Drawbacks of ActiveX control
By Shin Chang-hoon
The cyber attacks by North Korea earlier this year raised questions about South Korea’s web security.
North Korea was able to successfully infiltrate malicious codes into computers by taking advantage of ActiveX ― a software framework created by
for content downloaded from a network.
South Koreans thought they were installing ActiveX files from websites as usual, but they were actually installing files that functioned as malicious software.
ActiveX is used for security by developers but this is just an illusion. As seen from the attacks in March, it is highly vulnerable to attacks from cyber terrorists.
Encountering ActiveX in Korean websites is as easy as pie. ActiveX is a plug-in that enables Internet Explorer to be used in various areas such as security and online shopping. Many Korean websites use this tool to optimize the use of Internet Explorer.
However, Microsoft warns users that ActiveX is a tool that can be used in malicious ways. This shows that Microsoft does not fully guarantee the safety of the tool. Korean websites should eliminate ActiveX to strengthen web security and lessen dominant market share of Internet Explorer.
Even before the cyber attacks in March, there had been continuous public complaints about ActiveX in South Korea. In response, the government promised to solve the issue of heavy use of ActiveX. Nevertheless there have not been significant improvements on Korean websites.
For instance, you still need to download several ActiveX controls in order to use Korean internet banking. Without downloading the plug-ins, you cannot move on to the next page. Downloading ActiveX can be extremely annoying when the web page is refreshed to download the plug-in and everything that you typed in disappears, making you retype everything.
Also Korean internet users are becoming less aware of the warnings that pop up before installing the ActiveX controls. Before installing ActiveX, the computer warns you about the risk of confirming to install. People click on ``yes” in order to proceed quickly. By clicking ``yes,” however, you are allowing the ActiveX to have full access to your computer. It is as if you are opening your front door to a stranger.
The fact that ActiveX is compatible only in Internet Explorer resulted in the monopoly on South Korea’s web browser market share. According to statistics from May 2012, Internet Explorer had an 80 percent share in South Korea. This is in stark contrast to the global market share. Internet Explorer had a 32 percent share globally according to Stat Counter in July 2012. It can be said that South Korea is extraordinarily under the control of Microsoft.
Also, heavy reliance on ActiveX in South Korea is taking away the people’s freedom to choose web browsers. Currently, people can use other web browsers but only for surfing the internet. Korean users still have to rely on Internet Explorer for other operations.
It is quite clear that ActiveX has some flaws. The government should not just simply encourage Korean websites to change current practices. If they continue to adhere to ActiveX, the government should issue penalties against those websites.
South Korea is a powerful nation in the field of information technology especially in broad internet networks. However, it is hard to believe that South Korea lags far behind other countries in the line of internet security. Therefore, it is high time for South Korea to focus on renovating its internet security system.
The complete removal of ActiveX is not realistic but websites should at least provide alternatives that don’t rely on ActiveX. Through taking these decisive measures in the near future, we hope that plug-ins in Korean web sites will not irritate Internet users anymore.
The writer is majoring in English linguistics at Hankuk University of Foreign Studies. His email address is schoon92@naver.com.