'Lower Rights' IE 7.0 Coming

blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."

Will only work if ActiveX is disabled by default

[Motherfucking+Shit]

From TFA,

The enhancements will build on the Security Zones feature in current versions of IE that allows customers to prevent untrusted Web sites from invoking ActiveX controls.

Sounds to me like ActiveX will still be enabled by default, they're just going to improve on the ability to block it on a per-domain basis instead of a per-zone basis. This isn't enough. IMO, ActiveX is the biggest (non-bug) avenue by which users become infected with all sorts of shit. It needs to be outright disabled out of the box if IE is going to get serious about security.

The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.