Shedding some light on ActiveX

What is ActiveX?

"IE users can enjoy animation, 3-dimensional rendering, and dynamic scripting; but apart from Microsoft's web applications, this has been used much less frequently, largely because ActiveX has proven itself open to many security holes."

The bottom line on usability:

Don't use it unless you want to cater to just Windows and IE users. That's a large percentage of the people out there, so maybe that's what you want to do. Use with extreme caution.

More on Usability:

Christian Wagner (who, like myself, has his site lisenced with Creative Commons) has the following summary of ActiveX installation in Internet Exploder...er, Explorer.

Without XP SP2 the ActiveX install looks like

old school ActiveX install

With Windows XP Service Pack 2, you see this notification bar at the top of Internet Explorer instead:

ActiceX notification bar

If you click on the notification bar and tell it to download the control, you receive one more prompt:

Wagner chose Cult3D "as an example because it sounds malicious, but is actually benign." Wagner suggests you "be paranoid and be informed" but I think being informed and judicious is a loftier goal. Certainly, if you aren't informed, you should be paranoid.

C|net lists "no ActiveX support" as "The bad" in their review of Mozilla Firefox, but it's worth noting that the c|net review was not a review of Firefox 2.0, but of 1.0. Firefox still does not natively support ActiveX in 2.0.

"It is generally believed that ActiveX is inherently insecure compared to the NPAPI plug-in system, but this is only partially true. ActiveX controls and plug-ins have all the same powers over the computer as each other, so a malicious plug-in can do just as much damage as an ActiveX control. But by the way ActiveX is implemented in Internet Explorer (and its use in many other Microsoft applications), it is easier to get a malicious ActiveX Control onto a user's computer and to get it to run. A detailed explanation can be found here: http://en.wikipedia.org/wiki/NPAPI#Security" - MozillaZine

MozillaZine has a conflict of interest, but they do point out that plugins have the "same" security risks as ActiveX controls. ActiveX also is Windows specific, which gets into usabiliy across operating systems. While Windows continues to dominate the market, Linux, BSD, Solaris and OS X all still exist.

REFERENCES

Websites

Mozilla Firefox reviews. security and utility services reviews by c|net. [Internet]. : Costa D; c2004 [cited 2007 May 1]. Available from http://reviews.cnet.com/Mozilla_Firefox/4505-9241_7-31117280.html?tag=toc

Books

Robbins JN. 2006. Web design in a nutshell, third editition. Sebastopol, CA: O'Reilly Media, Inc. 796 p.
Pages 195-197, 581, 605-608, 616. Index entry on 758.
Epstein BA, Williamson H. Chapter 5.3 - ActiveX Controls and Plugins. In: Dreamweaver in a Nutshell. Sebastopol (CA): O'Reilly Media, Inc..
Available via Safari

 

Scholarly Articles

Berger KR. 2001. Using ActiveX data objects to publish an Excel grade book on the World Wide Web. The Journal of Computing in Small Colleges 16(3):341-52.
Published by the Consortium for Computing Sciences in Colleges for the proceedings of the seventh annual consortium for computing in small colleges central plains conference, this is one of the few scholarly articles on ActiveX. Kevin Berger is a professor in Mathematics, and Computer Science and Physics, Rockhurst University. It is likely that the lack of scholarly articles on ActiveX is due to the proprietary nature of ActiveX and the limited browser/OS varieties on which to test. In fact, a free text search on ActiveX in the SILS Master's Paper Inde produces no returns. Java, JavaScript, XML, Ajax and Flash all return results.
Last updated: 5/1/07. A broken link or out of date information? E-mail the webmaster.