Many Web sites use Java applets and ActiveX controls to enhance the user experience of their content. Examples include certain types of animation, drop-down menus, "live" stock-tickers, and so on. However, these same technologies pose risks—they can be used to collect personal data, damage files, or even hijack the use of the affected computer or server.

To help separate the good from the bad, many developers, Web sites, and software publishers use a commercial certification authorities (CA) to digitally sign and certify their Java applets, ActiveX controls, dynamic link libraries, .cab files, .jar files, and HTML content.

Digital signatures allow you to verify the publisher of a file, and that the file has not been changed after the publisher signed it. Without a digital signature, you cannot be sure the file is not counterfeit (a form of Trojan), that it has not been tampered with, (for example a spyware routine embedded within), or infected with a virus.

Just because a file has been digitally signed, however, is no guarantee that the content is safe—ultimately you need to trust the publisher and the company that the signed the certificate, the Certification Authority (CA).

After being signed, if your code is tampered with in any way the digital signature will "break"—users of the code will know it has been altered and is not trustworthy.

Rather than depend on the security settings of each individual user's browser, IWSVA allows you to create or move company-wide policies that will apply to all members of the LAN. IWSVA ActiveX and Java Security policies allow you to define the type of code behavior (destructive, nondestructive) you will allow from apps that cross the gateway to your LAN. You can also define which CAs to trust (and which not to trust), and how IWSVA should deal with signed, unsigned, and untrusted Java applets and ActiveX controls.

See also: