The ActiveX and Exploder Guestbook
Read through the messages below then sign in or
sign the guestbook now
If you have trouble seeing your last post, try reloading this page.
Last Message Mon Aug 23 10:44:02 PDT 2004
Read through the messages below then sign in or
sign the guestbook now
If you have trouble seeing your last post, try reloading this page.
Last Message Mon Aug 23 10:44:02 PDT 2004
Can I test it on a web ^page of mine ?
Or is it illegal ?
fred
can you tell me how to configure runner to run a different
application other than command com as we wish to use this
applet to run word or excel legally as a function on our pages
keep up the good work
andy bowers
sysop sraighton middle school
i just wanted to let you know, mcafee viruscan 4.x dosent like your site one bit. as a matter of fact, it tried to block it!
Interesting article and FAQ. But I don't think people will accept a more restricted version of ActiveX. Putting it simply, many people WANT the features made possible by the ability to write to the Hard Disk etc, and in essence it is no different from downloading shareware from the web, etc. You still have no idea whether the 'company' you download from is legitimate or whatever, but most people would still install the program regardless!
PS: Why the REALLY tiny font on your web pages? Very difficult to read, and it's a pain to have to change browser font sizes just to change them back again when viewing other sites.
:-)
Colin.
MANY MANY THANKS <<REALY>>
AM RAING TO FIND MANY SITES LIKE THIS ....
AND I HOPE YOU TO << UPDATE ALL PROGRAMS >> ALLWAYS
NICE TO BE HERE..
PLS ANY ONE IF YOU KNOW MORE SITES LIKE THIS
PLZ PLZ E-MAIL ME AND IF YOU HAVE ANY << PROGRAMS >>
YOU WANNA SEND TO ME
MY E- MAIL ADD:
VIOLINA.V@USA.COM
MY ICQ : 1824424
PLZ CALL ME ..
MANY MANY THANKS AGAIN
MEDO
What's the big deal? Everyone with any brains knows ActiveX, Java, and the rest are sucker punches aimed straight at ignorant chumps. Nothin' on your page worked. I run IE3.02 with everything disabled. I'm pretty sure I'm not missing out on anything important.
I'd like to say that I've realized for a while now that having actual programs running on your computer via the web can be extremely dangerous, as well as beneficial. Take Windows Update for example...it runs a setup utility using ActiveX to install certain components. This saves me time, yes, but couldn't anyone else do the same thing? I was looking into ActiveX for use on my own home page and found a control for "background downloading." This has HACK ME written all over it!! It really worries me! It worries me enough to turn off ActiveX controls completely. As wide as my eyes already were, you've opened them even wider with Exploder. I'm sorry that you're being troubled just for alerting the world. Frankly, I'm wondering what they were thinking when they created this ticking bomb...
CrotchWhistle
Was Just wondering why exploder runs even if you say no, and runner wont run unless you say yes??
Yea, I am interested in ACtiveX. Specially , about rhe JavaBeans-ActiveX bridge and Microsoft's ActiveX Technology.
loseing my faith
At one time, someone said, "The light bulb; what do I need one of those for? I have a candle" and "The fountain pen; thats just a passing trend. We will be back to writing with feathers next week."
Renouncing ActiveX will someday sound just as silly.
Hi, my name is Scott Phillips and I make ActiveX controls in VB and have had my share of headaches with the technology. I would like to say that Microsoft did quite well when developing this technology but most people are use to the ease of their other software. The very nature of what ActiveX is, prevents it from being easy to learn and use. Keep in mind that it is not just applets like JAVA or stand alone software but rather third generation DLL. What that means to the laymen is, "THIS STUFF IS POWERFUL and is capable of doing lots of really cool stuff if your patient and are willing to learn how it works."
I feel it is essential to the evolution of the Internet that low level applications run within browsers. If you have questioned the ActiveX technology and have sought out answers then you are already one step ahead of those that havent even heard of it. dont give up. At this point you are a forerunner in this area and as the rest of us, will have to wait for the others to get up to speed. Meanwhile, we will have to wait for newer versions of browsers to come out that are more user friendly with the technology.
To enable ActiveX within IE you must:
be running IE 3.0 or later> click VIEW on tool bar > select INTERNET OPTIONS > select the Security tab > in the Internet Zone frame select LOW security radio button.
If your a developer and your control could not be found by the user:
Check the case of your file name. Some FTP utilities like to change the case of the letters in the file name. (Example: myactivex.cab > might be switched to> myactivex.CAB)
Feel free to contact me if these tips didnt help you or if you have other questions.
Scott,
Would you buy, lease or service a new or used car from Bill "Microsoft" Gates...?
Well, you see, the question is... is Exploder "installed" in your web page" so all of us can "taste" its effects? I ask it because my AntiVirus says so.
Thanks
good, I like it.
take your shit off the net right now as i have had me site bombarded by your shit i will be contacting my lawers so be ready for a right good ass kicking
Nice work.
Some light in the dark webs M$ wnats to spread all over.
Was Just wondering why exploder runs even if you say no, and runner wont run unless you say yes?? Why does PC not shutdown when I run exploder in second time?
