ActiveX sounds like a complex term, but it’s not. It is a way to make programs interactive using a set of controls and rules. You might think of them as small browser apps that assist with videos and games.
The controls are seen mostly in Internet Explorer including IE 11 or browser extensions that emulate IE. However, Microsoft Edge which is their latest browser doesn’t use these controls.
Like many technologies, ActiveX has mixed reviews. While some developers applaud the interactivity it offers users, security experts worry about rogue programmers. As consumers, we often are caught in the crossfire.
Using ActiveX, developers can have programs share resources and communicate with each other. For example, our website used to rely on a Macromedia ActiveX control (flash.ocx) to play the Flash tutorials. This control would’ve been installed to your browser the first time you attempted to play one of those tutorials.
We no longer have any Flash videos on the site.
Other websites use ActiveX to add animation, tickers, surveys or other multimedia. Most likely, you don’t realize ActiveX is involved if your browser accepted a signed ActiveX control. But, if you were to disable ActiveX, you might notice some web pages looked dramatically different. You would also see an error message such as the one below.
Although ActiveX controls can make web pages dynamic, there are security concerns. Unlike Java applets, ActiveX components have access to the Windows operating system. Someone could write an ActiveX control to delete data or other undesirable activities. This is why the default settings for most browsers are set to disable unsigned ActiveX controls. An unsigned control is one where the programmers haven’t identified themselves with a signing authority.
Your browser should also ask you for permission before downloading. If you’re not familiar with the application being downloaded, you should not click “Install”.
In some instances, you may know the application. Some companies have internal applications that aren’t signed. Other applications are from small developers who might be getting a signature. Generally speaking, signed applications are safer than unsigned ones.
How to Check Your ActiveX Security Settings
- Open Internet Explorer.
- From the top right corner, click the gear icon.
- From the menu, select Internet options.
- Click the Security tab.
- In the top boxed area, set your zone to Internet.
- Click the Custom level… button.
- Scroll to the ActiveX controls and plug-ins section.
My suggestion would be to follow the current recommended Microsoft settings.
How to See What ActiveX Plugins are Installed
- Open Internet Explorer.
- From the top right, click the gear icon .
- From the menu, select Manage Add-ons.
This panel will show your add-ons including any ActiveX. You can find out more details about an add-on by clicking its name and looking at the light blue details pane. That pane provides useful info such as:
- File Date
This panel also allows you to disable the plugin.
The bottom line is that ActiveX controls can make web pages more dynamic and enjoyable. But, like all tools, there is the opportunity for misuse. To reduce problems, make sure to read your security warnings.
- Before You Connect a New Machine to the Internet
- Browsing Safely: Understanding Active Content and Cookies
- Run ActiveX in Google Chrome with IE Tab
Want More Tips & Tools?
Several times a month, we also publish a free newsletter with relevant stories, tips and special offers.