In it's haste to alleviate concerns over widely publicized security holes in it's ActiveX technology Microsoft (MSFT) is inadvertently providing some of the best reasons yet to switch to Network Computers.

At 3 a.m. this morning NCNS received an e-mail "News Flash" from Microsoft's Sitebuilder Network apparently intended to address the issue of what it calls "malicious unsigned controls".

According to Microsoft:

"Malicious code can be written and disguised in many ways - within application macros, Java(tm) applets, ActiveX(tm) controls, Navigator plug-ins, Macintosh(R) applications and more."

In other words, Microsoft is telling us that any time a PC connects to the Internet there is some risk of encountering malicious code.

The "News Flash" goes on to say that Microsoft has set up a Web site, the Web Executable Security Advisor, to spread word of the power and pitfalls of other Internet programming technologies with PCs. For those who missed it, the company decided to set up the site after a highly publicized incident in which a group of German hackers showed how an ActiveX control could be used to trigger unauthorized bank transactions (see the link at bottom of this page).

Microsoft acknowledges that Sun Microsystems has made it much more difficult to perform malicious acts through Java by creating a virtual "sandbox." The sandbox prevents applets from potentially risky maneuvers such as reading or writing files on a hard disk.

What Microsoft fails to mention is that NCs are immune to ALL malicious code. By eliminating the hard disk, or replacing it with a "removable storage medium" such as a Zip, or Jaz drive the user (and his hardware) is fully protected from malicious code. Just pull the disk, and shut down after use, and you're clear of any malicious code.

A user of Microsoft's Active X newsgroup said it best:

"If you are worried about someone putting a malicious program on your machine you better remove your modem, CD-ROM and floppy drive from your machine and let only yourself use your keyboard. This is the only way of protecting your machine completely."

Great idea! But, we'll keep the modem, and CD-ROM, , and trade the floppy for a zip drive, thank you!

Other users expressed more concern that non-malicious programs might inadvertently hurt their computers.

"The thing that scares me about [ActiveX] is not malicious people so much as incompetent ones," wrote another user on the same newsgroup. "Look at what [Microsoft] betas can do to an installation, look at the questions of Visual Basic authors on the newsgroups, and imagine those people installing [ ActiveX] controls onto your machine." (Note that NCNS had a PC motherboard toasted by the first beta of Microsoft's FrontPage authoring tool!)

Microsoft's security Web site also said that it would host a discussion with customers in mid-spring to discuss Internet security.

Related Information:

Exploder FAQ Fred McLain, Exploder's author, provides updated information

Deadly Controls HotWired/Packet - Simpson Garfinkel

New Java Sandbox Model Provides Compelling Reason To Dump IE 3.0
HotWired/Packet - Simpson Garfinkel

ActiveX Used To Manipulate Bank Accounts CNET - Nick Wingfield