Active-X is a technology which allows a number of dynamic and interesting things to happen both on Web pages and Active-X enabled applications like Microsoft Office. Much of this is good and cute. However, there is also a certain risk if a malicious web site operator decides to use it for bad purposes. Problems could range from virus like destructive actions, to trojans as used in the denial of service attacks so recently in the news, to plain old theft of information and invasion of your privacy.
Of particular interest in this area are Active-X scripts run from a web site. These scripts are "signed" (coded electronically) to be "safe", if the issuer thinks they are. Or they may be "unsigned". Hint: No one with malicious intent has ever signed a bad one as evil.
Internet Explorer comes factory default to run signed Active-X scripts. We don't necessarily buy into that theory. We recommend that you go to Tools, Internet Options, Security tab. Click on the Custom Level button. Set your Active-X defaults as shown in the illustrations below. This will allow you to decide if you really trust the script since it will prompt you for signed ones and simply ignore unsigned ones. The reason we don't recommend turning them off all together is that some sites, such as Microsoft's Live Update, require them in order to function.
Return to the Sterling
Consulting™ home page
 |
|
Active-X settings illustration 1 |
 |
|
Active-X settings illustration 2 |
This page last updated on 07/06/04