1996-08-15 - RE: Fun with M$

Header Data

From: Andy Brown <a.brown@nexor.co.uk>
To: “cypherpunks@toad.com>
Message Hash: 70c286402a1ceb890443bb51eac1718cb12d7fdac3b9de2b67fc4bbcab818701
Message ID: <01BB8A9A.ACAA01C0@mirage.nexor.co.uk>
Reply To: N/A
UTC Datetime: 1996-08-15 13:14:03 UTC
Raw Date: Thu, 15 Aug 1996 21:14:03 +0800

Raw message

From: Andy Brown <a.brown@nexor.co.uk>
Date: Thu, 15 Aug 1996 21:14:03 +0800
To: "cypherpunks@toad.com>
Subject: RE: Fun with M$
Message-ID: <01BB8A9A.ACAA01C0@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On 15 August 1996 06:16, Bill Stewart[SMTP:stewarts@ix.netcom.com] wrote:

> >Microsoft has chosen what Sun should have: leave the security to the user,
> >don't take it away from everyone.  Java has been severely crippled by the 
> 
> User?  What user?   The poor unsuspecting fool who hits the web page?
> The kind friendly person who writes web pages that turn off Win95?
> Executing signed code from web pages is semi-ok, if the default is to
> trust no one and make the user explicitly grant permission to code authors.
> Executing anything that comes down the wire is foolish, and writing
> software to do so is rabidly negligent.

The default (at least on beta-2 of ie) is to not trust anyone unless you
explicity say so.  If the user then decides to execute "k3wl kontro1" from
phreak.net then that's their problem.

Does anyone know what the legal implications of signed code are?  That is,
if Company A signs their Active X control and it's later found to corrupt
users data, does the signature (which is supposed to make the user trust
the control as safe), open up the company to litigation for damages?







Thread