I was visiting the PropellerHead website, in attempt to get some information about a new piece of music software that I recently installed. As the page loaded I saw some activity in the lower right corner of IE that suggested that I needed to verify a Add-on.

The whole thing about running an Add-on is that you always want to make sure who created it and also to ensure that it can do little or no harm. How much do you trust the source? This issue has been tackled by using a valid signature. A valid digital signature verifies the identity of the publisher (the company, website, or individual that is distributing the file), as well as the fact that the file has not been tampered with since it was signed. If the file has no valid digital signature, you cannot be certain that the file is actually from the source it claims to be from, or that it has not been tampered with. You should not open the file unless you trust the publisher and know that the contents are safe to open.

Unfortunately so few Add-ons appear to be verifiable, or at least only Adobe and Microsoft appears to be bothered enough to setup a Digital signature for their controls.

 

I certainly do not trust ActiveX controls as a rule, but you can now use the Add-on Manager to verify what controls are running and subsequently what resources it may be using. Here is Microsoft's advice:

Before installing any ActiveX control, consider the following:

  • Were you expecting to receive this control? - Are you surprised that this website is trying to download an ActiveX control? Has this website required you to use an ActiveX control in the past? If this action is unexpected, you should be very cautious. Make sure you know what the control is for and what it will do to your computer before you save or run the file.
  • Do you trust the website providing the control? - Don't install an ActiveX control unless you absolutely trust the website that is giving you the control.
  • Do you know what the control is for and what it will do to your computer? - The website providing the file should tell you what this ActiveX control is for and provide any special details you need to know before you install it. If this information is not available, you should not install the control.

 

"Study without desire spoils the memory, and it retains nothing that it takes in." - Leonardo da Vinci