ActiveX is a Microsoft-created technology that enables different software applications to share information and functionality. ActiveX only works with Microsoft applications like Word, Excel, Internet Explorer, and PowerPoint, and will only work on a computer running the Windows operating system. The idea behind ActiveX is that software applications don't need to be built from scratch. Early on at Microsoft, programmers realized that many of the same functions could be shared among different applications. For example, a spell checker is just as useful in a word processing program like Word as in an e-mail application like Outlook Express. Instead of writing two separate versions of code for the same spell-checker, they created a spell-checker object. This object lives on the Windows operating system. When any Windows application needs spell-checking functionality, it calls on the spell-checker object.[1]

ActiveX was launched by Microsoft in 1996. It was created as an expansion of their Component Object Model (COM) and Object Linking and Embedding (OLE) technologies. ActiveX is a model used to define reusable controls or software components that carry out a specific function or set of functions in the Microsoft Windows operating system. ActiveX controls operate independently of the programming language utilized to employ them. A software program can be created from one or more ActiveX controls to provide functionality. ActiveX is often used for increased website functionality.[2]

ActiveX is (was) an outgrowth of two other Microsoft technologies, object linking and embedding and the component object model. ActiveX controls refer to a specific way of implementing those technologies. A limitation of the ActiveX control is that it can only run under Windows. ActiveX controls can also expose a system to viruses and malware because they create an opening that can allow these malicious programs to be installed. While technically still around technology is no longer commonly used in modern web development.[3]

Faced with the complexity of OLE 2.0 and with poor support for COM in MFC, Microsoft simplified the specification and rebranded the technology as ActiveX in 1996. Even after simplification, users still required controls to implement about six core interfaces. In response to this complexity, Microsoft produced wizards, ATL base classes, macros, and C++ language extensions to make it simpler to write controls. Starting with Internet Explorer 3.0 (1996), Microsoft added support to host ActiveX controls within HTML content. If the browser encountered a page specifying an ActiveX control via an OBJECT tag, it would automatically download and install the control with little or no user intervention. This made the web "richer" but provoked objections (since such controls, in practice, ran only on Windows, and separate controls were required for each supported platform: one for Windows 3.1/Windows NT 3.51, one for Windows NT/95, and one for Macintosh F68K/PowerPC.) and security risks (especially given the lack of user intervention). Microsoft subsequently introduced security measures to make browsing including ActiveX safer.

For example:

  • digital signing of installation packages (Cabinet files and executables)
  • controls must explicitly declare themselves safe for scripting
  • increasingly stringent default security settings
  • Internet Explorer maintains a blacklist of bad controls

ActiveX was controversial from the start; while Microsoft claimed programming ease and good performance compared to Java applets in its marketing materials, critics of ActiveX were quick to point out security issues and lack of portability, making it impractical for use outside protected intranets. The ActiveX security model relied almost entirely on identifying trusted component developers using a code-signing technology called Authenticode. Developers had to register with Verisign (US$20 per year for individuals, $400 for corporations) and sign a contract, promising not to develop malware. Identified code would then run inside the web browser with full permissions, meaning that any bug in the code was a potential security issue; this contrasts with the sandboxing already used in Java at the time.

Installing and UnInstalling ActiveX [5]

  • How to install ActiveX?

When any application needs ActiveX control, IE displays a dialog box asking your permission to install, provided the Pop-Up blocker option in IE level is not set to ‘Yes’. Right-click on the dialog box and click on the ‘Install ActiveX Control’ option to install it.

  • How to uninstall ActiveX?

Open Internet Explorer and then go to Tools > Manage Add-ons option. You can see the list of all add-ons, installed in your system. Select the ActiveX control you want to delete and then either click on the Delete option or Disable.

See Also

Object Linking and Embedding (OLE)


Further Reading