Showing posts with label activex. Show all posts
Showing posts with label activex. Show all posts

12 May 2012

South Korea Still Paying The Price For Embracing Internet Explorer A Decade Ago

The problems of monopolies arising through network effects, and the negative effects of the lock-in that results, are familiar enough. But it's rare to come across an entire nation suffering the consequences of both quite so clearly as South Korea, which finds itself in this situation thanks to a really unfortunate decision made by its government some years back

On Techdirt.

09 July 2010

South Korea: Super Fast, and Finally Free

Imagine a country that has one of the best Internet infrastructures in the world, and yet its government effectively forbids the use of GNU/Linux through a requirement that everyone employ a decade-old Windows-only technology for many key online transactions. That country is South Korea, where 1 Gbits/second Internet connections are planned for 2012; and that Windows-only technology is ActiveX.

On The H Open.

29 April 2010

Is South Korea's Crazy Experiment Ending?

I've written a number of times about the curious experiment South Korea has been conducting: making its entire governmental and financial computing infrastructure dependent on Microsoft by requiring *all* users to install proprietary security software that is typically an ActiveX plugin (yes, one of *those*).

This is obviously insane, because it forces people to use a piece of technology that has been a major cause of security problems on the Windows platform, and it creates a monoculture, with all the weaknesses that implies.

Despite the manifest folly of this approach, changing it has been hard because of the total lock-in. But apparently change is finally coming, and for a couple of surprising reasons:

For those of you who have followed my blog, you know that it has been 3 years since I first reported on the fact that Korea does not use SSL for secure transactions over the Interent but instead a PKI mechanism that limits users to the Windows OS and Internet Explorer as a browser. Nothing fundamentally has changed but there are new pressures on the status quo that may break open South Korean for competition in the browser market in the future.

In fact, one of the new pressures on the status quo has been the popularity of the iPhone in South Korea, which wasn’t available officially until late 2009 due to a different Korean software middle-ware requirement, WIPI, which has since been deprecated. With WIPI dead and buried, Apple released the iPhone to great fanfare in the Korean market and Blackberry has also launched in the Korean market.

Another pressure on the status quo was a recent report out from 3 researchers (Hyoungshick Kim, Jun Ho Huh and Ross Anderson) from the University of Oxford’s Computing Laboratory, “On the Security of Internet Banking in South Korea.”

...

The popularity of the iPhone (the press claims 500,000 units sold in the few months since it was released) resurfaced the issue that only Windows and IE can be used to make secure transactions with Korean Internet services. iPhone/Blackberry/Android users in Korea (not to mention Firefox/Opera/Safari/Chrome users) cannot bank online or purchase items online or do any secure transaction with the smartphone browser because Korean services only support the PKI mechanism that only works with Active-X in IE and Windows.

This is a rather unlooked-for consequence of the arrival of smartphones in general, and of the iPhone in particular. Combined with pressure from the users of other browsers and other operating systems, we can hope that this will bring the South Korean government to its senses, and end this bizarre and unfortunate experiment in government-mandated monoculture.

Follow me @glynmoody on Twitter or identi.ca.

01 October 2009

Korea Cottons on to the Microsoft Monoculture

I've written several times about the extraordinary situation in South Korea - otherwise one of the most advanced technological nations - that maintains an almost total dependence on Microsoft's ActiveX technology for banking and government connections. Now it seems that the Koreans themselves are finally waking up to the disadvantages - and dangers - of that situation:

The bizarre coexistence of advanced hardware and an outdated user environment is a result of the country's overreliance on the technology of Microsoft, the U.S. software giant that owns the Korean computing experience like a fat kid does a cookie jar.

It is estimated that around 99 percent of Korean computers run on Microsoft's Windows operating system, and a similar rate of Internet users rely on the company's Internet Explorer (IE) Web browser to connect to cyberspace.

The article points out the obvious security issues with this approach:

This is a risky arrangement, since Active-X controls require full access to the Windows operating system and are often abused by cyber criminals who spread malicious programs to direct the browser to download files that compromise the user's control of the computer.

But it seems that the problem goes *much* deeper:

Even Microsoft seems ready to bail on Active-X, looking to phase out the program over security concerns and compatibility issues. However, in Korea, where most Web sites rely on Active-X to enable a variety of functions from online transactions to simple flash features, the program is abundant and critical as air.

This leads to awkwardness whenever Microsoft introduces a new product here. The release of Windows Vista caused massive disruption when Active-X used by banks and online shopping sites didn't function properly.

