What are ActiveX and ActiveX Control?

ActiveX is a series of OOP (Object Oriented Programming) technologies developed by Microsoft. It enables software applications to share functions and information. An ActiveX object is a stand-alone program that only works on Windows operating systems.

ActiveX is designed to ensure that different applications use the same functions. The best example of this is the ActiveX spell checking object. Instead of writing two separate spell-checking programs, a single spell-checking object was created to ensure that functionality is shared between different Microsoft applications such as Word and PowerPoint.

ActiveX technology was developed in the form of Object Linking and Embedding (OLE). With OLE, simple functions such as cut and paste could be shared by different applications. Later the idea of ​​the Compound Object Module (COM) developed from this. Independent modules and applets such as the spell checker are COMs or ActiveX objects that can be accessed from a Windows® application.

An Active-X-Control is a small Windows program that can only be executed with the help of a web browser. If you come to a page on the Internet equipped with an Active-X-Control, not only are text and colorful images displayed, but a program is also loaded onto your computer and executed. In the worst case, you will not even notice that an Active-X-Control is integrated into a web page and is automatically executed while you look at the page and believe that you are in a false sense of security.

An Active-X-Control is nothing more than a normal Windows program. It can do everything that any other Windows program can do: send data from your hard drive over the network, install viruses – or just format the hard drive. Active-X programs are therefore a risk factor and should only be used under certain conditions.

The Chaos Computer Club demonstrated the risks of Active X to the public: The hackers programmed an Active-X control that subordinated the financial software Quicken with a transfer order. The order was saved in such a way that it would be carried out automatically with the next T-Online Connect.

Active-X programs currently only run with Microsoft Internet Explorer Version 3 or higher. In order for Active-X controls to work with other browsers, a special Active-X plug-in must be installed.

Sometimes a ‘Certificate’ is displayed when installing Active-X components. Anyone who writes Active-X programs can acquire the certificate, which is displayed after loading the website. This certificate is intended to guarantee that the Active-X-Control is in its original state. This is guaranteed by an encrypted checksum, which is deposited with the issuer of the certificate and compared with that of the program.

A valid certificate does not mean that you can blindly trust an Active-X-Control. The only certifier to date, Verisign Commercial Software Publishers CA, does not check what an Active-X control is doing on a computer, but only whether the program has been changed after the certification. Since the Active-X-Control is easily certified, there is also a possibility that dangerous or harmful ActiveX-Controls receive a certificate.

If a certificate is displayed on a website, it depends on where you are: If it is a reputable company, you can install a certified Active-X-Control without any risk. If, on the other hand, you are on a private or semi-private site, you should be careful with certified components. Programming errors can of course also be found in controls of large companies.