
Desktops/Laptops Fall to All-Time Lows in the UK, So Why Does British Media Quote a Famous Criminal on "End of the Smartphone Era"?: mobile usage (for Web access) has never been higher, based on an Irish surveyor, statCounter
The Groklaw Web Site Has Been Hijacked by Scammers: Groklaw.net isn't a safe site to access at this time
The Register MS gets Lazy, Uses Slop: Unlike 3-D renderings or "Classic" CG, slop images aren't quite original and definitely not fair use
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, August 18, 2025: IRC logs for Monday, August 18, 2025
Online Safety Act Does Not Tackle the Worst (and Biggest) Culprits: if our governments are serious about tackling online harms, then they need to look closely at GAFAM and social control media giants
Chat Control (1 and 2) in the European Union Sends the Wrong Message: This is an EU law
Slopwatch: Google News and Serial Sloppers (Fake Articles About "Linux"): Calling out the culprits
Gemini Links 19/08/2025: Digital Legacy and Chat Control: Links for the day
English Law Misused by Americans and Irishmen Against Brits is Unfair: There's always a way to improve existing laws
Overly Maximalist, Expensive, Localised Patent Law is Dooming Western Companies, Argue 3-D Printing Champions: We've long warned (over 7 years already!) that China's approach to patents will impress WIPO by gaming the totals but will doom the West
Links 18/08/2025: "Microsoft Store" Gets Increasingly Hostile, "Cracking Abandonware DRM": Links for the day
Gemini Links 18/08/2025: Summer "Gone" and Web Reposts in Gemini: Links for the day
Microsoft's Windows in Gabon: Still Moving Down: What is this Unknown? Who knows...
Links 18/08/2025: LLM Reputation Damaged, Australia Catches Google Foul Play: Links for the day
Geeks Like GNU/Linux: The technical community seems to be consolidating and rallying around GNU/Linux
GNU/Linux is 486 in Ireland: 4.86% that is
End of Reliable Media: it makes the world a worse place, it renders the Web a misinformation machine
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, August 17, 2025: IRC logs for Sunday, August 17, 2025
GitHub Won't Last Much Longer: Many things at Microsoft are going to go the way of the Skype (or "dodo"). GitHub will be among those.
We've Never Used Large Language Model (LLM): we just never used an LLM
"Secure Boot" is a Security Problem, Not a Solution: These people don't try to improve security but to undermine security
Gemini Links 18/08/2025: Retro and Endless Escape from the WWW: Links for the day

Microsoft's Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors' Faces

Comments

Recent Techrights' Posts