ActiveX has been around for a while now, and may even be considered an old technology to many developers. Generally ActiveX Objects are written in Visual Basic 6 and are Microsoft’s approach to client side components. Other methods such as AJAX are starting to replace ActiveX Objects. An ActiveX Object is a module that is run on the computer system of the web browser rather than the web server that is hosting the web site. ActiveX was Microsoft’s answer to JAVA applets and this technique is similar to the method of using JAVA applications. The main purpose is to remove the burden from the web server and make the client side responsible for running the ActiveX Object to perform a certain procedure before returning the results back to the web server.

The use of ActiveX Objects in this way was intended to enhance the experience of the client side user on a web site using this technology, but hackers found a way to put malicious code into ActiveX Objects, which has turned the use of ActiveX Objects into a potential security risk. To help address the issues created by these malicious ActiveX components, modern web browsers have incorporated settings so that the web browser can allow ActiveX components, warn the client side user about ActiveX components or block ActiveX components from running. These components will have a digital signature attached to them so that the web browser can verify the author of the code and then present a window with information about this to the end user so that they may decide what to do.

These ActiveX Objects have also allowed the use of Windows Tools such as buttons, text boxes and labels. This means that a developer could place these items into a form in their website to show to the end user without actually knowing any HTML. This means that if you are a Visual Basic 6 programmer for example, but knew absolutely nothing about HTML, you could potentially create an entire website that looked and felt like Windows.

ActiveX Objects have given a web site developer a way to access a person’s computer so that their website performance is related to the hardware that the user has in their computer. However, with the advent of AJAX and CSS, ActiveX components in a website are being used less often by web site developers.

ActiveX was developed by Microsoft as an alternative to Java applets. Therefore an ActiveX Control is very similar to a Java applet. ActiveX Controls do have one advantage over a Java applet however. Unlike a Java applet, an ActiveX Control has full access to the Windows operating system. Because of this, ActiveX Controls have much more power than a Java applet, but there are also increased security risks as a result of this additional access. In an attempt to address the increased security risk of an ActiveX Control, Microsoft created an electronic signature system so that a web browser could identify and validate ActiveX Controls before downloading them. The one downfall to an ActiveX Control is that it can only work in Windows operating systems and therefore is unavailable to Linux and other operating system users.

The biggest downfall to ActiveX is that it relies entirely on the end user to make decisions about whether or not a specific ActiveX Control can be trusted. The internet browser will identify and verify the ActiveX Control using an electronic signature. But once it has done that, the end user is prompted with the information and asked if they would like to allow the ActiveX Control to run.

If the programmer of the ActiveX Control is trusted, there is no inherent danger in an ActiveX Control. However, if the author of the ActiveX Control is not trusted, he or she may have created an ActiveX Control that contains malicious code, making an ActiveX Control very dangerous for your system. The biggest problems usually occur when an Internet Explorer user configures their web browser to accept ActiveX Controls from un-trusted websites. Malicious ActiveX Controls are a very common way for hackers to distribute malicious software, and therefore, an internet user should be very careful about the ActiveX Controls that they accept. To help protect from this, a computer user could use a different web browser that does not use the Trident rendering engine.

An ActiveX Control is just a glorified COM object, so there are many different ways that they can be written. Using Microsoft Foundation Classes is a method that is usually not recommended because the MFC DLLs are too large. Using Active Template Library on the other hand, is the most used method fro writing ActiveX Controls and is also the simplest way. Writing an ActiveX Control using C or C++ is the most difficult way and requires lots of supporting code in order for it to work correctly. For this reason, this method is not used very often. Finally, ActiveX Controls can be written in programming languages that support COM. An example of this would be Visual Basic.