The Applet and ActiveX security module is a component of IWSVA. You can use it to
create and enforce blanket applet and ActiveX security policies for all users of the
LAN, rather than relying on each user to correctly configure the security settings
in his or her Web browser.
It works by detecting a file's true type, opening it (even if it is signed) and then
examining the code within to determine behavior possibilities.
Use Applet and ActiveX security to enforce some or all of the following policies:
-
Block all Java applets, cab files, and COM (ActiveX) files.
-
Block unsigned or invalidly signed applets, cab files, and Windows COM (ActiveX) files.
-
Block applets, cab files, and Windows COM (ActiveX) files that have expired signatures.
-
Block applets, cab files, and Windows COM (ActiveX) files with signatures based on
digital certificates that have been flagged by the IWSVA administrator.
-
Set Java applets to dynamically monitor applet execution and restrict applet behavior
on the client. Behavioral restrictions can include attempts to do the following:
-
Write to or delete files from a user's computer (potentially destructive code)
-
Read or copy data from a user's computer (potential privacy concerns)
-
Use the host computer's ports
-
Send data to an outside server, or try to contact the originating server
-
Open new browser windows, or perform memory operations such as creating threads.
