Category: Computer/Network>> Software
Problem description:
As in the title
Analysis:
According to As defined by Microsoft's authoritative software development guide MSDN (Microsoft Developer Neork), ActiveX plug-ins were formerly called OLE controls or OCX controls. They are software components or objects that can be inserted into WEB pages or other applications.
On the Internet, the characteristics of ActiveX plug-in software are: general software requires users to download and install it separately, while ActiveX plug-ins can be automatically downloaded and prompted by the IE browser when the user browses to a specific web page. User installation. A prerequisite for ActiveX plug-in installation is the user's consent and confirmation.
ActiveX plug-in technology is an internationally common software technology based on the Windows platform. In addition to network real-name plug-ins, many software are developed in this way, such as Flas *** playback plug-in, Microsoft MediaPlayer plug-in, CNNIC universal website plug-in, etc.
How does the browser ensure the security of ActiveX plug-ins?
When software is distributed through the Internet, software security is a very noticeable issue. IE browser ensures the security of ActiveX plug-ins in the following ways:
ActiveX usage Two complementary strategies are provided: security levels and attestations to pursue further software security;
Microsoft provides a set of tools that can be used to increase the security of ActiveX objects;
Through Microsoft's verification code tool, you can sign ActiveX controls, which tells the user that you are indeed the author of the control and that no one else has tampered with the control;
In order to use the verification code tool to sign the component , a digital certificate must be obtained from a certificate authority; the certificate contains information indicating that a specific software program is genuine, which ensures that other programs can no longer use the original program's identity. The certificate also records the date of issuance. When you try to download software, Internet Explorer verifies the information in the certificate and whether the current date is before the certificate's expiration date. If the information is not up-to-date and valid at the time of download, Internet Explorer will display a warning;
In IE's default security level, before the ActiveX control is installed, users can make their own decisions about the software publisher and the software. Depending on your trust level, decide whether to continue installing and running this software.
The network real-name plug-in is signed with a digital certificate issued by the international authoritative security manufacturer Verisign, thus ensuring the authenticity and security of the network real-name plug-in.