How safe is it to use ActiveX controls? That depends. The ActiveX security model relies on the goodwill of the ActiveX control programmer. ActiveX controls are inherently dangerous. The ActiveX security model enables the programmer to have full and free control of your computer. This makes ActiveX controls powerful.

They can read, write, and edit files. This also makes ActiveX controls potentially very dangerous. Because ActiveX controls have unrestrained access to your computer, no limit exists to the damage they can do. There is no logging of the actions ActiveX controls take, so there is no way later to trace which controls, if any, caused system problems you are having.

The Microsoft answer to the cavalier approach ActiveX controls take to security is that all controls will be digitally signed by the distributor, and you, as the site visitor, have the power to accept or refuse controls, based on whether you trust the distributor.

Is this enough? No. What if the programmer, whom you trust, accidentally leaves a security hole on your system and another site you go to knows about this and takes advantage of it? Once you accept an ActiveX control, it gets installed on your system and stays there. Any site you subsequently visit can use this control, even if you never granted it explicit permission to do so.

What does all this mean to you as a Web developer? It means you should be careful about using other ActiveX controls you come across—even if you think they’re perfectly safe—because you may unwittingly contribute to problems on your visitors’ computers.

It also helps you understand why so many people who come to your site choose not to accept your controls. Visitors need to look after the integrity of their own computers.

When can this security model be a good thing? If you are developing for an intranet, you can write ActiveX controls that perform powerful actions on client computers, without having to install that software manually on every computer. Be sure to test your controls carefully, especially if they affect the file system at all.