I’ve had some angry emails since my last post detailing my thoughts on IE7.

Specifically, it seems people take objection to this:

3. ActiveX will not be dropped. The problem is that people perceive ActiveX in a certain way. I could see Microsoft relabelling the objects to something like ASO’s (ActiveX Secure Objects) or something. But ActiveX is valuable, and is inherently (as a way of implementing instant page-specific plugins and applets) fine. It’s no worse than XUL in that way. So, no, it’s not going away.

Yes, I believe ActiveX is secure. That is, I feel it’s just as secure as every other “page-specific plugin or applet architecture”. What does this mean? It’s basically as secure as any other plugin system, XUL, etc. When I say “basically as secure”, I’m talking about the security model, not the actual security we’ve seen.

Yes, there have been a handful of core security issues with ActiveX. However, ActiveX all by itself isn’t really insecure. What was insecure, prior to XP SP2, was the way users interacted with ActiveX: they’d click “yes” when asked to install a piece of software, and since it was the default selection a lot of crap got installed by accident which severely hurt users.

So, yes, there have been security issues around user behaviour, which is why Microsoft changes the way that users interact with ActiveX prompts in XP SP2.

But the security model is as fine as anything in this space (ie: allow local execution of remote code) can reasonably be expected to be.

XUL has serious issues (because of a lack of a security model), as does FireFox’s plugin architecture (ditto). These things will come back to bite certain people in the ass. Just like ActiveX has already bitten Microsoft in the ass. This is the reason I proposed “ASO” as a new name, because even if there is no change to the security model, there will likely be changes to other aspects of ActiveX, and a minor rebranding isn’t a bad thing.

What’s the point of this (yet another) ramble?

Anytime remote code can be executed locally, there will be no such thing as “secure”. ActiveX is right up there, from both a user interaction point of view as well as from the handful of ways that people have been able to get around the prompts. However the fact that remote code is allowed to ever be executed precludes us from (in today’s world) having any semblance of security with any of these tools.

So, that’s what’s in my head in regards to ActiveX, and it’s why I don’t see any massive differences coming. Perhaps a larger reason is that the new .NET / Longhorn toolsets will make ActiveX completely obsolete anyways.