[Techtalk] why is Active X in web pages evil, but not Perl/PHP/Javascript?

Kai MacTane kmactane at GothPunk.com
Thu Jan 20 07:28:03 EST 2005


At 1/19/05 09:58 AM , Walt wrote:
>Am I mistaken, or is one of the greatest evils the
>fact that it's only supported in Internet Explorer...?
>Can/Do any other browsers support ActiveX?

Personally, I'd consider that "an evil", but not the greatest one, not by a 
long shot. I think the greatest evil is that an ActiveX control can pretty 
much do *anything* to the reader's machine, from formatting the hard drive 
to installing spyware to whatever else - combined with the fact that 
ActiveX normally runs without any confirmation dialog, or any other notice 
to the user that anything is happening at all.

Of course, you can set your browser to not run ActiveX, or not run certain 
kinds of ActiveX, or prompt you before doing so. But it didn't used to be 
the default. (WinXP SP2 has changed that.)

And that's another problem with ActiveX: now some machines will blithely 
run any ActiveX they encounter, without even asking the user, while others 
will not even consider it (despite being Widnows machines running IE). And 
you have no way of knowing for sure which is which. (Of course, JavaScript 
and even Java share this problem.)

The fact that MSIE is the only browser that ever can or ever will run 
ActiveX is another part of the evil, yes. But I don't consider that nearly 
as evil as the security problems mentioned above.

(Indeed, many "average, uneducated web users" have only recently been 
exposed to the word "ActiveX", and their primary knowledge of it is "It's 
the stuff that lets web sites install spyware on your machine and change 
your home page. You want to keep it turned off." I expect use of ActiveX 
will decline sharply over the next year or so. The spread of Firefox will 
only hasten it.)

                                                 --Kai MacTane
----------------------------------------------------------------------
"And you can swallow, or you can spit
  You can throw it up, or choke on it
  And you can dream, so dream out loud
  You know that your time is coming 'round
                                                 --U2,
                                                  "Acrobat"



More information about the Techtalk mailing list