Microsoft to allow ActiveX installs for non-admin users in Vista
Microsoft had designed one of the Vista releases to prevent ActiveX installs for non-administrative users.
What a great idea. No more inadvertent installs of malicious ActiveX controls.
But bowing to pressure from beta testers, Microsoft will be releasing a feature allowing non-administrators to install ActiveX controls.
This is scary for two reasons:
First, ActiveX is a paradigm fraught with security problems. Restricting ActiveX controls to only install if on a white list, or to run only with user context is of little value as attackers will find ways of circumventing these restrictions. Additionally, I suspect most SMB’s have users set up as local administrators…
Second, and perhaps more scary. Microsoft has set the precedence that they are willing to roll back security enhancements in Vista when customers complain.
Where will this end?
Based on reports of the overwhelming challenges and dialogue confirmations Vista places in front of the system user, I suspect that the rollbacks will continue until Vista reverts to Windows XP but with significantly higher resource requirements.
Sadly, I believe that the end game here is that businesses will start installing Linux, or purchasing Macs.
In the very long term, this may be good for Microsoft. Starvation might be just what’s needed for Microsoft to get its head back in the game.
Bill