executable content

[dnewman () McGraw-Hill com]

mjr wrote:

> > E) Expecting a decent portion of firewall administrators to be like those I
> > mentioned above, how restrictive are most commercial firewall products
> > out-of-the-box?  (i.e., Is my feeling that 3) should be blocked by default
> > the reality?)

> I'd guess that most commercial firewalls, out of the box,
> won't block Java/ActiveX unless you tell them to. That may
> be a wrong guess, though.

At the time of the Data Comm test (January/February '97) only three out of 20
firewalls had built-in screening for Java *and* ActiveX: Global Internet (now
Cisco), Seattle Software Labs (now Watchguard), and TIS. 

Eight could screen Java: Altavista (DEC), ANS, Check Point, GI, Raptor, Seattle,
Secure Sidewinder, and TIS. 

Dunno if that's changed since. Check Point has a bunch more partners, including
Finjan, so they may have a plug-in for ActiveX.  Seems kinda scary that at least
12 firewalls have no capability for screening executable content. . .

dn