Microsoft's Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors' Faces

Dr. Roy Schestowitz

2009-07-29 18:00:06 UTC
Modified: 2009-07-29 18:00:06 UTC

Summary: Proprietary Web rears its ugly head -- again

THE most detailed (as in references-filled) post that we have about ActiveX is this one. We also wrote about Novell's support of ActiveX and now we discover that the latest ActiveX flaw affects even Adobe and Cisco.

Microsoft's ATL problem is spreading. Many other software vendors are affected, among them Adobe and Cisco. The total number of vendors with vulnerable controls is currently unclear. In an interview with heise Security, Microsoft executive Andrew Cushman confirmed that it is not known how many ActiveX controls are affected. Cushman said this is the first time a Microsoft library has been affected by a security problem. According to the executive, Redmond appreciates that this patch not only affects corporate IT teams, but also requires action from software developers.

A highly effective solution would be to ban ActiveX controls, as some companies have been doing for years; ActiveX controls were arguably added for competitive reasons despite the obvious dangers. It helped Microsoft create an Internet Explorer monoculture in the late 90s. A relationship between vulnerability and monoculture was also mentioned in this new E-mail. It is about another proprietary stain on the Web: Flash.

This highlights an unfortunate instance of monoculture -- nearly everyone on the internet uses Flash for nearly all the video they watch, so just about everyone in the world is using a binary module from a single vendor day in, day out.

The World Wide Web was built on standards, which were intended to be implemented independently by many capable vendors. Then came Microsoft. This potential departure from standards puts at great risk the entire Internet. ⬆

"Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also."

--Bill Gates [PDF]

Comments

Yuhong Bao

2009-07-30 03:25:46

On the matter of patching libraries like what MS just did with ATL, the LGPL requires that anyone be able to modify LGPL libraries linked into a program, regardless of whether that program is proprietary or free software. This way, if you want or need to patch a library (say to patch security vulnerabilities), you don't have to wait for the vendor to relink the program.
Yuhong Bao

2009-07-30 03:32:27

Actually, though in general what I just said about patching LGPL libraries is true, in the case of ATL properly patching the hole may require modification to the source code of the programs linking with ATL. The changes needed were documented in this page from MSDN: http://msdn.microsoft.com/en-us/visualc/ee309358.aspx

