Originally Posted by
The Edge
Because any vaguely sensible security policy would, at a minimum, require user confirmation, before installing them from the internet or untrusted zones (and should probably not allow unsigned ones at all).They can do anything that an ordinary .exe can do, when run by the user of the browser.I don't know the exact rules for Windows, but there are some network operations that require Administrator access on Unix. Note, as you implied an environment where user convenience was more important than security, it may well be that the users do have Administrator rights! Yes. (It is possible that some firewall products may detect this, and that some virus/spyware programs may also sense a risk.)Generally,there is a strong correlation between the ability to produce a "rich user experience" and the high security risks.
Bookmarks