SP2 vs. the plug-ins

While security experts applaud Microsoft's recently released Service Pack 2, some companies that distribute their software over the Web are watching the product's introduction with dread and suspicion.

For years, software developers have offered applications to the world in Microsoft's Internet Explorer Web browser through the company's powerful proprietary API (application programming interface) called ActiveX. The technology starts up external applications, or "plug-ins," within a Web page.

But a tool that can run good software in a browser can also run bad software, and as a result ActiveX has been implicated in a wide array of security scenarios, most recently in the surreptitious installation of adware, spyware and worse.

Microsoft's long-delayed and glitchy Service Pack 2, the security-focused update for the Windows operating system released this month, clipped ActiveX's wings with a more cautious alert system that springs into action when a Web site tries to run an ActiveX control, sprout a pop-up window or run other code.


ZDNet