1. Field of the Invention
The present invention relates in general to the field of information handling systems and more specifically, to the display of information on an information handling system using an internet browser.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, or communicates information or data for business, personal, or other purposes, thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is processed, stored or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservation, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information, and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems continue to improve in their ability to generate and manage information. Increasingly, this information is accessed and interacted with through a browser application. Currently, one of the most popular browsers is Internet Explorer (IE), produced by Microsoft. IE was originally designed to enable enhanced interactive content delivery to a user while supporting the broadest range of web pages without major problems. However, other browsers, such as those based on Mozilla technology, are now offering technical capabilities and features not currently available with IE.
One of the features of the IE browser is its use of ActiveX, which allows for the creation of applications that can be downloaded and run within the E browser. ActiveX encompasses a set of object-oriented programming tools and resource sharing technologies that are based on Microsoft's Object Linking and Embedding (OLE) and Component Object Model (COM). When a program is written in the ActiveX environment, a self-sufficient component is created that can run anywhere in an ActiveX network environment. This component is known as an ActiveX control, which is roughly equivalent to a Java applet. An advantage of such a component is that it can be reused by many applications, commonly referred to as application containers.
With the use of ActiveX, web pages can extend their functionality by providing direct access to a computer's operating system and application programs, thereby allowing them to be more dynamic and interactive. Since it is tightly integrated with the operating system, IE can facilitate this interaction, as it makes full use of the accessibility framework available within Windows. While advantageous in many regards, the embedding of these capabilities into IE can also create an environment conducive to the spread of malicious programs such as viruses, Trojan horses, and spyware infections. These hostile programs typically use ActiveX to automatically download onto a computer, activate themselves, and then propagate to other computers.
When an ActiveX control is about to be downloaded and run, it presents a digital signature, purportedly from the author of the program, and the user is prompted whether or not to accept the download. The digital signature may be valid and legitimate or it could be a forgery presented by an unscrupulous hacker. The user has two choices: either accept the digital signature at face value and let the program proceed, or reject it completely. ActiveX security relies on the user making the right decision about which digital signatures and/or programs to accept and which ones to reject. Accepting a malicious program that has been disguised or misrepresented can result in unexpected, even catastrophic, results. Furthermore, hackers continue to discover and exploit additional ActiveX vulnerabilities that can allow them to bypass the presentation of digital signatures and then download and install malicious software onto a computer without the user's knowledge.
A possible response in addressing these security issues is to use browsers that do not use ActiveX. One such browser is Firefox, which is based on Mozilla technology and can be configured to automatically download most files, but not “.exe” files, which are executable programs. However, this approach does not fully address the issue of how to safely access the dynamic and interactive capabilities of Web sites that have extended their functionality by implementing ActiveX controls.
One current approach is the IE View extension for Firefox which allows a user to enter a list of domains or URLs which should be viewed in E. When Firefox intercepts one of these URLs, the extension automatically launches IE with the intercepted URL. However, simply launching IE and running downloaded ActiveX controls can still introduce undesirable security issues. What is needed are additional controls to limit security vulnerabilities when ActiveX controls are implemented on a user's computer.