It’s always hard to tell how much of an interview is what the guy actually said, and how much is editing, but the following paragraph from a betaNews interview with Gary Schare, Director of IE Product Management makes the blood boil:
GS: ActiveX is a very powerful platform. While ActiveX itself is unique to Internet Explorer, the technology of extending a browser with native code is not. You have the Netscape plug-in model that runs in Netscape browsers and Firefox browsers, and is the moral equivalent of ActiveX from a code perspective.
And it used to run in IE and therefore be a cross-platform plugin model, before you removed support “for security reasons“. If the two are “moral equivalents”, what were the inherent security problems in the Netscape plugin model that you couldn’t fix?
Or was, in fact, the removal of IE’s ability to run Netscape plugins nothing to do with security and the needs of users, and everything to do with shoring up your monopoly?
In fact, of course, the two are not “morally equivalent” – installing a plugin is just like installing any other piece of software on your computer, whereas installing or using an ActiveX control is far easier than that – hence the problems.
The difference is that we did a lot of work in ActiveX to ensure that users only install the controls they really intend to, eliminating the drive-by download vectors of the past. A lot of that work came in IE6 XP SP2.
That’s enormously misleading, because saying “the difference” implies that Netscape and Firefox still suffer from being “drive-by download vectors”. In fact, drive-by downloads has always been 95% an IE problem and 5% a JVM problem. This is like saying “The difference between me and Bob is that I’ve stopped beating my wife.” It doesn’t say that Bob still beats his wife, but it implies it.