Disable AX, and also disable *scripting* of AX?

[*Vanguard*]

In the security zone settings, you can configure enable/disable/prompt
for "Run ActiveX controls and plug-ins" and another for "Script ActiveX
controls marked safe for scripting". Are both these options needed if I
simply want to be alerted (i.e., prompted) when a site wants to use AX?
I would think I could simply set "Run ActiveX controls and plug-ins" to
Prompt and leave the "script ActiveX controls" to Enabled. Then if the
AX is scripted, it must still run and I'll get prompted, anyway. I
really don't want to answer 2 prompts (allow scripted AX and then also
allow AX to run) when 1 will suffice (allow AX to run).

 

[Ralf Hoffmann]

These two settings adress different security risks. Allowing ActiveX
Controls to run is a much less of a security risk than allowing it to run
AND enable it to communicate with your PC via scripts.
I would strongly suggest you set both of these settings to "prompt". This
way, even if you decide to allow ActiveX for a website you will still be
notified when the ActiveX control is about to be scripted, in which case you
better think twice before allowing this.
Most of the time, ActiveX controls are only used to display flashy banners,
without any scripting, which means that most of the time you will be
prompted only once. And if you answer "no" to the ActiveX prompt, the
scripting prompt should not appear anyway.
But if you answer "Yes" and the scripting prompt does appear you better
answer "No" then.
So if you really, really do not want to be prompted twice, you better leave
the "script ActiveX control" to disabled, not enabled.
If a really website needs this feature and you trust this site, you can
still temporarily change your settings or move it to the trusted zone.
<shameless self advertising>
you might want to take a look at the software in my sig. It's all about
exactly this kind of security issues
</shameless self advertising>

hth,
Ralf