ActiveX

Microsoft's Internet Explorer 3.0 supports a new feature called ActiveX. In short, ActiveX is a term used to refer to a broad range of client/server technologies and components. They are designed to increase the dynamic designs of a website. ActiveX Controls are probably the most popular and the most common form that this technology takes. ActiveX controls are components that can easily inserted into a Web page or other application to reuse packaged functionality someone else has programmed. There will also be a core set of ActiveX Controls that will be included that will allow you to enhance your Web page design with sophisticated formatting features and animation.

Before we start, here is a little glossary of terms so you'll know what the heck we're talking about here...

Object - Things you think about first in designing a program and they are also the units of code that are eventually derived from the process. In between, each object is made into a generic class of object and even more generic classes are defined so that objects can share models and reuse the class definitions in their code. An object is what actually runs in the computer.

Component - A piece of a larger program that is reusable because it's a usually a group of functions.

COM - (Component Object Model) is Microsoft's framework for developing and supporting program component objects.

OLE - (Object Linking and Embedding) is Microsoft's framework for a compound document technology. Briefly, a compound document is something like a display desktop that can contain visual and information objects of all kinds: text, calendars, animations, sound, motion video, 3-D, continually updated news, controls, and so forth. Each desktop object is an independent program entity that can interact with a user and also communicate with other objects on the desktop. Part of Microsoft's ActiveX technologies, OLE takes advantage and is part of a larger, more general concept, the Component Object Model (COM)

OCX - (OLE custom control) a special-purpose program that can be created for use by applications running on Microsoft's Windows systems. OCXs provide such functions as handling scroll bar movement and window resizing. If you have a Windows system, you'll find a number of files in your Windows directory with the OCX file name suffix.

Originally proposed by Microsoft ActiveX is billed as an integration technology rather than an Internet language like Java. ActiveX controls can be thought of in a similar way to Java applets which bring increased functionality to web pages. As re-usable components for web or desktop applications they are optimized for size and speed. Based on Microsoft's Component Object Model (COM), which provides low level object binding enabling objects to intercommunicate, ActiveX was oringally called the OCX which was the sucessor to the Visual Basic Control (VBX). Such controls provide the programmer with re-usable components easily creatable in a variety of languages such as Visual Basic 5.0, Visual C++ (version 4.2 and above), Visual J++, Borland Delphi and more!

OLE (Object Linking and Embedding) objects are also based on COM, however they differ from ActiveX in that they are designed for end-user integration between desktop applications and as such are 50-75% bigger than ActiveX objects. The ActiveX family consists of:

• ActiveX Controls - Objects on a web page
• ActiveX Documents - Enable users to view non-HTML documents, such as MS Word or Excel through a web browser
• Active Scripting - Controls the integrated behaviour of several active X controls or Java applets from the browser
• ActiveX Server - Web server functions i.e. dynamic content - Normandy Suite
• Java Virtual Machine - Microsofts Implementation of the Java VM.

ActiveX controls within the web environment are downloaded automatically from the specified server when the page is opened. This offers an advantage over Netscape plug-ins in that the user does not have to worry about downloading the software. Once installed on the machine ActiveX objects react in a similar fashion to Java applets on future accesses to the web page. If the version of the control has not changed the ActiveX control is automatically invoked from the client machine. However if the control on the users PC is an older version the new version is downloaded. ActiveX controls can also be re-used in other applications or used within the various programming languages to create new controls with added functionality.

 How Compatible is ActiveX?

At the moment, not very! ActiveX is only currently supported on Intel architectures. This means that if you are running Windows you should be alright if its Windows 95 or NT. Windows 3.1 is about to be supported by Microsoft's extension of the Internet Explorer 3.0 web browser. They are also working on an implementation for the Macintosh with Metrowerks and Macromedia as well as Unix. Interestingly there are reports that if you are running Windows NT on a DEC Alpha workstation ActiveX will still not work properly.

Will ActiveX work in any Web Browser?

ActiveX is currently only supported by Internet Explorer (3.0+). Netscape does not support ActiveX directly although there is a third party plugin for ActiveX from NCompass Labs called Scriptactive. Internet Explorer itself is actually two ActiveX controls. The technology is driven by market forces and started out life being proprietary. Microsoft have anounced that they are to hand over control of the ActiveX model to an independent body so that it can become an open standard like Java from Sun.

How Secure is ActiveX?

Security at the moment is only provided in the form of a digital certificate of authenticity. Such certificates are issued by a Certifying Authority like Verisign who are independent companies providing authentication information on individuals and organizations. When the user downloads an ActiveX control a certificate is presented which informs the user of the author of the control and other information. The user then has the option to cancel or continue with the downloading process. If the control does not have a certificate a warning is produced. To avoid conflict between different controls with the same name eg. imagefinder, Microsoft have introduced a 32 bit unique class ID.

There is major concern over the freedom given to ActiveX controls once downloaded. They have access to all of the client computers functionality including network drives etc.. Java is run in an enclosed environment, nicknamed the "sand box". ActiveX on the other hand is not! A program that downloads a control can do anything it wants including shutting down your computer as demonstrated by Fred McLain, CEO of Apropos in Seattle. He created a control which shut down the client computer after ten seconds. It is theoretically quite easy to create a control which does something useful such as creating 3D graphics whilst at the same time scanning all network drives for documents containing key words and passing them back to the remote server. Once the ActiveX control is behind the firewall it is then able to transmit information back to the server that it came from. The only checks that are made are for a digital certificate. The full version of the article by Simon Garfinkel describing this threat is available from wired news including the shut down control demonstration.

So whats the difference between ActiveX and Java?

ActiveX controls are objects much like Java applets. Java itself is a language used to create objects which is cross platform where as ActiveX controls are more restricted in terms of running platforms, but can be created using several different languages. ActiveX controls can be created in Java using Microsoft's Implementation of Java called J++. It is important to remember that Java was developed by Sun Microsystems and is under license to Microsoft. Sun's policy is to allow licensees to make "improvements" to the base-line version of Java such as support for the common dialog (save, open, print etc) in the case of Microsoft's J++. If these prove popular they are added to the next baseline model of Java from Sun. Netscape also make improvements along with a host of other companies. It is possible to create code in Java using a particular development environment which if it includes such improvements in the code will not function properly on other platforms. So in terms of Java, it is often best to stick to the base-line version if cross platform usability is important.

Is ActiveX a good idea?

Certainly the idea of re-useable components for both browser based and desktop applications is a great idea. What is concerning is the large hole in the security management of ActiveX controls. Microsoft are working on cross-platform support and if ActiveX is widely accepted they will then be able to leverage from the massive Visual Basic programming base which will ultimately compete with Java on the desktop.

Until this Tutorial is completely finished, check out these ActiveX links!