Here's a really good article by Steve Bellovin and others from CERT that attempt to provide "risk management" instead of "risk avoidance". "... this paper serves not only to dispel unwarranted myths about the safety of using ActiveX but also to . . .
Here's a really good article by Steve Bellovin and others from CERT that attempt to provide "risk management" instead of "risk avoidance". "... this paper serves not only to dispel unwarranted myths about the safety of using ActiveX but also to furnish guidance to network administrators and others faced with security issues involving mobile code in general and ActiveX in particular. ActiveX and similar mobile codes provide enhanced usability. The level of enhancement is significant enough for corporate and government users that Internet security policies and procedures should reflect "risk managment" rather than "risk avoidance"."

The link for this article located at CERT is no longer available.