Don't know if this is the right place for it, but here goes... Can someone explain what 'ActiveX' is, please? Reason I ask is that, on an XP machine I installed XPSP2; I didn't want to do it but felt I had to due to the reported high risk flaws in the M$ OS etc... Anyway, as a result Outlook prohibits 'ActiveX' controls running on some incoming HTML emails from trusted providers - which is great that they patched a potential risk, but what content prompts 'ActiveX' controls? TIA
Active x is a microsoft scripting language. The problem with it is that it can be set to install stuff without your permission. It is the preferred method for many browser hijackers. If you have the preview in pane option checked in outlook, you do not even have to open the email for the script to run, as it will run in the preview pane. I have it set to 'prompt' rather than deny. that way if I trust the site I allow it, if not then tough.
Cheers OWG - I haven't used the preview pane in years and have always done "Right click>properties>details>message source" to check incoming. But what's triggering ActiveX ? - the only thing in the email I can think of is some Flash which has <object> and <embed>tags in it... Could this be the cause?
The activex is just embedded in the code. Looking at the options won't tell you a thing. If it's there, you won't know it till it's too late. It's good to have the activex turned off. It's the best method of protection you use.
ActiveX is actually not a scripting language. ActiveX is a representation of MS COM and is an evolution form MS OLE. A programmer can create ActiveX controls using programming languages like MS Visual Basic, MS Visual C++, etc. Once created, it is distributed in binary form to be included in a host project - i.e. ActiveX cannot be used as a stand-a-lone. If the above doesn't make sense to you, an easy way of understanding ActiveX is to think of it as something akin to a Java applet. The big hoohaa is that ActiveX is actually not really designed for use in the web environment (thin client), Instead, it is more for use in fat client development. Fat clients need to do much more than what thin clients can do - e.g. access to your file system (hard disk). Security is not a NUMBER ONE concern as most applications would have to handle security as a separate module - i.e. you need to pass through the security module first before you can start using the application. This is very much unlike Java which has it's sandbox security model. Many web designers/developers have been putting ActiveX into their web pages (as they do with Java applets). This is because it can add a lot of life and interactivity into your website. However, since ActiveX has very, very much more control over your computer, it is a security hazard - which XP SP2 tries to address. If your email is html-based or has an ActiveX embedded in it, Outlook won't load the ActiveX control unless you allow it too (using your preferences). How is it triggered? Answer: When the HTML or email is opened.
mopacfan: cheers, I keep activeX off now just incase. daboss: aha! good explanation. By process of elimination it appears that the flash content of an html email is the most likely cause/source of activeX controls - it probably is those <embed> and <object> tags - I shall experiment with that later. Main reason for asking is that I compile newsletters for clients and have been slimming down the content so as not to introduce potential risks for the recipients - scripts and iframes have been removed to assure readers and now with SP2 this new issue will need to be dealt with. SP2 also keeps images "off" unless the user instructs Outlook to do otherwise, so that's a thumbs up on those security issues to MS - mainly for those people that just open mail whatever. Thanks all
activex control actually used to see media files in web pages which cannot supported by some browser like firefox or netscape. it's designed to run that media files.