|
|
During surfing on the Internet, WWW sites with active contents can be loaded on the user's computer (e.g. ActiveX or Java Applets). This software can be purposefully used in order to spy out confidential data from the user and return such information to the perpetrator via the Internet.
A Java-enabled browser allows Java applets to be loaded from the Internet and performed without being detecting by the user. This causes serious security risks for the Java user:
Unlike Java, the functionality of ActiveX is barely limited. An ActiveX program can contain all commands up to the formatting of the hard disk. These small executable codes are called controls. The controls, usually distributed for illustration or entertainment can also have malicious elements which then have access to the file system of the user's computer or control other programs without being noticed by the user. ActiveX Controls can delete the hard disk, contain a virus or a Trojan horse, or search the hard disk for certain information. All of this can happen without the user or observer of the control noticing it. While the observer runs a game transmitted by the controls, this control can in the background search the E-mail for particular information.
By presetting their WWW browsers accordingly, users can ensure that only digitally-signed ActiveX controls are performed. However, such a digital signature only proves that the producer of the ActiveX control is known by a certification body and that the control provided by this producer was loaded unchanged. This says nothing about how such a control functions or if it is undamaged, and no guarantee is given for this.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: July 1999 |