ActiveX sounds like a complex term, but it’s not. It is a way to make programs interactive using a set of controls and rules. You might consider them small browser apps that assist with videos and games.
The controls are seen mainly in Internet Explorer, including IE 11 or browser extensions that emulate IE. However, their latest browser, Microsoft Edge doesn’t use these controls.
Like many technologies, ActiveX has mixed reviews. While some developers applaud the interactivity it offers users, security experts worry about rogue programmers. As consumers, we often are caught in the crossfire. Microsoft is breaking away from the technology.
Using ActiveX, developers can have programs share resources and communicate with each other. For example, our first website used to rely on a Macromedia ActiveX control (flash.ocx) to play the Flash tutorials. This control would’ve been installed in your browser the first time you attempted to play one of those tutorials.
Other websites use ActiveX to add animation, tickers, surveys, or multimedia. If your browser accepts a signed ActiveX control, you likely don’t realize ActiveX is involved. But, if you were to disable ActiveX, you might notice some web pages looked dramatically different. You would also see an error message such as the one below.
Although ActiveX controls can make web pages dynamic, there are security concerns. Unlike Java applets, ActiveX components have access to the Windows operating system. Someone could write an ActiveX control to delete data or other undesirable activities. This is why the default settings for most browsers are set to disable unsigned ActiveX controls. An unsigned control is one where the programmers haven’t identified themselves with a signing authority.
Your browser should also ask you for permission before downloading. If you’re unfamiliar with the downloaded application, you should not click “Install”.
In some instances, you may know the application. Some companies have internal applications that aren’t signed. Other applications are from small developers who might be getting a signature. Generally speaking, signed applications are safer than unsigned ones.
How to Check Your ActiveX Security Settings
- Open Internet Explorer
- From the top right corner, click the gear icon settings.
- From the menu, select Internet options.
- Click the Security tab.
- In the top boxed area, set your zone to Internet.
- Click the Custom level… button.
- Scroll to the ActiveX controls and plug-ins section.
How to See What ActiveX Plugins are Installed
- Open Internet Explorer.
- From the top right, click the gear icon.
- From the menu, select Manage Add-ons.
This panel will show your add-ons, including any ActiveX. You can find more details about an add-on by clicking its name and looking at the light blue details pane. That pane provides helpful info such as:
- Name
- Publisher
- Version
- File Date
- Type
This panel also allows you to disable the plugin.
The bottom line is that ActiveX controls can make web pages more dynamic and enjoyable. But, like all tools, there is the opportunity for misuse. To reduce problems, make sure to read your security warnings.