Here are five articles from the 1996-1998 time frame about Internet Explorer, ActiveX and Security
– Classic ActiveX Exploder demo and warning from way back when … early 1996
– WebDeveloper.com raises some critical ActiveX on Web issues in 1996
– A Security Comparison of ActiveX and Java from 1997
– A frank warning about Activex initially started in 1997 updated last in 2001
– CNET coverage of mounting concern – 1998
Now the new Security Design Intiative from Microsoft which, among other things, tightens recommendations for ActiveX conditions of use on the Web(well after even the rats have cleared the burning Web barn) actually owes a lot to work done by CERT back in 2000-2001 as picked up in this article in the Register and available here. Compare the two sets of directives and then ask why did Microsoft take 5 more years of waves of security attacks to come to similar conclusions ? Have developers and users been shortchanged by Microsoft on Security. Certainly. Are those same users and developers about to be taken to the cleaners again – forced to update to XP SP2 and/or Longhorn and/or Internet Explorer 7 plus the new “more secure” set of servers because Microsoft refuses to fix its current set of servers and operating systems. Very likely – because we have met the enemy and they is gullible us.