On the web, a lot less of it would happen if web designers and web hosts would simply say "NO!" to the bulk of the needless active code and glitz that everyone can't live without these days.
True, but pointless. I say "pointless" because most of the world, well, most of the U.S., anyway, is run, these days, not by experts in their fields or people for whom the thing is truly their avocation, but by people for whom it's merely "a job." More often than not, the decision-makers are PHBs that specialize (or, at least, believe they do) in marketing, accounting or law. So, assuming you even have somebody in charge of the technical details that knows "active" content is just a disaster waiting to happen (an increasing rarity, I would add), and cares enough to try to prevent its use, they'll almost certainly be overruled by people that really shouldn't be making such decisions.
(Not suggesting this is necessarily what happened here. Just commenting on the sorry state of the 'net, in general.)
Take the most recent email worm scare, for example. It would seem it's making pretty good progress. Or was for a while. Thing is: This is an old tech. worm. We've seen it before. Somebody just took an old idea, thought "I bet people have forgotten," and launched it. They were right. So how does this jibe with what I wrote above? This is how: The reason this "new" worm worked is because email admins allow just about anything thru their email gateways (and some don't even have proper email gateways in the first place), relying upon things to protect them that can only stop what they know about. It's a model guaranteed
to fail. It fails every single time
. And so it did again. Instead, what admins should be doing, and would be doing if they were competent and not being overridden by PHBs, is blocking things like SCRs and URLs to SCRs right at the email gateways. This latest worm would've never gotten off the ground (again) had that been the case.