On 4/24/2010 14:29, Adam D. Ruppe wrote: > On Sat, Apr 24, 2010 at 01:53:10PM -0600, Rainer Deyke wrote: >> Congratulations, you just invented ActiveX. I hope you like your >> platform lockdown and your security vulnerabilities. > > ActiveX controls don't run as a limited user account. That's the key here: > the entire browser should be running as a restricted user, and it creates > processes even more restricted than itself.
Running the browser as a restricted user is good (and indeed necessary), but when you're running native code, you're only as secure your OS and CPU allow. Running on a VM provides an additional layer of insulation. I like native code, but only for applications that I choose to install. -- Rainer Deyke - rain...@eldwood.com