Greg. You hit my point exactly on the head. Your statement that the
ActiveX technology is secure in the sense that it only makes your machine
insecure if the system administrator allows it, is the sticking point of
this technology. Remember I said that this technology could potentially
open security holes, not just for the machine on which the technology is
being used, but also for other machines on the local area network. If I am
the security czar for a corporation and I am concerned about my internal
corporate networks, and if I have a user who needs to use the ActiveX
technology to gain access to his workstation, but that technology also
has the potential for allowing unauthorized access to other machines on the
network to which he is connected, then I either need to put him on his own
isolated network outside of the company fire wall, or I have to consider
not using him in that department because the risk of exposure is too high.
The good thing about ActiveX technology, as I seeit, is that if it is a
standard technology which everyone uses and understands, then the cost of
assessing the security risks of a particular access package are no
greater than the costs of assessing the security risk of other packages which use the
same technology. On the other hand, if, as you say, I should not be
"fooled by the name", and in fact the access portion of ActiveX uses a
technology which is different than other portions of ActiveX, then the cost
of assessing the security risks of access packages becomes much greater
than the cost of accessing other ActiveX technologies, simply because the
access market is such a niche market. We learn, time and time again, that
"security through obscurity" is a sure recipe for trouble, and I would hate
to have to ask my employers to rely on that policy in order to give me the
access I need.
We as blind people must have the ability to perform real work on real data
on real networks that carry valuable data for our employers. It is my
belief that, to date, the issue of what security risks the new generation
of access technology bring to the party have not been thoroughly explored.
I believe that in order for this new technology to really achieve its goal
of providing the tools necessary for the blind to perform competitive jobs
in the workplace, this technology has to be as close to air tight in the
security realm as possible. Blind people, and other people with
disabilities as well, have enough barriers to gain employment as it is.
The last thing they need is to have to admit that there might be an
increased risk of unauthorized access by outside parties to data in their
general corporate vicinity.
this problem is not an easily solvable problem, nor do I expect
that we will be able to make access technology totally secure in this day
and age of complex systems. However, I would like to think that the access
providers are now beginning to consider the security ramifications of the
software they are beginning to write and use. In the case of ActiveX, this
means all portions of ActiveX in all modes of operation. Microsoft, in its
role as an access provider, should thoroughly explore the security
ramifications of the access portions of ActiveX, as well as the rest of
ActiveX, when that software is running on stand alone workstations,
multiuser servers, and multipurpose servers. It is not good enough to
restrict Access technology to stand-alone single-user workstations, or to
simply say that the software is secure by virtue of the fact that it
doesn't reside on those systems deemed to be secure. Blind people need to
be able to work on the same servers as their sighted colleagues in order to
perform the same tasks. The methodology used to accomplish the work may be
different, but the work must be able to be done.
This technology is young enough that if access providers begin examining
their existing software for security holes, and designing software with
security in mind, then I believe we can achieve our goal of having secure
access technology. If we wait a year, however, I believe we will have a
lot of trouble digging ourselves out of the security grave we have dug.
Let us have assurances from the access providers that they are designing
real security in their products. Then let us see technical papers
describing what steps they have taken to insure that their access products
are secure.
-Brian
On May 16, 10:43pm, Greg Lowney wrote:
} Subject: RE: ACTIVEX, MICROSOFT, ACCESSIBILITY, AND THE POLITICAL STRUGGLE
} Brian, on Windows NT today it is possible to run applications that
} watch keystrokes, simulate keystrokes, and do other things that would
} normally constitute a security violation. The key is that not just any
} application can do these things. You cannot accidentally load a trojan
} horse which will capture your password, because applications that want
} to do that kind of thing must be explicitly installed by the system
} administrator and given permission to do them. Without that step, the
} operating system functions to watch all keystrokes would simply fail.
}
} This is also the solution to the dilemma of running accessibility aids.
} If they do things that violate security, they must be installed by the
} system administrator. (Of course, on a single-user workstation the
} user is the administrator, but they would normally keep a separate
} account for doing administrator tasks, to prevent them from
} accidentally breaching security during normal operation.) And if you
} think about it, this is not a big leap from what's already true in
} other areas: a display driver, for example, inherently violates
} security by monitoring all output to the screen, which is why only the
} system administrator gets to install a new display driver.
}
} As for security aspects of ActiveX technologies in general, I'll only
} say that ActiveX Accessibility leverages several other ActiveX
} technologies, but don't let the name fool you: they're not all the
} same. If someday it were shown that ActiveX controls on web pages was
} a bad thing, that would not have any effect on the ability to use
} ActiveX Accessibility for cooperation between an application and an
} accessibility aid on the same machine.
}
} Greg
}
} ----------
}
>-- End of excerpt from Greg Lowney
This archive was generated by hypermail 2b29 : Sun Dec 02 2012 - 01:30:04 PST