Try answering the question, or you’ve failed…

I just did something that I never have done in the past…. And I shouldn’t be surprised at the results…

I just read the “What’s the risk” help screen for the ActiveX installer prompt.  You know the annoying prompt, where it asks “do you want to install this ActiveX control” or “What’s the risk?”.

You know what I learned?  Nothing.  Sure, there are some sweeping statements, like:

  • You should always be cautious about allowing Web sites to run ActiveX controls on your computer. If an ActiveX control is not essential to your computer activity, try to avoid installing it.
  • You should be certain that you trust the publisher of the ActiveX control before you decide to install the control on your computer.
  • Because ActiveX controls are potentially hazardous to your computer, you should be certain that you trust the publisher of the ActiveX control before you decide to install the control on your computer.
  • The Web site should tell you what this ActiveX control is for and any special details you need to know before you install it. If this information is not available, you should not install the control.
  • Don’t install an ActiveX control unless you absolutely trust the Web site that is giving you the control.

Oh, but so clever, at least my copy of the Microsoft Help, has “What are ActiveX controls” shrunk down, it’s not expanded by default. And here is some meat and potatoes….

    These programs can, however, malfunction or give you content you don’t want. In some cases, these programs might be used to collect information from your computer in ways you might not approve of, possibly damage data on your computer, install software on your computer without your consent, or allow someone else to control your computer remotely. Given these risks, you should only install these programs if you completely trust the publisher.

Right…  The section on risks appears to be hidden by default, and everything else basically says “Do you trust the provider”.  First, the documentation appears to be trying to hide the risk factors, and presenting us with very little useful information.  At least no useful information from a security prespective.

Is this truly useful to the customer?  I’ll leave that for you to decide….