In the Internet Explorer 8 developers’ blog I found very interesting post IE8 Security Part II: ActiveX Improvements.
This post gives the outlook on security approaches and improvements in new Internet Explorer. The most important thing I found was Non-Admin ActiveX. This technology allows installing ActiveX controls not having administrator privileges. The only limitation is that you need to run IE8 under Windows Vista.
I was really interested in this feature and decided to dig into it. I found the documentation on Non-Admin ActiveX feature and created ImageUploader5.cab in accordance with their suggestions. After that I took clear Windows Vista SP1 virtual machine, downloaded the latest IE8 Beta2, and installed it. Then I created small sample page and installed updated cab file on this page. After that I created new user without administrative privileges in Vista and logged in under this user. I launched IE8 and opened my sample page from our internal test serverâ€¦ and it worked. IE8 asked me whether I trusted Image Uploader and then allowed to install Image Uploader. It worked like a charm.
So now Microsoft users have the ability to install ActiveX controls without administrative permissions and Microsoft treats this as safe. Upcoming Image Uploader 6 will be compatible with Non-Admin ActiveX IE8 feature.