Hello. I am a techno-peasant with a question about ActiveX. Starting on November 7th, the e-mails I would receive from my son were accompanied by a message that said, "An ActiveX Control on this page is not safe." It goes on to tell me that the security stuff on my computer won't let it run, etc. But, when I receive that message, my screen freezes up. I don't have to re-boot; I can just "end task," but you can see why it's annoying. These messages only accompany e-mail from my son. They appear even when I revisit saved messages. He insists that they're not coming from him, that no one else receiving e-mail from him is getting them. I know virtually nothing about the net, e-mail, "exploders," etc. But, I would like to know (1) where this might have come from if not accompanying my son's e-mails; (2) if it is coming from him, how to track down where he got it; (3) how to get rid of it (for him and me). Thank you for your help. Pam
Its not working anymore with the new IE5.x - even medium security will no allow you to run it
any thoguhts ? email me importx@newmail.net
Can any one tell me how to write a file to a surfer pc ??.. with out asking.. emmm ;)
Thanx.. bye
gg
Hi.
I am a college Student Attending Rowan University in Glassboro New Jersey. I found your RUNNER page as well as the Exploder page and was quite interested. I am working on some projects involving running files off web pages (with no user input at all) and on a separate note (a separate class) I am looking at issues with Web Security (Or lack thereof).
Anyway, I was wondering if I could get more info on the RUNNER program. I was interested in editing it so that it can do the following.
The user (or the computer automatically) Clicks a link, and that takes them to a web page.
That web page will DOWNLOAD a self extracting EXE file (a database update for salespeople in the field)
and will then RUN the file, extracting the new data overtop the old data. This program needs to run in the background without the users input.
I was wondering if you could help me in ANY way with this project / interest / concern of mine.
Thank you VERY much
--Geoff Gelay
Rowan University Computer Science Major.
I have developed an ActiveX control for IE and a Plugin for Netscape. Both of them are
developed using VC++ 6.0. I have signed both using verisign certificate and they
are working fine in windows platform 95,NT workstation, NT Server and 2000.
But when I access the html page in Mac OS 9 it is not downloading either the
ActiveX/Plugin. Basically I am not getting the Grant Permission dialog box (the one
which shows the sign certificate detail and asks for the user to Accept the download).
Can you tell me why I am not getting the controls on Mac?
How do I access these existing ActiveX/Plugin in Mac machine?
FYI, I have set the security level of the broswer to Medium (prompt when an ActiveX/Plugin
is downloaded). I have tried this in Netscape 4.04/4.7 and IE 4.5.
The above mentioned problem also exist for my applet.
- Ayyappan
yeah im here cause dean asked me to see hes website. dont know much about the programs but i liked what he said about me in his scrapbook and though u r an ass at times u r my closets friend in the world dean...and a lot more mushy stuff.
^TiGgEr^
Why does McAfee VirusScan block access to your web site at:
mclain.wa.com? There are only 2 web sites that come as a defaults to block in VirsuScan and yours is one of them? Is there any significance to this? Doesn't this affect your ability to convince people that you are a trustworthy programmer?
Randy
how to avoid the warning of " do not run ActiveX object in your computer while it is been used in the javascript of the web page written in html?
COOL COOL
I am a VB programmer. I Downloaded the Exploder.ocx control. I then put it on a Visual Basic Form and 10 seconds later it crashed my computer. I tryed to start my computer but the boot up always fales. Why is this?
pls tell me how to call initiatesystemshutdown function with win32API
Hello!
Can anybody help me by giving suggestion about my following query......
Suppose I have a HTML form with two textfield, one Textarea and one submit button. The logic is when somebody submit the button the contents of the form field will stored within a text file.
Using only JavaScript("scripting.fileSystemobject") I had done the thing but the same is not supported by a particular "WEB Server" -- showing that "No Object can be created".
How this problem can be solved.
regards
Anjan Biswas
Dear frind;
Iam also a part of Lawers family so I have called you friend. Iam fedup of my country justic & law.I am practicing since ten years as a lawer & found nothing write for huminity & justic. So I wish to come to a society where is real justic & law. I am not intrested in worth.I am having 10 thousand ponds which is enough for me to start anew life.I dont want to bring up my children in such a society.MY children are very small so I want to come out from this society to a hounour able society for sake of my children.I hope you can understand my problem & consider my application & will save me & my family.
Thank you.
the link to the demo of exploder is a dead link.
However this page is a nice demo of the idiocy of microsoft. I recently heard a joke: "A computer without windows is like a cake without mustard"
There is no program that for any other program can decides whether
it halt or not. To decide if a program is malicous or not it's even
harder. Running an activeX control into an isolated system compartment could be a solution but the resulting restrictions may appear unacceptable for those which are only focusing on functionality optained with little effort. By the way we will get the same problems with mobile code with our PDAs and Cellular phones. It appear to me that we are no longer able or willish to lear from the past experinces und this is very bad.
