ActiveX uses an interesting method for enforcing security ... it
doesn't. Well, that's not exactly true. What happens is when a
web page requests an ActiveX control the browser determines if
that control is already loaded onto your system. If it is the
ActiveX control is executed. If not, the user is asked if it is
okay to install the control. Additional information about where
the control came from and it's security implications is also
The theory behind this security model is the user knows what's
best for his system. In my humble opinion, this is pure hogwash
(a stronger expletive came to mind but this is a family site).
Is your average web surfer really knowledgeable enough to make a
decision like this? Look at it this way, by installing an
ActiveX control you are assuming it is secure, won't damage your
system and is bug-free. You are basically trusting completely
the company which created the control, the developers and the
people distributing the image.
Yes there are security certificates involved, but those are
relatively easy to get. Also remember how many security problems
have been reported involving ActiveX controls.
I don't know about you, but when I get that little box stating a
site wants to install an ActiveX control, my first impulse is to
hit the NO box, quickly followed by the BACK key. This may seem
a bit paranoid, but I use my computer all day long and I depend
upon it for business and pleasure. Why would I want to put it at
any risk for some silly little ActiveX control? The web is a
huge place and there are plenty of other sites to look at.
My advice to anyone is generally don't allow ActiveX controls to
be installed from anywhere except for really big sites like
Microsoft. It's just too difficult to judge how safe or unsafe
the control happens to be.
How is this different from Java? Well, Java has an entirely
different security model which does not make the assumption that
the user has been educated about the specific Java applet. Java
sets specific rules to what an applet can and cannot do, and
generally these rules do an excellent job of preventing damage
to a system (there have been bugs but no where near as many as
On top of the security concerns, ActiveX only works in Internet
Explorer. Yes, I know there is a plug in for Netscape but it's
slow and not very usable. Besides, most Netscape users don't
have it installed. If you are designing a web site, please
consider this very carefully. If you include ActiveX controls
you are losing as many as 50 percent of your visitors. Perhaps
more, depending upon your market. Is any functionality that you
might gain worth that cost?
Of course, if you are creating an Intranet (a web local to a
company) then by all means use all of the ActiveX controls that
you want. In this case, you have far more control over the user
environment that you have on the web.
About the author:
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets.
This website includes over 1,000 free articles to improve your
internet profits, enjoyment and knowledge. Web Site Address:
http://www.internet-tips.net Weekly newsletter:
http://www.internet-tips.net/joinlist.htm Daily Tips: