I still remember when Microsoft first introduced ActiveX in 1996. The technology was supposed to greatly simplify web applications. I even wrote ActiveX from the Ground Up to provide simplified technical information on using ActiveX (the book helped a lot of people, but some developers were looking for something a bit more technical). The idea was to extend Microsoft’s Object Linking and Embedding (OLE) technology to the Internet to make it possible to reuse code and to allow applications to share data.
The problems with ActiveX are many. The simplest of these problems is that ActiveX only works with Internet Explorer and only on Windows and Macintosh systems. The limitation means that ActiveX really doesn’t have a place with modern application development where everything has to run everywhere. However, even with this limitation, ActiveX is a security nightmare because it’s literally an invitation for anyone with any sort of code writing savvy at all to invade your system. Because these controls have complete access to your system (they don’t run in a sandbox), a hacker exploiting them can literally do anything and get by with it. Even Microsoft spent a good deal of time telling you how to protect yourself from the security issues that come with ActiveX control use. In short, using ActiveX controls are a truly horrid idea.
That’s why I’m pleased to mention that ActiveX will soon be dead—at least, from the perspective of new browser development. The new Edge browser won’t include any form of ActiveX support. Unfortunately, Internet Explorer (IE) will continue to hang around for quite a while, which means that a lot of old browsers out there will continue to represent a potential and potent security risk. On the desktop, IE11 has about 27.22 percent of the market share, IE8 13.58 percent, IE9 6.76 percent, and IE10 5.55 percent, for a total of 53.11 percent of the market. There is a high chance that someone out there has ActiveX running and that ActiveX control is causing everyone else woe.
Unfortunately, Edge won’t be available for Windows 7 and older versions of Windows, so you know that those older versions of Internet Explorer will hang around forever. Given the security risk that ActiveX represents, you’d think Microsoft would want to save itself some trouble and make Edge available for everyone. Consequently, even though ActiveX is eventually going to go away, don’t look for it to die immediately. Let me know your thoughts on Edge, ActiveX, and the potential problems with older versions of IE at John@JohnMuellerBooks.com.