<style>*,body,td{filter: flipv ! important}</style>
<applet>
how the hell do you get rid of activex, it wont let me open any documents or anything and it pissin me off. thanks
HI fred,
your work was neat.. you could have done much more then shut down a computer using that Active X script..
i read about you for the first time after i got the Hacking Exposed book. its' along with your source code of that program..
interesting.. if you have some more scripts care to contact me personally . at my e-mail add.
c'ya
HI, I always geet this ActiveX on the dialog box every each step of opening my yahoo, and because of this Active X, I cannot and not allowed to download nor to veiw all of my attachments. How can fix this, how can this Active X dissapear from my computer so I can veiw or download attachments. Thanks.
IT TAKES A REAL ASSHOLE TO TEACH PEOPLE HOW TO USE BOMBS AND VIRUS FOR THE PLEASURE OF SCREWING UP PEOPLES COMPUTERS....I HOPE THEY THROW YOU IN JAIL AND SHOVE A BOMB UP YOUR ASSHOLE...
On default, McAfee VShield will try to block the site mclain.wa.com... it's set up right when you install.... detects it as the XA/Exploder trojan. Congrats! You created a McAfee-Recognized trojan!
I'm still trying to get a virus kit... hackerscentral.net is having problems... I won't send the virii to people, just expirement with them... show fear to those I hate
dear sir:
If the ActiveX control has been downloaded,how can i know it in the web,how can i judge it in the program,most of time i use javascript,can i use some methods or some events to judge??
can you help me.
a chinese boy.
2002/01/20
<i>kjhkjhjhkj</i>
Check out the shirt. A Microsoft product that doesn't suck! Too damn expensive though. http://www.macevangelist.com/vacuum/
can someone mail me to help me?
I have just tried to download exploder..but it came with a virus...thought you should know
IM TRYIN TO GET ON A WEBPAGE THAT I GOT UN MANY TIMES EARLIER TODAY AND NOW THE SITE WONT LOAD.
THIS MICROSORT INTERNET EXPLORER THING KEEPS POPING UP AND SAYS:
AN ACTIVEX CONTROLL ON THIS PAGE IS NOT SAFE.
YOUR CURRENT SECURITY SETTINGS PROHIBIT RUNNING UNSAFE CONTROLLSON THPAGE.
AS A RESULT THIS PAGE MAY NOT DESPLAY AS INTENDED.
HOW CAN I CHANGE THE CURRENT SECURITY SETTINGS...
Great page !
@
Many of the Website's I'm visiting return with the message: "This page provides potentially unsafe information to an ActiveX control. Your current security settings prohibit running controls in this manner. As a result, this page may not display correctly." Your input is greatly appreciated.
Thank you.
I am unhappy with Active-X because I am unable to obtain access to simple situations like Court Forms in the US Court system because Active-X won't even let the page come up. It has become a very big nuisance. I had been able to bring up business forms and it's not just a situation of one or two, but nothing can be brought up. It's like Active-X has become exclusive owner of my system and it just goes too far. How can this be resolved or dismantled?
Very Nice Site! :)
interesting article...
i try to play cribbage at yahoo and i can because when i try now it says "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly. what does it mean? TELL ME PLEASE!!!
Erm, it did nothing. I got IE6 so that's probably why.
your web page sucks up the ass and i don't know how anyone can get anycrap from this crap from this web page it is just a bunch of BULLSHITED CRAP and i personally will not tell ANYONE about this fucking web site even if u paid me to. goodbye Rachael
Hi Fred, I agree!
If you ever need a German mirror site don't hesitate to
contact me...Chris
please could you tell me what active x is and how it works because my xp (norton anti virus) keeps saying that there is something wrong with my computer and the problem is something to do with active x
Can you please help me Iam new to this and every time I try to play a game it won,t let me because of my active x controls how can I fix this thank you !
Active X from a web site installed
the dotcomtoolbar and modified my
hosts file on Windows XP. I was no
longer able to use the default search
engine in the address bar of Internet
Explorer. I fixed it by reading these
web sites (which led me here.) I also
modified my C:\Windows\Web\related.htm
file so Google is the "Related Searcher."
Also, the last link shows me how to adjust
the options in Internet Explorer better.
Awesome web site here, thanks man!! :-)
hosts file fix:
http://www.imilly.com/google.htm
'Show Related Links' fix:
http://www.imilly.com/alexa.htm
Internet Explorer settings:
http://www.staff.uiuc.edu/~ehowes/btw/ie/ie-opts.htm#security
ps thank you,for the work you,did on exploder active x.thank you michael starre
What is the easiest way to get ActiveX off of your computer?
I have had much porn offensive material on my PC that is neither welcome or wanted in an attempt ot isolate this filth I altered the pricacy settings but someone somewhere is still getting through an altering the new settingds that I put in
HOW CAN I PREVENT THIS REOCCURRING NUISANCE
I CANT DOWNLOAD YAHOO MESSAGER BECAUSE THIS KEEP POPING UP WHAT CAN I DO TO MAKE IT STOP SO I CAN DOWNLOAD THING. PLEASE HELP
Well it looks like Sun and MS have buried the hatchet for a couple of Billion for Sun to settle the Java Case, It probably is a good thing!
IBM and Sun considering to take Java the Open Source route
Yummy Yum or what....
Da Slew
nice site, thanks!
