07.29.09

Microsoft’s Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors’ Faces

Posted in Microsoft, Security, Standard, Windows at 1:00 pm by Dr. Roy Schestowitz

Summary: Proprietary Web rears its ugly head — again

THE most detailed (as in references-filled) post that we have about ActiveX is this one. We also wrote about Novell's support of ActiveX and now we discover that the latest ActiveX flaw affects even Adobe and Cisco.

Microsoft’s ATL problem is spreading. Many other software vendors are affected, among them Adobe and Cisco. The total number of vendors with vulnerable controls is currently unclear. In an interview with heise Security, Microsoft executive Andrew Cushman confirmed that it is not known how many ActiveX controls are affected. Cushman said this is the first time a Microsoft library has been affected by a security problem. According to the executive, Redmond appreciates that this patch not only affects corporate IT teams, but also requires action from software developers.

A highly effective solution would be to ban ActiveX controls, as some companies have been doing for years; ActiveX controls were arguably added for competitive reasons despite the obvious dangers. It helped Microsoft create an Internet Explorer monoculture in the late 90s. A relationship between vulnerability and monoculture was also mentioned in this new E-mail. It is about another proprietary stain on the Web: Flash.

This highlights an unfortunate instance of monoculture — nearly everyone on the internet uses Flash for nearly all the video they watch, so just about everyone in the world is using a binary module from a single vendor day in, day out.

The World Wide Web was built on standards, which were intended to be implemented independently by many capable vendors. Then came Microsoft. This potential departure from standards puts at great risk the entire Internet.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Bill Gates [PDF]

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/07/29/proprietary-web-activex-fail/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. Yuhong Bao said,

    July 29, 2009 at 10:25 pm

    Gravatar

    On the matter of patching libraries like what MS just did with ATL, the LGPL requires that anyone be able to modify LGPL libraries linked into a program, regardless of whether that program is proprietary or free software. This way, if you want or need to patch a library (say to patch security vulnerabilities), you don’t have to wait for the vendor to relink the program.

  2. Yuhong Bao said,

    July 29, 2009 at 10:32 pm

    Gravatar

    Actually, though in general what I just said about patching LGPL libraries is true, in the case of ATL properly patching the hole may require modification to the source code of the programs linking with ATL.
    The changes needed were documented in this page from MSDN:
    http://msdn.microsoft.com/en-us/visualc/ee309358.aspx

What Else is New


  1. Links 10/5/2021: Huawei's GNU/Linux Laptops and Kotlin 1.5.0

    Links for the day



  2. Richard Stallman on Writing rm, ls, and cp (Also Working on Bison)

    Dr. Richard Stallman, the Free Software Foundation's founder, explains what programs he developed in the eighties



  3. Raise the Roof

    Out comes the taxpayers’ subsidy, assured; with military the sky is the limit (and bailout guaranteed)



  4. Richard Stallman Replatformed 10 Hours From Now

    Link to the talk (when it goes live)



  5. [Meme] Bill Says, Bill Saves

    Bill Gates seems more likely to be indicted than to win a presidential election/term



  6. IRC Proceedings: Sunday, May 09, 2021

    IRC logs for Sunday, May 09, 2021



  7. According to the Wall Street Journal, Bill Gates’s Relationship with Jeffrey Epstein Caused the Bill-Melinda Divorce (While the Media Deflected to Dr. Stallman, Using a Phony 'Scandal')

    It’s becoming rather obvious that there’s real substance to accusations that Mr. Gates was in some sense enabling Jeffrey Epstein; while Gates-funded media told us that he was saving us from climate change and a pandemic (PR stunts for empathy and sympathy) Melinda worked really hard to distance herself from him, the father of her kids



  8. [Meme] Bill, What's Your Opinion?

