close

Privacy guaranteed - Your email is not shared with anyone.

Eric,why The New Active X Script? A Little Data Mining For Cash Perhaps?

Discussion in 'Announcements & Support' started by Grimsi, Jan 1, 2004.

  1. Grimsi

    Grimsi Restored member

    Messages:
    429
    Likes Received:
    1
    Joined:
    May 24, 2002
    Location:
    Nevada
    WELL I FOR ON FIND IT A ROYAL PAIN IN THE *** TO HAVE TO CLOSE THE ALERT WARNING ME OF THIS HIDDEN LITTLE CODE FOR EVERY SINGLE FREAKING POST I TRY TO READ/VEIW ON GLOCK TALK.

    NOW, I KNOW IT IS YOUR SITE TO DO WITH AS YOU PLEASE, BUT CONSIDERING THAT THIS IS THE FIRST TIME IN...WELL SINCE EVER, THAT YOU HAVE ADDED IT, PERHAPS YOU WILL RECONSIDER.


    REMEMBER EVERYONE, ACTIVE X IS NOT YOUR FREIND!

    THANK YOU FOR YOUR SITE, I HOPE IT BECOMES USABLE AGAIN IN THE NEAR FUTURE.


    AND YES I KNOW I AM SHOUTING...
     
  2. Eric

    Eric Big Giant Head Staff Member Admin Silver Member

    Messages:
    62,596
    Likes Received:
    15,982
    Joined:
    Jan 1, 1970
    Good grief, the 'Active X' control you are railing about is a simple Flash banner at the top of the pages. Flash is an outstanding technology and I will be using it more on this site, as I learn to use it better.

    I don't appreciate the the title of this thread or your SHOUTING. If the firewall you are using is anything like the one I use, you have an option to accept active x by default, by domain name. If I haven't earned your trust after having run this site for the last six years, then I don't know what I can say now to make it better. In the six years I have run this site, I have NEVER done anything illicit, such as datamining, and I have turned down a hell of a lot of money on several occassions, by people that wanted to set up such things up here. I have always let my sense of right and wrong guide my actions here and I find your post insulting as hell. You should take a moment to ascertain what you are talking about, before you start making accusations. Eric
     

  3. Grimsi

    Grimsi Restored member

    Messages:
    429
    Likes Received:
    1
    Joined:
    May 24, 2002
    Location:
    Nevada
    Eric, I do know of what I speak, but that aside, no insult was intended and I dont see data mining as illicit. But the use of such tools and script w/o the up front anouncement(sp?) of same raises serious concerns.

    I use Zone Alarm Pro 2.6.231 and it dosnt have such a feature, I have , however configured the IE that I use to halt All Active X and like controls. And if you had attended the security seminars that I have had to for my business you might change your mind.

    Again I want you and everyone else that reads this exchage to realize that I do not distrust you per-se', I distrust those that might take advantage of you and your site for their own reasons.

    I disable all active scripting for the same reason I carry 27-7-365 and wear my seatbelt each and every time I ride in an auto, just in case.

    So far I have N-E-V-E-R had a viral or worm in my computer nor
    a serious injury from an auto wreck.


    I ment no insult and hope that you can see the truthe to that statement.

    But I will not enable scripting,but I will look into another option.

    Reguards, Gregg
     
  4. musher

    musher

    Messages:
    13
    Likes Received:
    0
    Joined:
    Aug 31, 2000
    Location:
    fairbanks, ak, USA
    I agree the shouting and the accusation weren't called for, but I find the active x inconvenient as well.

    Many many sites are using this to collect info. While I appreciate that you are not allowing this to happen on your site, I've got to admit that's usually my first suspicion when I run into activex scripting. I've got activex scripting turned off for all sites for this reason.

    Flash is neat technology, but I suspect you'll have more users that are blocking active scripting for a variety of security reasons who may not be able to block by domain as you suggest as they aren't running firewalls on their desktops (particularly inside corporate firewalls ;) ).

    I've been to lots of sites that have activex that don't spawn the "this page may not display correctly" dialog when activex is disabled. Perhaps there's a way to change how you're including the flash banner so that folks who disable it don't have to click 'OK' on every page.

    Also, if you know of a way to configure a browser to allow activex by domain, I'd try that for your site.

    FWIW, I too generally begin to avoid sites if I have to click a dialog box everytime I change pages. Just not worth the effort, I guess.

    I hope you don't find my post insulting, as I don't intend it to be. Just wanted to pass one user's point of view back to the admin.

    hope you're enjoying your holidays.
     
  5. Eric

    Eric Big Giant Head Staff Member Admin Silver Member

    Messages:
    62,596
    Likes Received:
    15,982
    Joined:
    Jan 1, 1970
    Grimsi, if you didn't intend to insult me, you might have left out the shouting, invective and accusation. You might have simply asked me what's up. I promise you I never make changes here with the intention of pissing people off. If I change something, I am doing so for a reason.

