Malicious Mobile Code: Virus Protection for Windows (OReilly Computer Security)

ActiveX is a popular code-distribution platform with a fair amount of potential security holes. ActiveX's security is based around the concept of signed digital code. If you follow Microsoft's strict dogma of only accepting signed code, the risk of hostile ActiveX code is minimal. However, the lack of signed code means the decision to trust a particular piece of code is often left up to the user , who is not able to make an educated evaluation. It is hoped that Microsoft grants granular security to the ActiveX model and wraps controls in a protective cocoon, like the Java sandbox. Chapter 11 completes a four-chapter discussion of malicious code in the Internet browser environment. Chapter 12, on email attacks, is related because most of what we just discussed can happen in an HTML-enabled email client.