"Only true if you disable Active-X. IE uses Active-X for plugins, and that's how it runs all sorts of media. But it's always been extremely insecure and Microsoft knows that but refuses to change it." Actually, your incorrect they don't refuse to change it ... they have closed the hole and solved the problem :) ActiveX is perfectly secure, if you spend ANY time at all thinking before you go clicking buttons. By default, IE will >DECLINE< to load and run ActiveX controls unless you SPECIFICALLY give it permission. Those controls have been digitally signed. So if >YOU< decide to let the folks at Yahoo put code on your machine, that is not an insecurity in IE. Never was. The equivelent in Mozilla is that you need to download plug-ins and allow them to run - same security problem exactly. And the annoyance of the queries? Just turn activeX off entirely... its only ONE setting change to do so, and it is trivial and well documented. So to recap, ActiveX is secure by default, easily disabled and no actual threat - unless the user does something brain dead or doesn't pay any attention to security - and NOTHING will save them if they are like that.