In this, the second part of the IE8 Security blog series, the ActiveX improvements in IE8 and summarize the existing ActiveX-related security features carried over from earlier browser versions are described.
Per-User (Non-Admin) ActiveX: Running IE8 in Windows Vista, a standard user may install ActiveX controls in their own user profile without requiring administrative privileges. This improvement makes it easier for an organization to realize the full benefit of User Account Control by enabling standard users to install ActiveX controls used in their day-to-day browsing.
If a user happens to install a malicious ActiveX control, the overall system will be unaffected, as the control was installed only under the user’s account. Since installations can be restricted to a user profile, the risk and cost of compromise (and, in turn, the total cost of administering users on a machine) will be lowered significantly.
IE8, Internet Explorer 8, ActiveX, Security