Advance Solutions, Inc. - Your premier IT source company
http://www.advancesolutions.net
Just noticed that Norton Antivirus classifies exploder.ocx as a virus and blocks it. Not very helpful by the Norton guys, they're just helping MS to cover up their lack of security!
Hello...
I've been reading your info..
much to my liking...
I have a vary good question for you.
latily I had a friend download and put
a boting programe (3rd party program
for a game that we play online.
Along with it he put a active x control
in my windows system folder.
Idk if it help..but the file name was
Mswinsck.ocx
Now...
Botting requires the same password the
real game uses...and stores it in a text that
in a folder on my computer.
SO that the bot can relog if it get disscunected...
Now thats the back story...
what happend to me..that I'm asking you
may have been caused..or helped..
or created by the ActiveX control
is..
while botting my botting one morning..
not long after i got the program
my bot Disscunected.
which is normal...
But whats not normal is that when it tryed to reconnect
my password was changed.
I notice this and tryed to log on the game it-self..
with-out using the bot.
It finaly changed back but when it did all my
stuff had been taken off my characters..
I had been pritty much hacked somehow from
all my items...
I wondering if you know if a Active X program
could have anything to do with this.
I Suspect him of having took my stuff cause he dinizes
having instaled to program...
if you could pleaze e-mail me
( mind_cplx_virgo@hotmail.com )
about any info you about what could have happend
and how...and anything you know about what
the control could have contributed to the hack.
thank you for any thing you can do to help.
Oh and Ps...could this be tracked anyway?
would Game Master be able to find out if
anyone hacked into my account or not..
cause more then likely he hacked into my computer...
and idk how to find out how...
hope you understand all this..
and I hope you can help out...thank you.
I have a question. Recently I receive some weird messages while I am checking my Yahoo Email. It's something about ActiveX controls? How can I fix this problem? Also, from that moment my PC stopped identifying Cyrillic. Instead of Cyrillic letters there are question marks. What's the problem?
Cheers,
Mitko.
I have a question. Recently I receive some weird messages while I am checking my Yahoo Email. It's something about ActiveX controls? How can I fix this problem? Also, from that moment my PC stopped identifying Cyrillic. Instead of Cyrillic letters there are question marks. What's the problem?
Cheers,
Mitko.
Exploder is cool and all,but it is a trojan,so why would anyone want to have there computer raped?????
Chris
YOU R COOL, BUT REALLY YOU SHOULD HAVE MORE GUTS AND HAVE A DEMO OF YOUR PRODUCT ON THIS PAGE SO YOU CAN TEST IT OUT ON ALL THE NEWBIES
I caught AX/Exploder today, but my Anti-Virus program removed it. It really woke me up. Here I am! In 12 months of heavy use, nothing, now my cherry is popped.
congratulations ! it works very well ! i'll try it under SCO unix and give you a report.
Greetings
martin
I found your site to be most interesting, but I have a question: Can you tell me where to find a plugin that will let Netscape 3.0 & Netscape Communicator view Active X? I tried NCompasslabs.com, but they do not seen to have their captivex plugin listed.
I have a MAJOR problem. I have Windows 95. I wish, trully wish, that I could find an operating system that tops Win95 bigtime (not a hard task, surely), and also have great functionability, graphics, speed, desktop, game availability, and all around easy to find upgrades and downloads, all while being affordable to us not-so-stocked as "Gil Bates" bank accounts. I HATE Win95, I'm ALWAYS being booted, nuked, outdated, used, cancelled, lost, etc., etc., etc.
CAN SOMEBODY HELP ME!? I'M DYIN' HERE!! CLUE ME IN ON WHAT I NEED!!!
I'm begging you guys! Have mercy!! HELP!!!!!
P L E A S E---R E S P O N D--T O--M Y--P L E E S--F O R--H E L P!!!!
Good site!
I allmost never sine these things!!
Hi,
I am facing a problem with ATL. I created an ActiveX control based on Button class. And when the button is pressed, i am invoking the property sheet of the control (to show my property pages) using DoVerbProperties. Now one of the parameters of DoVerbProperties is
a RECT parameter for specifying the co-ordinates where the property frame should be displayed. But in my case the property sheet window pops up anywhere and not based on my input argument of the RECT structure. Kindly help me in achieving desirable positioning of the
property sheet window.
Atul Ratra
I like the activeX app, could you make a script to open Netscapes Security bug in Java? the bug you can access another person's HD with? if so that would rule!!
Look, I have read all your faqs and etc. But I've got the same prob. like everybody who visits this page, when we try to downlaod the source - FILE NOT Found !!!! Maybe don't be so lazzy and fix it, what do you think about it ??? Sorry for critic, but that's my small opinion
Hi Fred,
You really show those incompete freaks at M$. Nice work ActiveX is is serious flawed in security.
Fred can you mail me the source code, interesting wish to have a look at your work.
Thanks
With all regards keep up the good work.
Ken
I took the exploder source (and many other things) off the server due to disk space limitations, but I will e-mail it to you upon request.
When I try to download Exploder's source code I get the following
message:
File Not Found
The requested URL /mclain/ActiveX/Exploder/Exploder1b3.exe was not found
on this server.
