Wednesday, August 12, 2015

The incredible persistence of Active-X in Korea

A few days ago, after much consideration, I upgraded the OS on my Samsung ATIV Ultrabook from Windows 8.1 to Windows 10.  My consideration and caution was due larger concerns about Microsoft software, about which I've posted frequently over the years.  One of these topics is the continued use of Active-X by Korean financial institutions, years after Microsoft itself warned the whole world about the security risks associated with installation of Active-X controls.   (If you're interested in the history, take a look at these posts, the first of which was back in 2009.  )
You can only imagine my surprise to read in the Korea Joongang Daily a few days ago, the article entitled "Latest Windows Upgrade Exposes Achilles Heel." (click on the accompanying graphic to see a full sized version)  Astonishingly, as noted by the article, "When the launch of Microsoft’s Windows 10 was generating buzz around the world, Korean Internet users were warned by government agencies not to install the latest operating system. The reason? A cumbersome authentication system known as ActiveX used by government agencies and financial companies in Korea - and few other places around the world. Though it does not work on all web browsers and requires users to download a hefty set of supporting programs, the system is still necessary for most Koreans to access government services or their bank accounts online. But Edge, Windows 10’s new default browser, will not support the authentication system. As the operating system’s July 29 release drew closer, government agencies scrambled to notify citizens not to install Windows 10. The National Tax Service (NTS) launched a pop-up notification on its Home Tax website where people can file their taxes electronically. The website is accessed by the vast majority of Koreans, because tax filing is now done completely online. “The service would not be optimized under Windows 10,” read a pop-up notification on the site."  There are other examples included in the full article.
What makes these latest developments all the more surprising is that the use of Active X persists long after President Park Geun-hye personally noted the problem in a Blue House meeting with business leaders.
In April of this year, as reported by BusinessKorea the Ministry of Science, ICT and Future Planning announced that the government would repeal the Active-X security requirement and that 90 percent of the nation's websites would be free of it by 2017.  However, given the current state of affairs in which government entities are actively discouraging Korean citizens from upgrading to the latest version of the Windows operating system, things could explode into a much larger problem long before 2017!  All this bears close scrutiny.  Stay tuned.

No comments:

Post a Comment