Office Viewer Component

Since the digital signature of an ActiveX control stays with the file it was attached to, there is a permanent evidence of the designed intent of the control by the developers. However, this evidence does not account for all possible conditions the control may be used in but were never tested for.

ActiveX controls marked as safe are supposed to be safe in all possible conditions. So a control marked as safe for scripting (SFS) or safe for initialization (SFI) must be written to protect itself from any unpredictable results a script author might unintentionally create when scripting the control. While it is relatively easy for a programmer to create a control with adequate guards to avoid misuse, it is impossible to guarantee that the control is always safe when used with scripting created by another author or programmer.

If a control is marked safe for initializing or safe for scripting, the developers are claiming that no matter what values are used to initialize the control, it will not do anything to damage a user’s system or compromise the user’s security when the control is initialized in any way.

The developer of an ActiveX control should take extra care to ensure that a control is in fact safe before it is marked as safe. For example, each ActiveX control, at a minimum, should be evaluated for the following issues:

• It does not over-index arrays or otherwise manipulate memory incorrectly, thereby causing a memory leak or corrupt memory region.
• It validates and corrects all input, including initialization, method parameters, and property setting functions (implements acceptable I/O validation and defense methods)
• It does not misuse any data about, or provided by, the user
• It was tested in a variety of circumstances

If a user attempts to install and run an unregistered ActiveX control from the Internet, Internet Explorer checks to see if the control was digitally signed. If the ActiveX (OCX) file has a certificate of trust that is already trusted on the user’s computer, it is accepted, installed, and registered. Depending on the security level set for use by Internet Explorer, if the certificate of trust is unknown to the system, the user is presented with the option to install the control. If the user accepts the option to install the control, the certificate of trust associated with the control is noted in the registry.

If the ActiveX (OCX) file is installed as part of an application from a CD or other locally opened resource, there is no examination of the certificate (if there is one) associated with the OCX file. It is assumed the file is associated with an application which has been deemed safe to install by the user, and it is installed and registered without challenge.

Once the control is installed on a user’s system, the control no longer invokes code-signing dialog boxes when started. After a control is installed, it is considered safe even if it was not digitally signed originally.

EDraw Office Viewer Component has been signed with EDrawSoft digital signature. It’s safe to download with the default internet safety level.

If you can’t open the word document or excel workbook in your internet explore, you need check your IE setting. The simple method is to restore the IE security as Default setting.

Click on the “Tools” menu and select “Internet Options”. Click on the “Security” tab.

Click on the globe marked “Internet”. This will display a slider which, by default, is set to “Medium”. Click on the “custom” button and scroll down until you find the setting “Script ActiveX controls marked safe for scripting”. Enable this setting. Click OK as needed to save the setting.

Note: You computer needs MS office installed.

Downloading and running a piece of code from the Internet is a fundamentally dangerous act.

Microsoft attempted to ameliorate the problem through a standard called authenticode. This is a technology for signing files with a non-forgeable digital signature. Signing a file this way ensures that any alteration to the file is detectable, and the signer of the file can be positively identified.

To digitally sign a control, you will need to obtain a certificate from a certificate authority, which can be located by using the term “certificate authority” in a Web-based search engine. Follow the directions for signing controls from the certificate authority you decide to use.

If you do not sign and timestamp your executables and .cab files, Internet Explorer may display a warning message (which gets more threatening with each major rev of IE) to let the user know they are taking a risk if they continue with the installation. This is normally suppressed when the source is in the ‘Trusted Sites’ zone.

We provide the cab file and ocx file with the digital signature in the full verion. We allow the licensed users to sign the EDraw Office Viewer Component with your own digital signature too.