Does ActiveX need to have access to the Internet?

Discussion in 'other firewalls' started by HandsOff, Apr 20, 2005.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I know it does during the install, but afterward? Does it still need access. Sorry if its a trivial question, but even I get tired of finding things out the hard way.

    Also, I have removed access for this one, but still, if anyone knows, why on earth does the windows explorer want to connect to the internet. My wild guess? Maybe some technicality connected with the default search behavior settings, and a desire to active their internet search trap? Just guessing.


    -HandsOff
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    ActiveX wants access :doubt: o_O
    Due to the fact Windows Explorer(WE) and Internet Explorer are interconnect at the knees....it was or is a common occurence for that Firewall to display an outbound request for WE.

    What Firewall are you using ?
     
  3. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I'm not sure what you are really trying to ask here. ActiveX is not really a specific process or thread that runs on your PC, rather ActiveX is more of a method of programming. ActiveX is sort of the marketing name given to a form of programming called COM automation. COM stands for Component Object Model, and to explain COM automation in any detail would require some significant amount of time. Basically what it allows programmers to do is to manipulate existing code "objects" or "controls" through a somewhat standardized methodology.

    ActiveX is most famously (or infamously, depending upon viewpoint) linked to Internet Explorer and it's use of ActiveX controls that can be download via HTTP. However, IE is not the only program that can, or does, make use of ActiveX / COM Automation. In fact, ActiveX technology is used fairly extensively throughout Microsoft Windows, Office, etc. A programmer can fairly easily write code that can manipulate to great affect the COM automation components supplied by Microsoft Excel, Microsoft Word, Internet Explorer, etc. In fact, it is precisely because of IE's internal construction based upon COM automation that allows 3rd party developers to provide useful alternatives like Maxthon and Avant Browser. It really is a quite powerful mechanism, although sadly one that is rather poorly understood and somewhat maligned by consumers.

    There is nothing inherently magical or even evil about ActiveX. It is simply another method of software distribution. Many people that will go raving mad about the mere mention of ActiveX will, nevertheless, often be the very same ones that will think nothing of downloading and installing programs from suspicious websites. ActiveX is a powerful tool for better or worse, just as installing any code can be either useful or extremely harmful to your system. Back in a kinder, gentler day Microsoft envisioned that the primary method of determining whether code should run or not was based simply on the trust model. Either you trusted a publisher of code or you didn't. Thus, ActiveX implemented a "signed code" scheme. Code is signed with the publisher's digital certificate and either you trust them or you don't. Could IE's enforcement and management of ActiveX downloads and controls been implemented in a more understandable and more informative manner? Certainly. However, should ActiveX be avoided like the plague? Depends, but generally I would so no as long as the user is not a child and as long as the user displays some amount of common sense.

    Now, back to your question... Does ActiveX need to have access to the Internet? Well, no firewall should really quite phrase it like that since it's sort of akin to saying "Does C++ need to have access to the Internet?" It's a little nonsensical. Rather what you may be asking is should you enable or disable Internet Explorer's use of ActiveX controls? If so, then I would direct you to this thread that explains whether there is "Anything to miss with ActiveX?".

    Windows Explorer can seek access to your local LAN as well as to the Internet for a wide variety of reasons, including but not limited to: mapped file shares, integrated URL browsing, Network Neighborhood browsing, support for Internet Printing Protocol (IPP), support for Web Distributed Authoring and Versioning (WebDAV), etc. In practice it is relatively uncommon for most users to make use of Windows Explorer's access of Internet sites, but very common for most users to make use of Windows Explorer's access of local LAN sites. Depending upon your particular firewall and how it chooses to report outbound TCP/UDP connection requests... the local LAN accesses may or may not show up as outbound requests for Windows Explorer as well. The only thing really sort of separating "local LAN" access from "Internet" access is how one defines his or her local subnet and other trusted IP subnet ranges from requests simply headed to undefined, default gateway addresses.
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    As Alec has indicated, ActiveX applets are like programs in that they can be useful or harmful. A harmful ActiveX applet can mess up your system in a variety of ways and does seem to be the most often-used mechanism for spyware installations - it therefore makes good sense to only permit ActiveX from websites you trust.
     
