The Microsoft response seems really wrong to me. The message coming out of
the CCC control incident is: "ActiveX controls can be really bad." Microsoft is
saying, "yes, they're bad, but no worse than anything else." That just
reinforces the "ActiveX is bad" message.
Plus, somehow the Java security holes seem like they're in a completely
different league from the potential ActiveX security holes. My view on
this is that ActiveX will just not be trusted by the general public, and
hence will not be used in any serious way for Internet content. They may
have a lot of utility in intranet applications, though. I see Java applets
being the most widely used form of Internet executable content, while
ActiveX, which can do more for you (the flip side to the security problem),
will become the most widely used Intranet content. I certainly don't see
Java and ActiveX as competing technologies any more.