    The best way I know of to protect a computer from malicious content is to unplug any network or phone cables plugged in to it. Interacting with other computers on a network or internet always involves risk. Accepting any content from another computer always requires trust. People used to make the same complaints to me about cookies that I am hearing now. My response is the same to both sets of arguments. Just because something is capable of abuse doesn't mean it is going to be abused. Guns can be abused right? Cookies and Active X-capable plugins like Flash are exptremely useful and to not accept them out of hand from everyone, because some people out there abuse them, is a little backward, in my opinion. Reasonable security measures should be flexible.

    If a person is really worried about security, a personal firewall system is the way to go. A firewall can block active x content selectively, by domain name. I use Norton Personal Firewall and virus software on my personal computers. I have heard a lot of negative opinions on it from some, but it works better for me than any others I have tried. The Nortom Security Suite software costs $69. It is easy to set up and run. If the price is an issue, there are other cheaper and even free alternatives to chose from, like Black Ice or Zone Alarm.

    If you are going to block all active x content in your browser, you still have the option of adding individual sites to your 'Trusted Users' list and setting different restrictions for those trusted sites. In Internet Explorer, go to internet options and click on the 'Security' tab. You should already know how to get there, if you have changed your settings to deny all active X content. Click on the 'Trusted Sites' tab ( see picture below). Click on the 'Sites' button. Uncheck the 'Require Server Verification...' option and type in 'http://glocktalk.com/' and click 'Add'. If you want to block all active content, but still allow it on GT, this is how to do it.

    <center><img src="http://glocktalk.com/docs/images/ActiveXTemp/IESecurity1.jpg"></center>

    Like I said, this comes down to a simple matter of trust. You trust me or you don't. You trust the content from my site or you do not.

    Flash technology gives me capabilities that no other type of scripting gives me. It can be used to deliver compact, but feature-rich vector-graphic animations. It can be used to create interactive forms to interact with the site. I can use it to create really slick little interfaces that query my databases and cross link that data throughout the site. It is very slick technology and I am going to need its capabilities in the new system I am building. I realize that this type of technology is capable of being abused, but it is not going to be abused on my system. I will never use any active technology to do anything but deliver text and multi-media content and to interact with my own servers. I have not and will never embed content of any sort from any third party in my webpages. I know everything that is contained in every page on my site and I am the only guy who has access to the servers. My content is secure and I think the 6 years I have spent running this site should bank me some credibility. The content from my site is safe and it is secure.

    Like I said before, I do not make changes on this site just to inconvenience or anger people. If changes I make cause problems for anyone, they should bring the problems to my attention. I think what I outlined above will cure this particular problem for individual users. If I find that there are users out there whose office firewalls are causing problems with my site's content, I will figure out a way to deal with it. All I ask is that people have some patience and consideration for my efforts and treat me how they want to be treated. Eric
     
  6. Sta. 18

    Sta. 18 Modern 'tater

    Messages:
    120
    Likes Received:
    0
    Joined:
    Jan 15, 2000
    Location:
    Orange County, California
    Eric, I just thought I'd take this opportunity to thank you for all the hard work and patience you devote to this site. There is no way that I would ever put up with everything you do to keep this place running.

    I know I wouldn't have had the patience to spend my Thanksgiving day trying to get an internet board functioning. If it were me running things, everyone would have had to wait a day or two. Thanks for fixing things that day, as I was starting to have GT withdrawals.

    It must be incredibly frustating to be constantly criticized for everything you do. There's another Glock related board I frequent, and I don't believe a day goes by where someone there is not griping about you keeping this a family oriented board.

    Thanks for everything & keep up the good work!!!;c ;c
     
  7. musher

    musher

    Messages:
    13
    Likes Received:
    0
    Joined:
    Aug 31, 2000
    Location:
    fairbanks, ak, USA
    Eric,

    OK, setting you up as a trusted site worked fine. Thanks for the tip.
     
  8. MB-G26

    MB-G26 Non-existent STUPID GURL Lifetime Member

    Messages:
    7,775
    Likes Received:
    1,714
    Joined:
    Oct 9, 2001
    Location:
    Missing Sharon
    Earlier today I posted a help request in TT forum because I had started to once again get those annoying ActiveX notifications, and assumed something was wrong on my end.

    I do not and never will allow ActiveX permission as a wholesale matter, and the ONLY time I have enabled it is when necessary to use windows update.

    I do and never will have Flash or Macromedia anything installed on my machine. Time is simply too tight to have to keep up with yet MORE vulnerabilities, patches & fixes for apps. Also, when 3rd party apps are required, the user has to accept the EULA of that/those 3rd party apps. Even if the user objects to the provisions in the EULA (such as mandatory, "automatic updates" and other mandatory incoming connections) they are left w/no choice but to accept the EULA. Often the only answer to a newly discovered hole or bug in a 3rd party app is to upgrade to their newest version - and the EULA that comes with that new version can be very different from, and more invasive/controlling than, the EULA of the previous version.

