A great article at ZDNet explaining how Vista + IE7 stopped the latest IE 0day
from exploiting the machine.
"The initial security warnings are hardly perfect. I've seen similar
ActiveX opt-in dialog boxes for other built-in ActiveX components. How
is an unsuspecting user supposed to know which one is safe and which is
dangerous? And the list doesn't work on a per-site basis. If I had
visited a site that legitimately used the VML control last week, before
this exploit hit the news, I would probably have approved it. And once
I had done that, it would have been on the safe list for good. There's
no way to undo that decision, as far I can tell. Once you tell IE7 that
an installed control is OK, any site can try to use it."
Article Link: http://blogs.zdnet.com/Bott/?p=141