    While it's ludicrous to insinuate that Mr. Gates somehow "started" COVID-19 he certainly "rode the wave" for reputation laundering purposes, profit, and distraction from scandals that precede the epidemic in China (and caused his marriage to break down)



  9. Links 10/5/2021: SystemRescueCD 8.03, KeePass 2.48 Released

    Links for the day



  10. How We Process and Upload Videos Hosted in Techrights

    With ffmpeg as the Swiss army knife (and various other utilities/programs ‘in between’) it’s possible to automate much of the pipeline associated with video production and self-hosting



  11. Richard Stallman's Free Software Speech in 2020 (FSF Turning 35)

    We've re-encoded (as WebM) the likely sole/only speech Richard Stallman gave about his movement last year; today seems like a suitable time to republish it because tomorrow a British university/group will replatform him (to use their term)



  12. The Chaos Theory

    Making GNU/Linux less stable and less predictable isn't good for GNU/Linux users; but it certainly helps sell Red Hat support contracts and vexation inside the community weakens Red Hat's competitors



  13. Gemini and Techrights: Still Growing in Gemini Space and Always Supporting/Loving the Protocol

    As we continue to expand in Gemini space (where our very large site became a very large and likely the largest capsule) it's worth explaining some of the overlooked merits of the protocol; unlike the World Wide Web (WWW) it does not impose things on the user/visitor, who is more or less in charge



  14. Links 9/5/2021: KDE Frameworks 5.82.0 Release and Patents Related to COVID Subjected to Waivers

    Links for the day



  15. Act More 'Professional' to Appease Mobs

    We should all think alike, dress alike, and like everybody (especially the business overlords)



  16. IRC Proceedings: Saturday, May 08, 2021

    IRC logs for Saturday, May 08, 2021



  17. Some Background on the Free Speech Society at the University of Buckingham, Where Richard Stallman is Being 'Replatformed'

    A private British university, the University of Buckingham, will 'host' (virtually) the most-defamed person in the Free software world; the Free Speech Society is only two years old and rationality for its existence is explained by its co-founder James Oliver



  18. Web Sites or News Sites Perish When Their Arguments Are Weak and/or Invalid

    "Just be honest!" is a simple motto for any site; but some sites sell out in pursuit of money or grandiosity, unlike us (we turned 14.5 years old on Friday)



  19. GNU/Linux Turns 38 (in 4 Months From Now)

    Contrary to what the Linux Foundation wants you to think, the operating system turns 38 later this year



  20. Richard Stallman: Steve Jobs Did Some Very Bad Things

    Dr. Richard Stallman told me about Steve Jobs that he had helped digitally imprison computer users



  21. GNU/Linux Founder Richard Stallman to Give a Talk at the University of Buckingham Tomorrow (Live Stream)

    Tomorrow it will be possible to watch this new talk live using Free software



  22. Then We Take Berlin...

    Homage to EPO, based in Munich and Berlin (and defended by the government in Berlin)



  23. The Right to Assemble, Fundamental Rights of Ownership, and Many Other Rights Are Under Attack

    Techrights will be dealing a lot more with erosion of what people have come to assume were “rights” (real rights, such as human rights, labour rights, not copy “rights” or patent “rights”); when rights are reduced to rubble the long-term consequences are severe, shows history



  24. TechBytes Episode 91: End of Privacy and End of Windows 10X

    Tim and Roy produce their 2nd audiocast since TechBytes returned



  25. The Cancel Song

    People who work for (or receive funding from) Nazi-associated IBM are still trying to turn the work/legacy of Richard Stallman (RMS) into dust/ashes



  26. Pro-Software Freedom Advocates and Free/Libre Software Supporters Face Barriers Due to Domination of Communication Channels (Beyond the Media)

    A carefully-checked assessment of an overlooked aspect surrounding the 'cancel mob', which incites and brainwashes people based on lies; there's an attempt to control channels of communication (e.g. Open and Free Technology Community and Freenode) and to generally suppress people who support the founder of GNU/Linux



  27. Bashing Free Software and GNU/Linux is a Terrible Business Model for Publishers

    Contrary to unflattering portrayals by hostile media that's sponsored by foes of Free software, the usage of Free software grows, even if things such as DRM and surveillance stand in the way of software freedom (which was wrongly assumed to be ushered in by Free software, irrespective of malicious features like 'telemetry')



  28. Links 8/5/2021: GIMP 2.99.6, Wine 6.8 Released

    Links for the day



  29. IRC Proceedings: Friday, May 07, 2021

    IRC logs for Friday, May 07, 2021



  30. [Meme] Outsourcing Audacity Development to Microsoft Proprietary Software and Then Copying Microsoft Tactics (and 'Telemetry')

    They've had the audacity to call it "telemetry" and pretend that surveillance companies (spying giants) cannot figure out who you are based on IP addresses


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts