Aren signed ActiveX controls safer than downloading software packages?
No again. When you download a software package, you choose to go to the software publisher’s site. You then choose to download the package. After it’s on your machine, it doesn’t run until after you choose to install it and run it. You don’t get these choices with ActiveX, signed or unsigned. You can even run a virus scanner on a downloaded software package before you install it. You don’t have a chance to do that with ActiveX before running the control. With ActiveX the control pops off the web page, gives you the same old scary dialog you’ve seen every time you download one of these things, and it simply runs at that point! You don’t choose where it came from. In fact, if you’ve told Internet Explorer that signed controls are OK, you don’t even see the scary dialog. Back in the BBS era, and on better FTP sites things were different. We (BBS operators) would not allow folks to download unknown files. We would take the file contributed to the BBS (usually in a separate directory called