Approaching 10,000 Articles/Pages Since Going Static: Trying to silence or derail the site was always a dumb strategy
Microsoft is Shedding Off Loads of Staff and That Can be Dangerous Too: Working for Microsoft is a choice; nobody forces you to do it
Richard Stallman and the Unix Philosophy: When asked about systemd people must remember that RMS speaks as an active Board member of the FSF and also the founder of the FSF
Get Rid of Back Doors, Don't Obsess Over Bounties and Other Corporate PR Stunts (or Needless Reboot Rituals): Security as a term has mostly lost its meaning due to repeated misuse for many years
Serial Sloppers Are Killing the Web (They Probably Don't Care, Either): Slop is a disease on the Web
IBM's Debt Ballooned by 8.5 Billion Dollars in Just 3 Months!: Hallmark of a company in a state of disarray, trying to spend its way out of trouble
Big Trouble in GNOME: even GNOME people admit the CoC went wrong
Links 25/04/2025: Slop Fatigue and Patent Judges Flocking to Fake, Unconstitutional and Illegal Kangaroo Court (UPC, Captured 'Justice'): Links for the day
Gemini Links 25/04/2025: Night Manager and Devuan in Hosting: Links for the day
Windows Falls to New Lows in Nicaragua, Now Below a Quarter (It Used to be Almost 100%): Another all-time low for Windows
The Cost (to Linux) of LLM Slop: Slop 'artists' like Fagioli are far from harmless
Links 25/04/2025: Ubisoft Spyware, Hegseth Fails at Tech on Every Level: Links for the day
Gemini Links 25/04/2025: Food Forest Update and Facebook Destroying the Net: Links for the day
Streaming Apps Are “Investor Fraud” That Kills the Planet: Reprinted with permission from Ryan Farmer
Things Get Increasingly Nasty at Microsoft Ahead of the Fake Results and May's Mass Layoffs Wave: They try to get people to 'resign' so that they won't count as layoffs and the company's 'wellbeing' will seem better
Slopping the Trough: Disney Plus Loses Billions and the Decline of Physical Media in America: Reprinted with permission from Ryan Farmer
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, April 24, 2025: IRC logs for Thursday, April 24, 2025
Links 24/04/2025: GAFAM Problems and No Peace (or Ceasefire) in Sight: Links for the day
Slopfarms on the Web Almost Always Generate Anti-Linux FUD When They Produce "Linux" Output: Welcome to the dying Web
Richard Stallman's Oxford Talk Has Just Ended, Here Are Some Photos: he might hop over to another European country
Gemini Links 24/04/2025: Birthday and Good Work of Academia in Esotericism: Links for the day
Links 24/04/2025: EU fines Apple and Facebook, Another Microsoft GitHub Security Blunder: Links for the day
New Article Explains How the GPL Came About and WordPress Having Copyleft Obligations: Having been involved in the WordPress development community since almost the beginning, I know why it chose the GPL and how it restricts abuse by Automattic
IBM Gained Almost 6 Billion Dollars in "Goodwill" Value in Just 3 Months, According to IBM: Congrats to the management!
In Belarus, Yandex is Now Measured as 50 Times More 'Popular' (by Usage) Than Microsoft: Yandex continues to gain, whereas Bing cannot even register at 1%. Last month it was registered or measured at a measly 0.65%.
IBM Cannot Lie to Shareholders Anymore: "I would not be surprised if we see a layoff every quarter this year."
Dr Richard Stallman (RMS) Gives Talk in Oxford University in 4 Hours: If you live nearby, go there (it's free as in gratis)
Using a Law Firm's Licence to Exercise Politics Through Frivolous SLAPPs and Nastygrams (to Silence People, Remove Pages, Demand Fake or Forced 'Apologies'): Things must be getting really bad when lawyers act for raving antisemites
We're Working to Make Full-Site Search Available: This site has over 1,000 'wiki' pages, many thousands of documents, several thousands of videos, and about 50,000 blog posts or articles. We need to make them easier to find/navigate.
Links 24/04/2025: IBM Loses Many Contracts, Intel to Lay Off Over 20% (Not Counting Those Who Leave 'Voluntarily'): Links for the day
Richard Stallman Can Explain to Oxford Artificial Intelligence Society Why LLM Slop is Not Artificial Intelligence and Why It Hurts Society: another 'crop' of LLM slop that damages GNU/Linux and facts
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 23, 2025: IRC logs for Wednesday, April 23, 2025
Open Source Initiative (OSI) Promoting Microsoft and Proprietary Software Using Microsoft Operatives: Because nothing says "Open Source" like GPL violations facilitated by Microsoft
Another Site Bites the Dust: "Open Source For You" Becoming a Slopfarm (LLM Slop): What a shame. Another dead site.
Links 23/04/2025: Crackdowns on Dissent, Palin Loses Libel Retrial Against New York Times: Links for the day
Links 23/04/2025: Hard Times and Digital Amnesia: Links for the day
The GNU/Linux Site Formerly Known as "linoxide.com" is Back... as an LLM Slopfarm!: Better for linoxide.com to go offline than to do this
Richard Stallman to Speak in Oxford University Exactly a Day From Now: outsourced to GAFAM
Links 23/04/2025: "Hiding Corruption" and "The Cost of Defunding Harvard": Links for the day
Microsoft 'Studies' Again? Leon Musolff is Writing Papers With Microsoft.: Even if one can see/find a link to "the study" (in the Bezos-controlled publication), most people won't look any further and just take everything at face value.
Towards GNU World Domination: The FSF led by Geoffrey S. Knauth with his friend Richard Stallman in the FSF's Board [...] Let's encourage people to adopt GNU/Linux. There has never been a better time.
statCounter Helps Visualise Just How Deep in Trouble Microsoft is (Especially in Africa): Microsoft sabotaged efforts to connect Africans and equip them with GNU/Linux laptops
The Register is Using Linux-Hostile Clickbait in Articles of Linux Proponents: Don't be a "whore" to advertisers, team El Reg
Microsoft Windows in Cyprus Lacking a Future: Most people access the Web there from mobile
Matrix Has a Severe Problem With Illegal Images: If Matrix cannot get the CP problem under control, many projects and people will dump Matrix
Never Try to Justify Strangulation of Women (Not in the US and Not in the UK): Joint post by Mrs. Rianne Schestowitz and Dr. Roy Schestowitz
Links 23/04/2025: Tesla Profits Plunge 71%, Intel Ready to Lay Off 20% of Staff, Microsoft and IBM Layoffs: Links for the day
Microsoft's Most Profound Issue is That People Moved to 'Mobile' and "App Stores" (Microsoft's Presence There is Negligible): Expect a wild ride for Microsoft this year
Google News is Amplifying FUD and Lies About Linux (and OpenSSH/SSH) by Promoting Slopfarms With Machine-Generated FUD and Slop Images: Google should know better
Gemini Links 23/04/2025: Librarians, Anubis, and Refactoring a Gemini Capsule: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 22, 2025: IRC logs for Tuesday, April 22, 2025

Microsoft's Extend-and-Extinguish with ActiveX is Blowing Up in Rival Vendors' Faces

Comments

Recent Techrights' Posts