    In fact, I just went round w/my credit union over their recent implementation of Flash on their website banking page. Perhaps those in control of the decision actually reviewed the pages and pages of related vulnerability and exploit documentation, because after a couple weeks they added an optional link to utilize the site w/o Flash, etc.

    Simply adding GT to "Trusted" or other Internet Zone won't work for me, unless I want to further hack IE to create yet another "Zone", in addition to the semi-permissive sandbox zone GT currently resides in. The *only* way I could allow ActiveXploit for GT and GT alone would be to set up an additional sandbox zone which allows it - and place GT and only GT in that zone.

    I use Sygate Personal FW, and currently run over 40 Advanced Rules, including a rule which blocks outgoing ActiveX connections to MS domains. This does *not* however stop the continual OS notices about ActiveXploit being disabled and potentially affecting the display of the GT site.

    What I am finding is that since I started experiences the notifications again, I also find myself skipping threads I would otherwise have read - because it's just too time consuming, inconvenient, and annoying to have to constantly respond to and close the ActiveExploit notices. I'd be the last person to chastise Eric for his webmaster decisions; perhaps this development will actually work in my favor since I'm definately not a 'major poster' and I do spend too much time reading GT and not getting other, real-life stuff taken care of :)

    Let me also say it is NOT a matter of "not trusting" Eric - for me it is purely and simply a matter of computer security, which I take extremely seriously, resulting in running a very tightly configured machine.

    Oh, by the way for Flash users, there's another Flash-related vulnerability, with a corresponding version update:
    m

    PS. It's not really clear whether the following applies to the 'newest' version - but it has not been amended by Macromedia since 4/2003 to indicate that anything other than "all" versions are affected. If still applicable, I would see this as a concern for sites other than GT which use Flash/ActiveX to display adverts.
    http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm
     
  9. duckslayer79

    duckslayer79

    Messages:
    1,108
    Likes Received:
    0
    Joined:
    Jun 20, 2003
    Maybe it was GT telling you to take your caps lock key off.;f

    IMO any man who spends his entire thanksgiving day trying to get a board back up for a bunch of people, who shouldnt be on the computer in the first place and spending time with family (including myself ;f), can be trusted.

    Nuff said

    Take Care
    "duck"
     
  10. Eddie C.

    Eddie C. Administrator Moderator CLM

    Messages:
    5,094
    Likes Received:
    35
    Joined:
    Feb 21, 2002
    Location:
    State of Confusion


    Not only Thanksgiving Day, but the whole weekend.;g Well said Duck!^c
     
  11. duckslayer79

    duckslayer79

    Messages:
    1,108
    Likes Received:
    0
    Joined:
    Jun 20, 2003
    Wow,

    I didnt realize it was the whole weekend.;P

    Eric,
    Thank you Sir.

    Take Care
    "duck"
     
  12. 10 Ring Tao

    10 Ring Tao Red White Blue

    Messages:
    860
    Likes Received:
    0
    Joined:
    Sep 18, 2003
    Location:
    Southeast Michigan
    I can only imagine the cash he could make by simply selling the member's email list, let alone a repeating scheme to harvest member info.

    You are a shining example of ethical webmaster-dom eric. Bravo.
     
  13. DWavs

    DWavs Moderator Moderator

    Messages:
    2,076
    Likes Received:
    4
    Joined:
    Feb 10, 2000
    Location:
    Virginia
    Well said.
     
  14. SavannahGL

    SavannahGL

    Messages:
    138
    Likes Received:
    0
    Joined:
    Oct 11, 2000
    Location:
    Out on the Ledge
    Great site. That's why I contributed money. Still, it belongs to Eric and it is his to do with what he will.

    All that being siad, the double pop up warning boxes will not do, for me. Don't know what my decision will be yet.
     
  15. Vic303

    Vic303 Senior Member

    Messages:
    1,490
    Likes Received:
    1
    Joined:
    Mar 15, 2003
    Ya know, maybe for those folks who are so worried about their computer security, they ought to get a 2nd hand machine and use it EXCLUSIVELY for their internet, and load NOTHING of value/personal info onto it. Keep your private data on a PRIVATE machine that isn't on the net. That way you are totally secure, and who cares if your net machine gets active x'd or hacked etc? There's nothing on it!;g
     
  16. sigsrbest

    sigsrbest "Clique"member

    Messages:
    80
    Likes Received:
    0
    Joined:
    Apr 25, 2003
    Location:
    the 9th circle of hell
    and just to be even more secure , download and run MOZILLA in place of IE6 ... no popups and almost no vulnerabilities unlike IE4-6...