I'm wondering how secure Opus is in terms of being able to disable JScript/VBS and or ActiveX to prevent potential security vulnerabilities. The Viewer Plugin can be disabled, but the UI and the rest is written around ActiveX right?
There's no use of ActiveX at all in that sense. Nothing in Opus other than the viewer (optionally) uses ActiveX.
ActiveX is just a standard for hosting another program's window inside your own. The problem with it was never the part of it that we use. The problem with it was that early web browsers and email clients would download an ActiveX DLL (or a script) off a random website and run the code in it on the local machine (and not in the sandboxed way modern browsers run things). That was obviously incredibly bad, and gave ActiveX a bad name, even though ActiveX wasn't the problem. Programs intentionally downloading and running code and scripts with full access to the machine, when they came from any random website, was the problem, rather than the API those DLLs or scripts were written for. The ActiveX API just defines a way to create a component, tell it to load a file, and then display itself in another program's window.
Opus doesn't download any ActiveX components. It uses the ones already installed on your machine by other software that you've trusted to install and that can already run whatever code it wants without any other program needing to be involved. Typically things written to view files within Internet Explorer. That said, those viewers are becoming fairly irrelevant now that IE itself is gone. It can be turned off entirely without losing much, outside of niche cases.
(Turn it off inside the plugin, rather than turn off the whole plugin. That plugin also handles various other viewer APIs, which are much more important, such as the one File Explorer currently uses for its viewer pane. Which is actually very similar to ActiveX, or at least the part of ActiveX we use.)
In terms of JScript/VBS, Opus only runs the scripts you install (or type out yourself). If you don't install any scripts, it won't be running any script code.
5 Likes
Thank you for the in-depth clarification 
2 Likes