Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

Published byHeather Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems."— Presentation transcript:

1 Active X and Signed Applets Chad Bollard

2 Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems  Examples

3 ActiveX ActiveX or ActiveX control Microsoft’s term - Component Object Model (COM) Used extensively in Microsoft Windows platforms especially web-based apps Controls can be a single push-button to complete spreadsheet controls Web developers use (VBScript) to create ActiveX controls

4 ActiveX Cont’d Netscape Navigator doesn’t recognize ActiveX The user's browser downloads ActiveX controls when needed. In this way, ActiveX controls are similar to Java applets. ActiveX security rests on the "Authenticode" system which is a scheme for identifying the authors of ActiveX controls. Security is therefore based on trust. Allows Word and Excel to be viewed directly in browser. MS Office is built in ActiveX components

5 ActiveX Security ActiveX controls are an integral part of systems and applications, and they are required for essential functions in many environments. Only capable in IE browsers Can cause systems to slow down or freeze Unknown downloads Avoiding Internet Explorer and Outlook does not guard you from all attacks based on ActiveX controls. Hacker can embed code to trigger harmful macros

6 Security Cont’d Difficult for system administrators to evaluate the risk presented by a given ActiveX control ActiveX controls share many attributes with ordinary executable files. They run directly on your hardware; they are generally opaque; they are written in a variety of high-level languages; and they vary substantially in functionality, quality, and security characteristics. Can gain access to everything on computer. Preview Pane in Outlook can trigger controls to be run without users knowledge.

7 Active X Security Concerns and Risks Download Concerns—importing and installing controls Execution Concerns—running controls Scripting Concerns

8 ActiveX Benefits and Security Features ActiveX controls promote reuse – reuse controls ActiveX controls are available to meet a wide variety of needs.

9 ActiveX Security Features “Administrator Approved” setting – Within each Internet Explorer security zone there is an option to run only the controls that have been approved by admin Authenticode – This family of technologies is used to digitally sign and verify executable content, and to control the download of code to the workstation Kill bit – The kill bit is a registry value that prevents Internet Explorer from loading an ActiveX control. It cannot be overridden by any security zone configurations.

10 Signed Applets Digitally marked Applets or Classes designating them as trusted pieces of code regardless of their origin or a trusted source Signing is particularly useful in Corporate intranets where you generally have a library of standard programs on a server Normally appear as foreign code to Java, but if signed then these applets can be granted special privileges like file access

11 Signed Applets Can be given more privileges than ordinary applets Digital signature consists of cryptography generated from both the applet to be signed and the private key of the signer

12 Unsigned Applets Operate with a set of restrictions called Sandbox Model.  May prevent applet from performing required operations on local system resources, connecting to web sites, accessing printer, or certain properties on clients computer Signed applets don’t have such restrictions

13 Signed Applets If browser accepts contact with User for Applet it will automatically be downloaded from then on If applet is new and hasn’t established a trust, a security message will be displayed which allows user to confirm consent Applet can be traced back to its source using the digital signature

14 Using Code Signing Features To release the application from the sandbox restrictions imposed on unsigned code To provide confirmation regarding the source of the application code.

15 Example Trying to Write File Trying to Sign Applet

16 Questions ?’s

Download ppt "Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems."

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
In Review JAVA C++ GUIs - Windows Webopedia.com.

In Review JAVA C++ GUIs - Windows Webopedia.com.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter Concepts Review Markup Languages

Chapter Concepts Review Markup Languages
Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.

Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.
Introduction to Web Database Processing

Introduction to Web Database Processing
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Distributed System’s Middleware: DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP.

Distributed System’s Middleware: DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

Similar presentations

Ads by Google