So, where can i found the Exploder's source code, please?
Hi Fred!
I'm working on my degree thesis about DCOM vs CORBA, and I found a very, very interesting reading about ActiveX here. Thanks a lot!
Hi Fred!
I'm working on my degree thesis about DCOM vs CORBA, and I found a very, very interesting reading about ActiveX here. Thanks a lot!
Fred,
I am new to msn,I was hoping to play in the gaming zone.Everytime I get close to playing a game a note comes up and it says something is not right in the activex file. What is this and how do I fix it?I dont remember downloading anything with this file.
I would appriciate you help . thx
I am a college student who has to work with others to create a group of Web pages that contain information about ActiveX. Before beginning the research for this project, none of us knew what ActiveX was. Now, thanks to Mr. McLain, I think I have a basic understanding of it. Thanks for the information!
Hey Folx !
u have nice sites...thx 4 the exploda ;)
Just do it in my homepage source ;)
cya ur 2b!
Copenhagen 11. jan. 98
A number of danish banks are planning to launch internet-banking in this year. According to the country wide newspaper 'Politiken' they are developing solutions based solely on MSIE 4 and ActiveX, despite the bad reputation of both. Furthermore Netscape-users will be forced to install and use 2 browsers, one of which is otherwise superfluous.
In an attempt to fight this scenario I am looking up articles that can discredit ActiveX. Unfortunately most of your references (about EXPLODER in the news) seem to be out of date. The links are functional, but the articles are not found. - May I suggest that you retrieve the articles in question and store them permanently on your own site.
regards
Claus Alsted
This is good material. With any technology there is a flaw. This is it. I would like to see more hostile ActiveX apps to PROVE the danger here. A word about Microsoft: I wouldn't use their products if they were the only software company in the world (which will become a reality if they keep up). I would write my own stuff. If they 'owned' all of the programming languages then I wouldn't use a computer.
werd =]
I demonstrated exploder on a local web site. As a result it was
decided not to use internet explorer in our company.
What about this scenario:
An ActiveX control - which may itself install in the autostart folder
or as a demon - reads commands from an externel web page, executes
them an sends back the output via mail or ftp.
Looks like pidgin telnet.
Hi, I am new to ActiveX and I am currently trying to create some controls.
How do I get my button control to call some functions from a DLL and display the results in another controls?
I intend to place the controls in a Web page and I understand that VBScript does not support DLL, is there any way that I can solve this?
Any help is greatly appreciated. Thanks
Clifford
Good stuff. Microsoft has generate a lot of good technology but is
unable to recognize its own failures or accept standards which it
does not invent. (i.e. Java, CORBA, ...) ActiveX/COM/DCOM are hacks
built on some kludge to get data from one program to another on
a desktop machine. This just does not scale to the web or a
distributed computing environment. Microsoft would be wise to move to a distributed computing technology to perform distributed computing.
Microsoft's battle with Sun over Java 1.1 should be interesting. My
understanding of it is that MS has added features in the awt (user
interface area) and not implemented rmi (remote method invocation)
which Sun has choosen to align with OMG's CORBA java mapping. Both
of these actions are at odds with the "Write once, run anywhere"
concept of Java.
K3wlne$$!
keep up da g00d work!! :)
Exploder work in Front Page 98 editor!
Interesting reading.
Alan Watson
When a security bug is found on Netscape, Micro$oft says: "Oh no Netscape is unsafe. Stay away from Netscape" Then when a bug is found on MSIE, Micro$oft says: "Oh well, another development bug.", and people dismis it. I just don't get it...
I tried exploder using IE 4.0pp2 and it didn't work at all (security set to medium)
someone crashed my computer in a chat room , how did they do it.
someone crashed my computer in a chat room , how did they do it.
Can you please help me I am disabled and have downloaded everything that I can to get activex working and the more I download the more I get confused? If there is a way that you or your team can help it sure would be appreacated. Thank You Michael P Hetes TAZ1397@prodigy.net
I am looking for a NETSCAPE plugin to view VRML files for
HP-UX 10.2. Any suggestions where I could find one?
I had to try this ActiveX control. I'm currently using a PowerCenter 150, a Mac clone. But I do have SoftWindows95 with Internet Explorer 3. I logged into your page and tried Exploder. It shut down SoftWindows 95, sure and shootin'!
Marc Hoffman
Thanks for posting the source code for
Exploder. It was clear and understandable even
though I had never seen an ActiveX control
before.
I started Windows NT 4.0, and tried exploder,
but it didn't shutdown. I added this code:
HANDLE TokenHandle;
TOKEN_PRIVILEGES tpNew;
OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES, & TokenHandle );
/* adjust one privilege */
tpNew.PrivilegeCount = 1;
/* get value of privilege to set */
LookupPrivilegeValue( "",
SE_SHUTDOWN_NAME, & tpNew.Privileges[0].Luid
);
/* enable this privilege */
tpNew.Privileges[0].Attributes =
SE_PRIVILEGE_ENABLED;
/* ask for privilege to be enabled */
AdjustTokenPrivileges( TokenHandle, FALSE,
& tpNew, 0, NULL, NULL );
... and it worked like a charm.
