Deadly Controls ActiveX threatens Internet security, yes. But, more interestingly, it may also threaten national security. Microsoft's ActiveX technology is the single greatest technological threat to the future of the World Wide Web. Microsoft's ActiveX promoters are either so blinded by their own rhetoric that they don't see the danger of this new technology, or else they are so cynical that they would destroy the very essence of the Internet rather than compromise their market dominance. The reasoning behind ActiveX technology is fairly straightforward. Web publishers want to distribute much more over the Internet than they have in the past, but until now they've been limited by HTML's constraints. You might have a complicated animation that's simply too big to stuff into an animated GIF, or a spreadsheet that you want users to be able to alter. You might have a complicated simulation that you want to let users run on their own computers, rather than your server. It's impossible to build all these capabilities into a general-purpose Web browser. ActiveX to the rescue - it lets you extend your browser on the fly. If ActiveX is successful, the only computers left on the Internet will be Intel-based PCs running Windows 95 and Windows NT. ActiveX is designed to solve the same sort of problems that Java and Netscape plug-ins do. But ActiveX does it in a way that's far more dangerous. Rather than having programs running on a virtual machine in a safe "sandbox," the way Java does, or requiring users to actively download and install the new programs, the way a Netscape plug-in does, ActiveX lets your Web browser automatically download the program and execute it without your knowledge. To see a demonstration of ActiveX at work, take a look at Microsoft's ActiveX stoplight. (Remember, ActiveX is only available today on Internet Explorer 3.0.) Are you a controls freak? Discuss. The latest post to Tech is "Shareware" by Brian Elliott (bpelliott) Subscribe to PacketFlash, for Packet news. The first problem with ActiveX is that, unlike HTML and Java, it's not cross-platform. Earlier this year, when Microsoft first announced ActiveX, the company said that it was publishing the application program interface, or API, to make it cross-platform. And Microsoft also planned to build into future versions of Explorer a version of ActiveX that would run on other platforms. Theoretically, this means that a Web browser running on a Macintosh or on a Unix box could use the same protocol to download and run ActiveX programs, which Microsoft calls "controls." Unfortunately, while the API may be cross-platform, the controls aren't. They're written in C or C++ and compiled in Intel x86 Assembly language, making them executable only on Windows machines. They call the standard Windows Win32 APIs. And there's a reason for that: The only way to write a truly cross-platform ActiveX control is with Java. And if you're going to write it in Java, why use ActiveX in the first place? The alternative is to develop a Windows version of your control, a Macintosh version, a Sun version, an SGI version, and so on. And to make matters worse, if you go to the trouble of developing all those controls, you'll need to put them all on their own HTML pages. That's because the ActiveX file format doesn't have any way of specifying multiple binaries in a single executable. ActiveX even locks out Windows NT power users who happen to be surfing the Web on a DEC Alpha. The second big problem with ActiveX is security. A program that downloads can do anything the programmer wants. It can reformat your hard drive or shut down your computer, as demonstrated by this interesting "Exploder" Web page developed by Fred McLain, CEO of Apropos in Seattle. Go ahead and click on the Exploder link: You'll have 10 seconds to abort the shutdown procedure. Make sure you've saved any open files. It's theoretically impossible to eliminate these security problems within ActiveX. So Microsoft is following a different tack. It's enlisted the help of VeriSign to develop a code-signing initiative. Here's how it works: Internet Explorer examines the digital signature of every control it's about to download. If the control is signed with a secret key that's been signed by a VeriSign software publisher's key, Internet Explorer runs the program without complaining. If the control is unsigned, Explorer puts up a warning message. McLain got himself a software publishers key, signed his Exploder control, and put it up on the Internet. And then he had VeriSign coming after him, because in signing the applet he had violated VeriSign's "software publishers pledge" not to sign a piece of malicious software. VeriSign asked McLain to remove the offending control from his Web site. When he refused, they canceled his digital ID. McLain then got spooked by his lawyers, which is why he took the Exploder control off his Web site. I've put a copy on mine. It's still signed by his key. What would be really interesting, McLain said, would be to create an ActiveX control that performs a useful function, like a 3-D version of Minesweeper, but on the side it scans your hard drive for secret and confidential documents. When it finds them, the control could send the documents out to a Web server in Argentina using a series of encrypted HTTP post commands. That could get the documents out from behind firewalls. or practically anything else. Why go to the trouble of writing a control like that? Because the US Navy has recently decided to use Internet Explorer as its Web browser. So now you know what's wrong with ActiveX. If it's successful, the only computers left on the Internet will be Intel-based PCs running Windows 95 and Windows NT. And the only Web pages that people will dare look at will be those published by major corporations, because looking anywhere else on the Web will be too risky. Talk back to Simson Garfinkel in his column's Threads. Illustration by Dave Plunkert Join the HotWired Network, it's free. Members log in. Previously in Garfinkel ... Copyright © 1996 HotWired, Inc. All rights reserved.