Can Korea successfully escape ActiveX once and for all?
[THE INVESTOR] For a country known for its fast-moving technology and innovations, Korea has long been held down by an anachronistic website plug-in that almost every user loved to hate — the ActiveX.
Developed by Microsoft in 1996, ActiveX is a security plug-in software that only runs on the Internet Explorer browser. Due to security flaws, the plug-in has long faded from use overseas, with even its creator Microsoft removing ActiveX from its latest browser Edge.
Yet, Korea is one of the few countries in the world where ActiveX remains a requirement for accessing online services of many government organizations and financial institutions. Given this, ActiveX has tied down Koreans to IE, a browser less popular in other parts of the world.
For years, locals have voiced complaints about ActiveX as well as the piles of additional cybersecurity programs that must be installed to compensate its security gaps, making online banking, shopping and accessing government services on the web a painful, cumbersome process.
Like the previous administration, Korea’s new President Moon Jae-in has pledged to continue efforts to abolish ActiveX from all government websites to improve user convenience and get the country on par with global cybersecurity standards.
Last week, the State Affairs Planning Advisory Committee, a de facto transition team for Moon, made an announcement that it will “eradicate ActiveX plug-ins from all government-run websites by 2020.”
Likewise, the Ministry of Science, ICT and Future Planning and the Korea Internet & Security Agency have said they would remove ActiveX from the country’s 100 most popular websites operated by private companies by the end of this year.
However, whether ActiveX and its barrage of add-ons will truly fade from history remains unclear given the nature of the alternative solution now proposed by the government — EXE extensions.
While pledging to fully eradicate ActiveX from government websites by 2020, the Korean government has said it will apply EXE files — executable file extensions used to install additional on Windows — in cases where ActiveX cannot be fully removed.
EXE extensions are an improvement from ActiveX in that they can run on other web browsers like Google’s Chrome and Firefox, in addition to IE. However, they also require installation on part of the user, similar to ActiveX, fueling criticism that EXE will be no different from the ActiveX system.
Online critics and commentators have argued that the adoption of EXE will once again trap Koreans in a so-called “plug-in prison” highly reminiscent of ActiveX.
“What we are asking for is removal of ActiveX and all the cumbersome processes related to it. Replacing ActiveX with EXE is far from reform that improves user convenience. Why doesn’t the government get it?” wrote one online commentator.
The main proposed alternative has been to push for the adoption of the globally-used HTML5 standard, under which encryption software can be built in for security without the need for extra plug-ins. It is under this standard that one can make payments on global e-commerce websites like Amazon and eBay by using just a username, card number and password.
While wholly switching to HTML5 is one option, internet system experts say that the government must engage in further discussion and careful cost-benefit analysis on what is the optimal way to replace ActiveX.
“Some suggest that the government must also eradicate EXEs and completely overhaul its current cybersecurity and authentication system. However, the move is something that requires a careful cost-benefit analysis,” said Choi Young-jun, manager of the internet infrastructure team at KISA.
According to the KISA manager, Korea has developed several cybersecurity software exclusive to the domestic market that have benefited users — such as forgery prevention programs that lets users print out official government-issued documents from home.
However, such existing software with proven public benefit is not supported by HTML5, and thus would require installing EXE extensions, Choi noted.
“Korea must eradicate ActiveX to reduce Korea’s reliance on the IE explorer, while applying EXE to places where no alternatives exist. All this can be carried out only through fundamental policy changes from the government,” he said.
By Sohn Ji-young/The Korea Herald (email@example.com)