  5. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Oh, man, I am so sorry! I have some kind of version of dislexia or something that always makes me say ActiveX when I mean DirectX. I feel really bad about posting the question and wasting peoples time.

    I do have a limited understanding of ActiveX, only because I read these wilders forums alot.

    DirectX i don't know much about. My impression is that it has to do possibly with instructions sets that are made available to aid developers of programs that manipulate video. I assume they require o/s and hardware support. Anyway, why would it connect to the internet? Surely it would not update routines without the knowledge of the computer operator? I am tempted to think that some of these programs may not really be trying to connect. So I block them. But if I am wrong, I may get in trouble. that's why I (meant to ask about DirectX).

    To Bubba - NPF2003 And no, it wasn't foisted upon me by my worst enemy, I sort of, well, you know...like it. Don't tell anyone!

    To Alec - BTW I think some user's feel insulted by the way a lot of control, and in many cases the existance of issues is swept under the rug because developers like MS assume we don't want to worry our pretty little heads over this or that. I think at best they are living in the past. issues have forced virtually all users to a level of knowledge that at least includes informed consent. Index.dat might be an example [just because its on my mind]. wether its good or bad, things that concern privacy issues should at least be presented to users as advanced options or something. If MS had included a require ment for activeX installation to be explicitly acknowleged, or even notification that an activeX installation had taken place....but no, we didn't have to worry about it, and look what happened. Just my opinion but the does seem to be some diabolical character to the implementation of ActiveX. But you might prefer to see the handgun as innocent, and only the shooter is to blame for using it.

    - HandsOff
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    DirectX provides facilities aimed at games - specifically sound, graphics and network access (via DirectPlay). It will therefore need network access only if you run a DirectX-using game over a network (almost all games in Windows use DirectX - the only exceptions would be very simple games lacking any 3D graphics/sound or Windows 95 ones using DirectX's predecessor, WinG).
     
  7. treat2

    treat2 Registered Member

    Joined:
    Apr 23, 2005
    Posts:
    26
    I'd have answered the question, but as with all Forums, I timed out while replying, which required that I initiate a new instance of IE to talk to the Forum again, and wiped out the copy of my reply that I had stored in the copy buffer, as a result of copying the URL from the previous hung instance of IE, to the newly created instance.
    Oh well. Everything's normal, and it would take too long to reconstruct a reply again.

    Heed the advice in reply #4. Amongst the many services that people on the Net mess with are COM, COM+, DCOM and System Events. Those and quite a few others should be Disabled (not even set to Manual, as I've seen Services be started as a result of interaction with the Net, and whatever garbage someone attempted to use to mess with my system in the past.)

    Just a lil other comment.... aside from Explorer, which should not be granted access to the Net (despite whatever ZA asks you), there are dozens of other EXE's, DLL's, and other things in system32 that also should be prevented from even being initiated, that may or may not ask for Net access, depending upon your Firewall.

    ZA's idea that WE needs and often wants Net access is a quirk of ZA. Per Explorer, and other things block Port 1900 in all directions to / from anyone. There are a few dozen other Ports to be blocked, but Firewall vendors like Symantec, Check Point, Inc., and all the others, figure you're all experts, and know about them in your sleep.
     
  8. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Treat 2 -

    My annoying, but well intentioned response is to write your response within a text editor, and then paste it when you are done. I do this, oh, maybe 10% of the time.

    I am surprised it happens that often. i think it happens to me mostly when I click on the preceeding incarnation IE explorer window - in other words

    1) click mail
    2) follow link to wilders
    3) start post
    4) go back to check mail befor post is posted (by clicking mail on the taskbar)

    I'm sure there are other recipes for disaster, but that's one for the books.


    To Paranoid -

    Ahah! its that damn pinball game. as if i would play that on the net. Now, if they made "you don't know Jack" as a web game (probably wouldn't work) that at least in principle, would be fun.

    I don't think yahoo backgammon would do it. I can't afford to take chances, I better just leave it with access.

    Actually, maybe it could work! That would be great. It would bring up to 5 the number of good uses for a computer.


    - HandsOff
     
Loading...
Thread Status:
Not open for further replies.