M$ has as much trust in itself as everyone else has for it...



  • looks like they don't trust microsoft stuff either... =)

     


  • Winner of the 2016 Presidential Election

    I'm sure this is intentional. ActiveX controls contain executable code, which can never be assumed as safe.  If Microsoft trusted Microsoft ActiveX controls automatically, it would be a huge security hole and a big publicity scandal.  It would be like Microsoft saying they have the right to hijack your computer or install any spyware they wanted if they saw fit.

    Microsoft is currently trying to repair its reputation as weak on security.  This is probably related to that.



  • <rant>

    How is this a WTF? This is designed behavior.

    Anytime an ActiveX control runs, it prompts you. Do you think it should have a condition for unless it is from Microsoft?

    Then you would be right back here complaining about THAT...

    Nothing Microsoft does could ever please some people.

    But what else would you expect from anyone who posts using 'M$'?

    </rant>



  • I stopped reading as soon as I saw "M$."



  • [quote user="Saladin"]I stopped reading as soon as I saw "M$."[/quote]

    Then what are you doing here in this thread? :^b 



  • [quote user="Brendan Kidwell"][quote user="Saladin"]I stopped reading as soon as I saw "M$."[/quote]

    Then what are you doing here in this thread? :^b [/quote]

    Pfft, semantics. :P



  • ok, i posted this because i saw it and it amused me, not because i have some deep-seeded hatred of them. and yes, i realize this is default behavior. i just found it funny that they didn't let their own software through. that's all... simmah down now...



  • Of course they shouldn't just "let their own software through"; that would be fucking retarded.  Then you would have a bunch of people copying Microsoft's digital signure or whatever else is the criteria and drive-by-infestations would continue.  I think Microsoft is finally starting to do some things right and take security seriously, but they have A LOT of catching up to do.



  • The real WTF here is that the purpose of this dialog is to blame the user for installing malware, thereby shifting the blame for the security hole away from Microsoft. The flaw is, of course, with the whole concept of ActiveX - a system to make it easy for users to download and run executable code from random websites without understanding what they are doing.



  • [quote user="luke727"]Of course they shouldn't just "let their own software through"; that would be fucking retarded.  Then you would have a bunch of people copying Microsoft's digital signure or whatever else is the criteria and drive-by-infestations would continue.  I think Microsoft is finally starting to do some things right and take security seriously, but they have A LOT of catching up to do.[/quote]

    I'm not quite a cryptology expert, but I'm reasonably sure that it's possible to sign some binary data with a signature that garuntees that "the content that hashes to this value was signed with Microsoft's private key, and the ability to decrypt it with Microsoft's published, trusted public key ensures that this content was created by Microsoft and not modified in any way", or something along those lines. And letting their own software through would not be retarded, imo. Debian, for instance, ships by default with the keys needed to trust it's package mirrors, although that's probably a somewhat different situation than this pop-up.
     



  • [quote user="bob the dingo"]

    ok, i posted this because i saw it and it
    amused me, not because i have some deep-seeded hatred of them. and yes,
    i realize this is default behavior. i just found it funny that they
    didn't let their own software through. that's all... simmah down now...
    [/quote]

    If you're using the acronym "M$" to indicate Microsoft, I would argue that you do have some sort of "deep-seeded hatred" or at least some discontent. Either that, or you're the type of person who likes to follow, and have been reading way too much Slashdot. (Note: I have a "terrible" karma rating on Slashdot because I don't feel the need to conform to the MS bashing. Showing any sort of support for MS is considered trolling there)

    [quote user="SpComb"]

    [quote user="luke727"]Of course they shouldn't just "let their own software through"; that would be fucking retarded.  Then you would have a bunch of people copying Microsoft's digital signure or whatever else is the criteria and drive-by-infestations would continue.  I think Microsoft is finally starting to do some things right and take security seriously, but they have A LOT of catching up to do.[/quote]

    I'm not quite a cryptology expert, but I'm reasonably sure that it's possible to sign some binary data with a signature that garuntees that "the content that hashes to this value was signed with Microsoft's private key, and the ability to decrypt it with Microsoft's published, trusted public key ensures that this content was created by Microsoft and not modified in any way", or something along those lines. And letting their own software through would not be retarded, imo. Debian, for instance, ships by default with the keys needed to trust it's package mirrors, although that's probably a somewhat different situation than this pop-up.
     

    [/quote]

    The dialog isn't indicating that the control isn't trusted, it's just asking if you're sure that you want to run it. You get a separate dialog if it's untrusted. 



  • [quote user="un.sined"]

    If you're using the acronym "M$" to indicate Microsoft, I would argue that you do have some sort of "deep-seeded hatred" or at least some discontent.  

    [/quote]

    Who doesn't have "some discontent"? That argument amounts to "you do not believe Microsoft is perfect", which IMO resolves to "you are not a complete moron". Using "M$" doesn't actually disparage them - it simply identifies a source of discontent, which usually stems from a failure to understand your licensing options. I pay roughly $25 a month for Microsoft licensing, and I have pretty much everything I want. (Getting Visual Studio wrapped up in that would be nice, but somehow I manage to win a copy every couple months.Wanna buy one?) If you're a technical professional and you work with Microsoft software, Microsoft LIKE you, and want you to have more and more of their software so you can use it and learn it and push it at your customers.

    (Note: I have a "terrible" karma rating on Slashdot because I don't feel the need to conform to the MS bashing. Showing any sort of support for MS is considered trolling there)

    I have an "Excellent" karma rating on Slashdot, even though I frequently support Microsoft and defend it against attackers. I've even been known to quite violently bash Linux, the GPL, and open source development in general. Some of my Microsoft-defending comments get modded up to 5. It's not that I never get modded troll; it's just not happening anywhere near as frequently as getting modded up. (In the same thread, even!) So I suggest there is some other explanation for your karma rating.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.