Transcript DCOM`s ActiveX versus Java`s JavaBeans and CORBA`s IIOP

Distributed System’s Middleware:
DCOM's ActiveX versus Java's JavaBeans
and CORBA's IIOP
COM
• Component Object Model or Common
Object Model
• Promoted by Microsoft as a generalpurpose architecture for building
component-based software
• Main purpose was to define reusable
objects for which designer could use to
create larger systems from these objects
COM continued
• Allows developer to create COM objects
not specific to any languages or platform
as long as they stick to the binary structure
Microsoft proposed.
– Can interoperate with each other
Introduction to DCOM
• COM on a wire
• DCOM stands for Distributed COM
• Basically, DCOM allows use of component
objects present on different machines
either within or across networks
• Put in another way, DCOM is COM on
steroids.
ActiveX
The Chaos Computer Club of Hamburg, Germany showed how
to move funds from one back account to another - all using an
ActiveX control. This control tricks finance software Quicken
into removing funds from a user's account when a user logs on
to their bank. Microsoft, the developer of ActiveX, heard
about the incident after receiving a phone call from someone
in Germany who viewed the Chaos Computer Club's story on
German national television.
This incident illustrates the potential dangers
associated with ActiveX. Unlike Java applets, which are not
capable of reading or writing to local files, ActiveX can do
nearly anything.
Microsoft plans to launch an ActiveX education campaign
in response to this attack.
Some Quotes
• “Microsoft's core competency is monopolization” Steve
Litt, 9/6/2000
• Yesterday OLE, COM, DCOM, MFC, IIS, ASP. Today C#
and Microsoft.Net. What next? The Open Source world
is one of continuous improvement. The Microsoft world is
one of continuous U turns.
• Getting back to technology selection. There are some
who believe Microsoft's line that their software provides
"interoperability". Don't fall for that line. Microsoft's
technology provides crash-prone non-modular systems
whose primary design feature is to enhance Microsoft's
monopoly power. You can do better than that. Just say
no to Microsoft.
Introduction to ActiveX
• Set of technologies that enables
interactive content for WWW
• Can be invoked from web pages through
the use of a scripting language or directly
with an HTML object tag
• Can be signed or unsigned
– Signed control provides a high degree of
verification that the control was produced by
the signer
ActiveX continued
– Doesn’t guarantee the trustworthiness of the
control’s intended functions.
• ActiveX are binary code
• ActiveX executables can be configured to
run in certain machines, under certain
conditions
– Allowing for scalability
– Allowing for increase security
DCOM/ActiveX vs CORBA vs Java
• Openness
– Java, CORBA : yes
– DCOM/ActiveX: somewhat
• Platform Independence
– Java, CORBA: yes
– DCOM/ActiveX:no
Why DCOM/ActiveX isn’t as platform
independent as Java or CORBA
• “Microsoft unapologetically will make sure
ActiveX works best on Windows” –Bob
Muglia, Microsoft (Source: Client Server
News and Red Herring Magazine)
• DCOM/ActiveX isn’t supported on MSDOS or 16-bit Windows environment
Comparisons continued
• Language Independce
– Java: no
– DCOM/ActiveX: somewhat
– CORBA: yes
• WWW support
– Java: yes
– DCOM/ActiveX: 32 bit windows only
– CORBA: yes
Comparisons continued
• Scalable?
– CORBA: definitely yes
– Java: more so than ActiveX
– DCOM/ActiveX: no
• Security:
– CORBA: yes
– DCOM/ActiveX: no
– Java’s JavaBeans: yes
Comparisons continued
• Benefits:
– ActiveX: a. reusable components
• b. has more capabilities than Java’s JavaBeans
• c. are available to meet many needs and
functionalities
– JavaBeans: a. reusable
• b. secure
• c. trusted JavaBeans has more functionalities than
regular applets.
-CORBA: a. mature
Comparisons continued
• DCOM’s main competitor is CORBA;
whereas, ActiveX main competitor is
Java’s JavaBeans
• CORBA and Java complement each other.
Fallacies regarding ActiveX
• All ActiveX controls are unsafe
• All ActiveX controls either are the same as
regular executable files or differs from
them completely
• ActiveX controls make IE unsafe due to its
lack of security
• ActiveX controls are safe because they
are signed
Fallacies continued
• All ActiveX controls problems can be
avoided if you just avoid using IE
ActiveX Security and Risks
Can be divided as follows:
1.Imported/Install Controls
2a. Scripted Controls
2b. Execution Controls
Imported/Installed Controls
• Has no way to measure their capabilities
– Should be base on the source of the control
– Inadequate for 2 reasons:
• Signer of control may not be able to determine the
control safety as the end user is
• End user must trust the distribution sequence. That
is, it wasn’t modify somewhere in that distribution
sequence to make it malicious
• Signatures persist
Imported/Installed Controls
• Controls need only be registered once per
machine
– Will lead to problems if a machine is shared
by multiple users. Any one user is capable of
downloading a control, at which point it is
available to all the users on that machine.
– Even worse if the machine is shared on a
network
• Controls does not always has a solution to
a particular vulnerability.
Scripted Controls
• Responsible for implementing their own
security
• Can be used in ways that were unintended
by its original author. Can lead to
unexpected behaviors that could be
exploited by hackers
• Can invoke other controls without the user
knowledge.
Scripted Controls
• Can escape the confines of the IE’s
environment
• Controls’ engines might not provide IE’s
security regarding ActiveX
• Its cross-site scripting is poorly understood
– Can lead to vulnerabilities regarding crosssite scripting attacks
Execution Controls
• Running controls has more capabilities
than tools that run strictly in IE’s
environment
– Due to fact it is native code
• Running controls can be based on IE’s
securities. However, ActiveX controls do
not rely on IE; can be installed and
executed without using IE.
Execution Controls Cont.
• Running controls run under the privileges
of current user. No known way of
restricting its privileges
• Running controls do not have an effective
level of abstraction
• Running controls are fairly difficult to
assess and manage
• Running controls’ securities are fairly
coarse. It’s all-or-nothing in IE.
Securing ActiveX Controls
•
•
•
•
•
•
•
Using Administrator Approved setting
Using Authenticode
Using CodeBaseSearchPath
Using Internet Explorer Administrator Kit
Using IObjectSafety
Using kill bit
Using security zones including a fifth builtin zone, called ‘My Computer’ zone
Broadening ActiveX Appeal
• Make it more secure through the use of
some kind of sandbox like Java
• Make it where it is platform independent
like .NET or JVM
• Don’t have this windows-only mentality
Conclusions
• Microsoft can make ActiveX more
appealing if they were to provide more
security to ActiveX
• They need to embrace CORBA not work
against it
• They need to work with Java, not against it