And the Korean Internet users sweated over Microsoft's initial plans to reduce its support for Active-X in IE8, the latest version of the company's Web browser. Although IE8 did end up backing Active-X, strengthened security features have made its use more complicated.

The reliance on Active-X has locked Korean computer users into a depressing cycle where they are prevented from venturing off to other operating systems and browsers, and stuck with an outdated technologies their creator can't wait to dispel.

That is, by instituting a monoculture, and becoming completely dependent not just on one manufacturer, but on one particular - and very unsatisfactory - technology used by that manufacturer, the Koreans find themselves trapped, left behind even by Microsoft, which wants to move on.

There could be no better demonstration of why mandating one proprietary technology in this way, rather than choosing an open standard with multiple implementations with the scope for future development, is folly.

Unfortunately, the article quoted above doesn't seem very optimistic on the chances of openness breaking out in South Korea any time soon, so it may well be that all its superb Internet infrastructure will go to waste as it remains locked into aging and increasingly obsolete technology on the software side. (Via Mozilla in Asia.)

Follow me @glynmoody on Twitter and identi.ca.

16 January 2009

Google Chrome to Support ActiveX

I've written before about the parlous state of online computing in South Korea, where practically everyone uses Microsoft's ActiveX technology. As this post explains:

Despite security short-comings, ActiveX had been welcomed into the community and flourished. Surprisingly, more so in banks where security is a top priority. Believe it or not, ActiveX is so widely used that the South Korean government decides to make it compulsory for all banks to have it.

That's bad enough, but the post goes on:

Other major browsers have resisted supporting ActiveX. Until now. Google Chrome has now decided to support ActiveX, but only in South Korea.


OK, so Google wants to increase its market share, but it might do that more usefully by sponsoring a few studies into the poor security that using ActiveX implies. Following sheep-like is not the solution.

10 December 2008

Is this Google's ActiveX Disaster?

I remember very well the days in the mid 1990s when it became clear that Microsoft's ActiveX technology, which grew out of OLE, a way for creating compound documents, was essentially the world's greatest browser malware construction kit. Since then, ActiveX exploits have probably caused more harm in the Windows world than any other aspect of Microsoft's flawed platform. So it is with some consternation that I find that Google seems to have learned nothing from history....

On Open Enterprise blog.

29 September 2008

Now, That's What I Call a Monoculture

Apparently, Internet Explorer has a market share of around 98.7% in South Korea. As I understand it, this is largely because the South Korean government is even more benighted than the UK one, and insists on using ActiveX controls for its dealings with the public. More figures and explanation here.

31 July 2008

I Have an Intuition

Of all the complaints about open source - there's no support, poor security, lack of a business model etc. etc. - the one that still has a semblance of truth is that it lacks certain key applications on the desktop. Prime among these is Intuit's QuickBooks personal finance software. It looks like that final obstacle is about to fall. Not only has it set up a Linux Business site, but there are indications it is aiming to break its dependence on Microsoft technologies:


We are actively working on making our product compatible with other browsers (including Safari). We have a large product that currently uses ActiveX and was initially tuned to work with Internet Explorer. Therefore, it will require a large amount of work and will take some time on our part to accomplish. As you can see from the iPhone application, we have passion for Mac within our team!

Additionally, we too would like to use Firefox. We are in this with you; we just need some time to make it all happen.

(Via Jim Zemlin.)

25 July 2008

ActiveX: the Law in Korea?

I've long known that the Korean governmnet is pretty benighted when it comes to *insisting* that people use ActiveX in order to interact with it, but now it seems that opponents of this monoculture have just been seriously slapped down:

Open Web, a Korean web forum led by professor Kichang Kim of Korea University is best known for its fight against rampant use of Active X in Korea, lost a lawsuit against the KFTC (Korea Financial Telecommunication and Clearings Comittee). Professor Kim accused that the Korean government's mandate on the use of Active X programs for the internet banking and other public web services should be lifted, as it is against fair trade and "overly favors technology from a single company (that is, Microsoft)".

Professor Kim has also asserted that as many Korean netizens somehow grew to think that Active X is something they have to download anyway, many of them are exposed to security vulnerabilities. Also, as so many entities including virtually all financial institutes in the nation depend on Microsoft technology in Korea, whenever Microsoft announces an update, the whole nation has to upgrade its internet infrastructure, and this leads to various losses on a national scale - Kim asserted.

But Professor Kim's year-long accusation fell short of convincing the court that the government mandate on the Active X is against fair trade and therefore is illegal.

How can a government lock its people into one technology - one, moreover, whose flaws are now well documented? Even the UK government has never been *this* daft.