RELATED: Why Do So Many Geeks Hate Internet Explorer? ActiveX Was Designed for the Old Web With Microsoft initially relying on the honor system, it’s easy to see how ActiveX became a popular way to deliver malware and spyware to Internet Explorer users. Developers who created malicious ActiveX controls could be tracked down more easily-if they chose to sign their controls.
Software developers could choose to stamp their ActiveX controls with a digital signature, but it wasn’t mandatory. The article goes on to explain that Microsoft included an “accountability” system named Authenticode.
“As a result, users may want to download code that has full access to their computers’ resources.” “While the Java sandbox enforces a high degree of security, it does not let users download and run exciting multimedia games or other full-featured programs on their computers,” a statement on Microsoft’s security site reads. Java in the web browser ultimately had a long history of security flaws-but at least Java was trying to limit what applications could do.Ī CNET article from 1997 captures Microsoft’s attitude at the time: However, Java attempted to limit what these programs could do through the use of a sandbox. At the time, Java was also used to run programs on web pages inside web browsers. This was in stark contrast to Sun’s Java technology. It’s easy to see how this was ideal for malware. If you agreed, ActiveX control would be able to do anything it wanted with all the files and programs on your computer. In other words, you might visit a web page in Internet Explorer and see a prompt stating that the web page wanted to run a game or other program. When you launched an ActiveX control, it had full access to everything on your computer.
Originally, ActiveX controls were like any other program on your computer. The ’90s were a different time, which also brought us dangerous macros in Office documents. RELATED: What ActiveX Controls Are and Why They're Dangerous Security Was a Problem from the Start
Popular Internet Explorer plug-ins like Adobe Flash, Adobe Shockwave, RealPlayer, Apple QuickTime, and Windows Media Player were implemented using ActiveX controls. Starting with Internet Explorer 3.0 in 1996, Microsoft let web developers embed ActiveX controls in their web pages.īack then, when you visited a web page, Internet Explorer would prompt you to download and run any ActiveX controls that the web page specified. However, here, we’re focusing on ActiveX for the web. Microsoft used them for a variety of purposes-for example, you could embed ActiveX controls in Microsoft Office documents. ActiveX controls are a type of program that can be embedded in other applications.