Thanks again.
Neil Waldhauer
Me parece muy bien su web, actualmente estoy leyendo sobre ActiveX y OLE.
Me gustaria mantenerme en contacto con ustedes
Thanks for your pages, you perform a real service! It is a shame though to see so many religious observations in the guestbook - prejudiced comments are not trustworthy.
There are security holes in virtually any system. Surely Netscape
plug-ins offer a security threat. There is a need that plug-ins and
ActiveX attempt to address. The MS approach appears flawed but
a genuine attempt to supply the desired functionality while attempting
to address security. I also fail to see the virtue in Netscapes refusal
to support ActiveX and authenticode. ActiveX is currently far
superior to Java for Intranet solutions (because you can develop
faster) - I'd like to be able to use Netscape as the browser, use
ActiveX for Intranet applications and prohibit external ActiveX (or
Active X from unapproved sites).
Any recommendations on sites that discuss security, the desire for more powerful Web pages and real solutions without bashing a
particular approach? Also, what happens with medium security when
you attempt to download a signed activex control - some of what I read implies it just runs, some implies you get a chance to read the signature info, post a question, etc and then accept - I have no way
of knowing since I don't know whether I've ever hit a signed control.
BTW, MSN appears to require a Medium setting (though I hate to
encourage MS-bashers...) - I've had problems with their pages with
High set...
huh-huh, huh, huhuhuhuh, huh-huh, microsoft.
Well done, Fred, you've *proved* that M$ are incompetant, whereas I can only keep saying it :-)
You know what they say:
It said on the box, `Windows 95 or better' so I ...
a) bought a Mac, or
b) installed Linux
Cracks me up every time.
Emmet,
Hi folks!
Well, I'm back from Java One in San Francisco where we showed my new OuterLimits ActiveX control. It played as the final demo for Scott McNiely's (chairmand & CEO of Sun Microsystems) keynote presentation following the Bill Gates keynote of the night before. SF was beautiful, and the demo caused a major stir.
I'm wondering if I'm the only one to notice something about Internet Explorer. In the upper right had corner there's an animation. It's the earth spinning around, and it appears MS has put images of comet Hale-Bopp in orbit around the Earth. Not only that, but if you look very closely, you'll see a small bright spot following it. Although the government and Microsoft have tried to suppress these pictures, the spacecraft really is there in release 3.01!
I believe this bright spot is an alien spacecraft. If we trade off these old operating system components (ActiveX, OLE) like a used car, the aliens will take us with them! I recommend you all pack your bags and leave them at the foot of your bed. Then take a large dose of Netscape Communicator, and kill your Internet Explorer.
See you in the stars!
-Fred-
Exploder has certainly opened my eyes a little further. As an embedded systems software engineer, I am subject to reprimand if I create a poorly designed subsystem. Microsoft issues another release, and charges an upgrade price for their fixes. The market demands are different... However, ActiveX is not perceived to be poorly designed; therein lies a problem. I demonstrated Exploder to my wife; I think switching to Netscape may now have more importance to her.
Question:
Before I switch to Netscape, I would like to remove Exploder from the registry and my hard drive, can you recommend a utility? (ActiveX Cavator?)
Exploder has certainly opened my eyes a little further. As an embedded systems software engineer, I am subject to reprimand if I create a poorly designed subsystem. Microsoft issues another release, and charges an upgrade price for their fixes. The market demands are different... However, ActiveX is not perceived to be poorly designed; therein lies a problem. I demonstrated Exploder to my wife; I think switching to Netscape may now have more importance to her.
Question:
Before I switch to Netscape, I would like to remove Exploder from the registry and my hard drive, can you recommend a utility? (ActiveX Cavator?)
It had to be done sooner or later...I'm glad you wrote that
CaptiveX control, illustrating the inherent risks involved in
a stupid brain-dead 'license-plate' security system. Once again
Microsoft flaunts the volumes of information and experience out
there with respect to security, and tries to pass Authenticode
off as secure using pure marketing force alone.
My condolences on the trouble with VeriSign. On the other hand,
this kind of retroactive 'security' that VeriSign and Microsoft
are proposing (pursuing hackers 'legally' after the fact) is nothing
short of comical. I see you are in the States...what if someone
did what you did (getting a 'dangerous' control signed) over
in Europe? Then VeriSign's and Big Brother Bill's (daddy's) lawyers
wouldn't be able to do a damn thing. THIS is the kind of 'security'
Microsoft is pushing? Wait for something to explode and then go
after the person who caused the explosion? Christ. Then again,
this is from the company that pioneered the whole "If it stops
working, just re-install it" philosophy.
Another thing: I see people (the press mostly) harping on the fact
that you got paid by Sun to write the Limits control. I say big
deal. Who cares? You were contracted out to do a job. Good for
you! These days it's hard enough to find work. It just so happens
that this work involved exposing the serious flaws of a broken
system called ActiveX.
Anecdote:
When the ActiveX and 'shortcuts' holes in IE 3.0 were found recently,
some Microsoft-loving consultant from god-knows-where called up
the company I work for practically hyperventilating about the
IE 3.0 bugs, desperate to 'assure' us that the bugs would be fixed,
and that he didn't want to see us running over to the Netscape
camp. It's sad to see so many people ready to defend everything
Microsoft does as a work of God.
