From: "Geo" 

"Mike N."  wrote in message
news:ubsnj2t90nffkq3jirupjjrfdmqeds7odd{at}4ax.com...

> Take web sites that need to do anything more than serve up static pages
> such as webmail, etc.  Turn off activeX and Scripting and POOF, 90% of
> those web sites' usability vanishes.

And that is the heart of the problem isn't it? You can't be secure if you
allow untrusted code to run on your machine and the websites are designed
not to work if you don't allow untrusted code to run on your machine.

Proof that Microsoft, was stupid and security was an afterthought or
perhaps just naive designers?

There is no magic fix for this, it's a design flaw and the fix is going to
be painful and require a change in the thinking of how the web works.
Client side processing is insecure, it has to stop. You can make up all the
rules you like for how it should work but what hackers do is break the
rules so that's a futile effort. The fix is to not run untrusted code.

Oh, and 90% of the sites that use ActiveX, use it for the advertising, not
for anything the viewer needs. Trust me on this, I run with it turned off
and all that breakes are the dancing ads for most sites. There are very few
sites (as an overall percentage) that actually need it for functionality. I
have under a dozen websites in my trusted zone and several of them only
because breaking the ads breaks the site.

Geo. (I turned of autorefresh and redirects as well, who thinks up these
stupid features?)

--- BBBS/NT v4.01 Flag-5