Java, JavaScript, and ActiveX

Additional Activity 1

13 Discuss the difference between Java, JavaScript, and ActiveX. What are the different security issues that affect each one?

Java is a high-level programming language developed by Sun Microsystems that is used widely in Web pages to provide active content. Java is an object-oriented language similar to C++, but simplified to eliminate language features that cause common programming errors. It can run outside the confines of a Web browser and it is platform independent. It also can run on many different computers as long as the Web browser is Java compatible. If Java adds functionality to business application, it can handle transactions and a wide variety of actions on the client computer. Once it downloaded, embedded Java code can run on the clientís computer. However, security violations such as secrecy and integrity violations will happen. To counter these violations, a special security model Java sandbox is developed. The most common complaint about the Java "sandbox" is it\'s SO strict it doesn\'t let innocent, well-meaning developers do things they have a real need to do. This will hopefully changes in the near future when Sun supports a certificate that will allow applets from trusted sources a little more freedom to get the job done.

JavaScript is a scripting language developed by Netscape to enable Web page designers to build active content. JavaScript can invoke attacks by executing code that destroy the clientís hard disk, disclosed the e-mail stored in client mail boxes, or sends sensitive information to the attack perpetratorís Web server on the Internet. Despite the similarity in names, JavaScript is based only loosely on Sunís Java programming language. It shares many of the structures of the full Java language. JavaScript programs, unlike Java, do not operate under the restrictions of the Java sandbox security model and it cannot commence execution on its own. What is more, if you\'re programming in the languages, then JavaScript has smaller and easier commands than Java.

ActiveX is an object, called a control that contains programs and properties that Web designers place on Web pages to perform particular tasks. ActiveX is not a language, but rather a set of rules for how applications should share information. An ActiveX control is similar to a Java applet. Unlike Java applets, however, ActiveX controls have full access to the Windows operating system. This gives them much more power than Java applets, but with this power comes a certain risk that the applet may damage software on your machine. Another difference between Java applets and ActiveX controls is that Java applets run on all platforms, whereas ActiveX controls are currently limited to Windows environments. The security danger with ActiveX control is that once they are downloaded, they execute like any other program on a client computer. They have full access to all system resources, including operation system code. This has very dangerous implications. An ill-intentioned ActiveX control could reformat a userís hard disk, send e-mail to all the people listed in his or her address book, or simply shut down the computer. Because ActiveX controls have full access to client computers, they can cause secrecy, integrity, or necessity violations.