
106 Chapter 3 • Understanding the Risks Associated with Mobile Code
human judgment.With this model, a user can be nearly 100-percent
sure that an ActiveX control is coming from the entity that is stated on
the certificate.
To prevent digital forgery, a signing authority is used in conjunction
with the authenticode process to ensure that the person or company on
the certificate is legitimate. As with Java applet signing,VeriSign can act
as the signing company.
With this type of security, a user knows that the control is reasonably
authentic, and not just someone claiming to be Adobe or IBM. He or
she can also be relatively sure that it is not some modification ...