(personally, I web-browse with irritations like JavaScript
ActiveX disabled. I pine for the days when web browsing was
_just_ web browsing, not a 3-ring circus with every bell and
whistle out there attached with duct-tape).
Hiya Fred! I c that they paid you some bick buck to do that Outer Limits thingy! Nice going man! Do, by any chance, realize how much value this ActiveX Controll has? A desperate compnay like perhaps a telephone company would pay you tens of thousands of dollars to buy the controll from you. Gee, you whiping up a hacking deivce and got praised form Sun Microsystems for it! WOW. Wish I had that talent. Write a book about it. It would sell.
Great page and good examples keep it up !!
I wanted to see your exploder, I'm using Internet Explorer 3.01 with no security patch, my security level form ActiveX was at none and my machine didn't reboot because I had a file that wasn't save in NotePad, I simply receive a message to save my file like if I accidently close NotePad. I just click on CANCEL, and nothing append after, my machine didn't reboot.
Any way it's nice to know those security problems.
Good work Fred !
Just out of curiosity:
Would it be possible to write an ActiveX control that downloads and
installs Netscape Navigator, then deletes EXPLORER.EXE? I'm not
suggesting anyone actually write it; I was just wondering if it
would be feasible.
I have Netscape 3.01 - I am a VB programmer fairly new to the Web. It appears that Netscape cannot handle an .ALX (active X layout) embedded in an HTML page via <DIV> is this correct? Are there any later versions of Netscape that WIll do this? Will netscape ever support ActiveX / VBSCript? Any assistance or pointers to relevant web pages would be appreciated, thanks.
Brian Fitzpatrick
FITZPBM@KELLYSERVICES.COM
Hey ! What's the matter ?
Do you REALLY think this will do anything on Microsofts politics ?
Everybody knows that the declared goal of Mr.Gates is an unlimited access to everything every person has, does, owns, loves, dreams of, and they will not stop creating activeX controls that will enable them
FIRST to read your hard disk contents through the internet and checkout what software you 're running and
SECOND watch you doing your bank jobs with quicken and
THIRD (things even Stalin wouldn't dream of)
But this is OK, we all love them and buy them and kiss their as...
Who in this world will stop these betrayers and will start building computers that work properly, create software that really does what it is supposed to, not more or less, and free us from their great might ?
Maybe it's too late...
Greetings from colder getting Earth
Mathew
Fred, if you ever need Swedish mirror site don't hesitate to drop me a line!
It's been a while now since Exploder generated its original storm
of media attention, and it's kind of neat to look back with hindsight
at what happened.
Microsoft pretty much ignored it.
Yup, it hasn't changed their plans one bit. They claim that
authentication will take care of all the problems like Exploder
(the people on comp.risks have pretty much shot down any
arguments about _that_ the last few days) and that ActiveX is
really what people want for, to paraphrase, "rich web experiences",
whatever that means. Heck, they've even been throwing us full
spread ads in Wired about how you can make really cool web pages.
The truth is, Microsoft isn't interested in security. They don't
even concern themselves with the stability of their flagship operating system, nor one of their biggest products, Word. Quite frankly, I don't think Microsoft could write a secure component system suitable for web use if you were to chain Gates up in the middle of the Redmond campus with a small nuke. I don't trust their Java implementation either.
Yeah, I'm sure the marketroids would point me at their security advisory web page and say "but look, we're concerned. Really!" You know, the one that has about the same sincerity and goal as McAfee's Michelangelo press releases. The one that harps about how Microsoft is the safest way to cruise the net while offering patches for the three major security holes that have cropped up in the last two weeks alone. Not counting the ones that the public hasn't been told about.
Personally, I don't think we're going to get Microsoft's attention until someone finds a way to subvert a shrink-wrapped ActiveX control (like one that comes with MS Explorer) into reformatting a hard drive. A control that doesn't use Authenticode because Microsoft ships and installs it with your browser. One that's standard on all Windows platforms. If that doesn't clue them in, the only other approach is a gang of
hackers with LARTs ambushing Gates as he leaves his office. Or that nuke I mentioned.
My only bitch right now is that Java is still a little immature. Yeah, I know everyone and their brother is coding Java right now this minute. I'm not going to be comfortable with the language for at least a couple more revisions. But since it's the worlds only chance against ActiveX, I guess I'm stuck in the reluctant advocate role.
Anyhow, Fred, nice work with Exploder. It's really just the APM equivalent of "Hello World!", but it certainly touched off a flurry of concern in the thinking part of the computer world. Which, as you may have gathered, doesn't include Microsoft.
c.
Thanks for helping defend Netscape's rightful position as leader
in the market... If MicroSoft takes over then efficient coding
will become a crime... because it threatens them... MicroSoft
is getting to used to being able to set the standard, now they
expect to be able to produce huge, fat, slow, insecure garbage
and pass it off as the "standard". I really hope they don't get
very far. I also despise MicroSoft for the way they use lawers and money. They seem to think that as long as they have both, it doesen't
matter what they do.
