Sometimes I have to use web sites that use ActiveX security plug-ins.
The websites say that these plug-ins
1. secure the authenticity of printable certificates
2. secure overall data sent back and forth
3. secure sensitive data like credit card info when buying online
4. encrypt data
I heard ActiveX is vulnerable.
How secure are ActiveX based security plug-ins
It is hard to tell without knowing which sites this is, but all of what this plugin claims should be doable by HTTPS already (maybe except for the "printable certificates" - whatever this is). Also ActiveX has a known history of insecurities because there are almost no limitations of what can be done by such plugins. Thus this sounds highly suspicious too me.
Most add-on security tools, at best, merely cut down the noise. There are a few which have some intrinsic value (password managers, encryption) but their value is hugely dependant on the quality of their implementation. At worst, these products actually create new security problems.
I heard ActiveX is vulnerable.
I would agree that ActiveX is flawed by design - it's a set of technologies, but does what its intended to do. Hence on 2 counts its not correct to say that its vulnerable - it merely creates a big attack vector for exploiting vulnerabilities.
The websites say
What websites?
secure the authenticity of printable certificates
WTF?
secure overall data sent back and forth
How? That's what TLS is intended to do. If these sites don't explain how these products add value, then its probably snake oil.
secure sensitive data like credit card info when buying online
encrypt data
How is this different from the "overall data" being sent back and forth?
If the service provider cannot provide an adequate explanation of what their code is doing and/or why its doing it, I would not trust them.
