Comment Re:why? (Score 4, Insightful) 778
What exactly was "stupid" about ActiveX aside from potential malicious code (either directly or via overflows) that was either enabled by default or presented to the user with a "just click yes so the website will work" style input box?
Isn't the part about enabling malicious code by default stupid enough?
Firefox "avoided" this by not implementing ActiveX but most or all of the functionality was recreated in Javascript, giving it basically the exact same level of "stupid" with the benefit of having learned from about 10 years of exploits.
It's more of the "globally disabled EXCEPT for a whitelist maintained by the user".
It's the security methodology that is the difference.
Global enable vs global deny.
And Microsoft had the exact same reasoning behind their global enable. It makes it easier for THIRD PARTIES to present their content in the way that they want to the user.
That's almost acceptable when those THIRD PARTIES are trustworthy.
But those THIRD PARTIES could just as easily be crackers. And why make it easier for crackers to run their code on your computer in the way that they want to?