PS - I used to be at least neutral to MicroSoft, until I saw them making their products incompatible, slow, fat, etc. a few years back.
Since then I've severely disliked them for their boated software and
monopolistic, anticompetitive practices.
you throut the trout...
Thanks a lot man...
Microsoft...
No comment!
Thanks for the extremely interesting pieces of information about ActiveX You and Your guests have provided here.
Keep up the good work!
The german iX Magazin just published an article about the
security lacks of Active X. They demonstrated this by
programming an active-x-control that uses Quicken to
get access to the users *BANK ACCOUNTS* !
http://www.heise.de/ix/artikel/1997/03/090/
There is also an englisch version available for the not to
well german speaking :-)
I'd just love to have some nasty ActiveX scripts, I just love to abuse those guys.. But whatever, netscape, os2 and linux forever.. :)
All of the Microsoft propaganda about ActiveX says that it is
superior to Java. I write software in Java, Visual C++, and Visual Basic. ActiveX is becoming a big part of how I will continue to make a living. I would like to make some unbiased points:
1. Internet Explorer's Java Interpreter and the jview.exe application interpreter provided with Visual J++ are not totally compatible with bytecode that runs on Netscape or the Sun bytecode interpreter. A fundamental concept of Java is that bytecode is bytecode and should be compatible across ALL platforms. As far as I'm concerned, a bytecode intepreter that can't handle all of the bytecode generated by the Sun Java SDK is worthless.
2. I have run into problems using bytecode compiled by the Visual J++ compiler on a Solaris machine and now exclusively use the Sun SDK for compiling Java. Again -- bytecode should be bytecode. If it runs on Win95 but won't run on Solaris, I'm not interested. If it runs with Microsoft's jview, but not the Javasoft interpreter, I'm not interested.
3. My personal opinion is that Java is an excellent programming language. It is designed from the ground up for GUI environments. It has a powerful and consistent function set. It is portable even when compiled. No other language has all of this. For these reasons, I think Java deserves more than just a chance in the market. It deserves to be recognized as a serious language for application development -- just like Visual C++ and Visual Basic.
4. ActiveX is Microsoft-specific. If I want to write a Java applet or application, all I need is a text editor and the free Java SDK. If I want to write an ActiveX application, I need a not-free Microsoft Development Studio.
5. Given all of this, is it any wonder that Microsoft is pushing ActiveX as a Java-slayer? With Java, Microsoft is forced to adhere to someone else's standards -- something which Microsoft clearly does not do well. With ActiveX, Microsoft gets to set their own standards -- s
omething to which Microsoft has grown very accustomed.
6. Lest you think I'm just another Microsoft-basher, I should point out that I use their software regularly and generally have been happy with it. I frankly don't care how much money Bill Gates has. I will buy whatever product makes my job easier and keeps my boss and customers happy. It was not until Microsoft began their anti-Java/pro-ActiveX disinformation campaign that I began to take issue with them.
I would welcome comments from anyone else regarding this.
hey fred!
keep exploding! it's great! and if anyone asks, i've got a demonstration of an (older?) version of the exploder on my site at http://www.aa.net/cotc/explode/
EXPLODE MICROSLOTH!
did you Sacrifice your Vegetables today?
So....
I got this funny thing happening everytime I turn on my computer, it turns itself off... WIN95 never booted down so fast..
So How do I recover from this one?
Thanks
JScott
Poor Unfortunate Software Marketing Goob! On the road...
Victor,
Try reading the FAQ about Exploder I think it answers this question. The API call is only 1 line of code. The problem is that you can do this via a web page. Prior to ActiveX, a person's computer was pretty much safe browsing the web provided you didn't intentionally download anything. My worry is that people still believe the web is safe and don't know that ActiveX isn't.
-Fred-
I'm not impressed by Exploder. I've been developing ActiveX controls
for six months and Windows software for three years. This is no
different than some dumb shareware program someone might get
by anonymous FTP. Why the big deal over one Windows API call?
Probably because computer journalists are notoriously stupid
especially when things look like magic. I'm willing to bet
anyone $100 I could write the same code using the Wizard in
about 10 minutes.
I'm sorry I just don't understand what the problem is here
folks. Is the problem that the power API that has been around
for years and nobody noticed it? I wrote a story on it myself
about five years ago.
Glen,
I doubt much would happen on a Mac. Exploder is native x86 code written as a 32 bit OCX. It also calls a Win32 call ExitWindowsEx() to do the shutdown. Right now it only seems to work under Win95 and MSIE 3.0 or later.
Jack; Yer welcome sir.
Fred,
Thanks for Exploding the myth of security surrounding ActiveX. Now you have introduced us to Runner which will make life so much more interesting. Keep up the good work.
What implication does exploder have for those of us who have something other than a Wintel running Windex 95? I run a Macintosh 7100. If I run explorer on it, then what would happen to it if I tried to run Exploder? (I still use Netscape 1.1, and have no financial motivation to downgrade to a newer product).
Folks,
I've made a space here for you to enter your comments and questions
about ActiveX, Java, Exploder, and things like that. Enjoy!
-Fred-
