Introduction

ActiveX controls are Microsoft's implementation of the Component Object Model (COM). Microsoft designed ActiveX to replace the older Object Linking and Embedding (OLE) model that was used in earlier versions of the Windows platform. ActiveX is an improvement on OLE in that it adds extensibility to the model and allows for distributed computing (DCOM) and better performance in local applications. ActiveX controls are commonly written in either Visual Basic or C++. They are apparent throughout the Windows platform and add many of the new interactive features of Windows-based applications, especially Web applications. They fit nicely into HTML documents and are therefore portable to many systems. ActiveX controls can be used in applications to perform repetitive tasks or invoke other ActiveX controls that perform special functions. Once an ActiveX control is installed, it runs automatically and does not need to be installed again. In fact, an ActiveX control can be downloaded from a distant location via a URL link and run on your local machine repeatedly without having to be downloaded again. This allows ActiveX controls to be activated from Web pages.

The security issues involving ActiveX controls are very closely related to the inherent properties of ActiveX controls. ActiveX controls do not run in a confined space or "sandbox" as Java applets do, so they pose much more potential danger to applications. In addition, ActiveX controls are capable of all operations a user is capable of, so controls can add or delete data and change the properties of objects.