> Don't think I'm missing the dry wit in your message, but anyone could
> have written a malicious NetScape plug-in if they wanted to and it
> would have had a far greater impact than any ActiveX object in today's
> browser arena,
It would have been no different than any other trojan horse (virus, etc).
You can't build a web page that automatically downloads and installs a
> ActiveX object has. And please don't tell me that you
> have to install a plug-in
Why not? It's the truth. You can hit a malicious page with a single click
with no intent whatsoever of being curious or engaging in risky behaviour.
> Besides, you can't control the installation
> of Netscape plug-ins any better than you can control the installation
> of ActiveX objects.
But you can. Netscape won't install a plugin without the user saying so.
Even if there was a plugin with a security hole, (and there no doubt
are) you can resolve the problem by saying "don't install Hotshit Elite"
like you can say "don't install pkzip 3.00". When the browser goes ahead
and downloads "Kludgescript 13" because it's got a signature the browser
likes without asking you, you've got a problem from now until Microsoft
comes up with some way of revoking certificates.
> Of course, the fact that ActiveX objects "today"
> are only risking Windows machines (the machines with Microsoft's
> operating system), means their only shooting themselves in the foot,
> not all the people running Unix, aren't they?
This isn't a UNIX versus MS thing (even ignoring WinDD, Softwindows, and
so on). This is a simple security issue.