ActiveX and Code Signing
- ActiveX applets are based on Microsoft's
Component Object Model (COM)
- ActiveX applets can access all the machine's resources
- They are signed with a digital signature to ensure their origin.
- A similar option is also offered for Java code
- Users are supposed to trust signed applets as they trust
- All or nothing proposition
- Who do you trust?
- Programs from trusted sources may contain vulnerabilities
- Programs from trusted sources may unknowingly contain
malicious code (e.g. by linking with a library)