According to Ian Miller:
> >Authenticode is the ideal model for today's
> >society. It doesn't prevent anything, but gives you the name of the
> >person/company/etc to sue if their stuff does anything wrong.
> >That is a solution?
> It is provided:-
> 3) All the "person/company"s who are signing controls in good faith are also
> sufficiently careful and competent to ensure that other malicious persons
> cannot subvert their benign Active-X controls for malicious purposes.
Your points are quite right.
The later is a big IF obviously, and it doesn't apply only to ActiveX: it
applies to any software. The "Microsoft" label on a CDROM is exactly the
same, a signature you're supposed to trust. Now I believe it didn't
stop Microsoft from selling CDs with the infamous Word macro-virus
everybody is currently plagued with...
> assume here that the courts will not allow unlimited consequential damages
> against suppliers of no-warranty free software. However this seems a fairly
> safe assumption. I am certain this is the case in the UK.)
Isn't there a fee to get a certification key from someone ? I seem
to recall it's not free. That would make the case of free software moot,
once and for all. Good move for Microsoft :-(
> There is also the problem of how you determine the "name of the person" if
> the control has just deleted itself along the rest of the contents of your
Good point. And then you have to show that the applet is guilty...