ActiveX Alert with the QuickTime Plugin
Microsoft recently released a patch that changes the way Internet Explorer handles ActiveX plugins. This was to dodge patent infringement allegations from Eolas. Even more recently Microsoft released another patch to undo this, but with a promise that it will be permanent in future revisions and most certainly in IE 7, whenever that's released.
The most important part about this change is that it effects a vast majority of Internet users, and in a rather annoying way. If the patch is applied IE will show a prompt every time it encounters a ActiveX plugin. This means, every Flash file, every QuickTime movie, anything that uses ActiveX controls, will see this alert or at the least require two clicks to activate its interface.
I think it has gone largely unnoticed for several reasons:
1. Many people don't actually run Windows Update, of if they happen to they only grab the urgent updates and ignore the rest.
2. Some sites may have already implemented workarounds.
3. Developers forget to test in IE.
4. IE/Windows alerts are so frequent that people can't help but dismiss them without reading.
After a bit of searching I came across a helpful Apple page on how to embed QuickTime into a page without causing these alerts, and as an added bonus the code lets the page validate as XHTML without any ugly hacks.
So much for the
The most important part about this change is that it effects a vast majority of Internet users, and in a rather annoying way. If the patch is applied IE will show a prompt every time it encounters a ActiveX plugin. This means, every Flash file, every QuickTime movie, anything that uses ActiveX controls, will see this alert or at the least require two clicks to activate its interface.
I think it has gone largely unnoticed for several reasons:
1. Many people don't actually run Windows Update, of if they happen to they only grab the urgent updates and ignore the rest.
2. Some sites may have already implemented workarounds.
3. Developers forget to test in IE.
4. IE/Windows alerts are so frequent that people can't help but dismiss them without reading.
After a bit of searching I came across a helpful Apple page on how to embed QuickTime into a page without causing these alerts, and as an added bonus the code lets the page validate as XHTML without any ugly hacks.
So much for the
object tag being the solution to all problems.
posted by Scott at
12:12 PM
2 Comments:
Boo. ActiveX Controls in MSIE pose some of the biggest security concerns that IE has, because ActiveX can run code on your system. Think about it: Windows Update is run through ActiveX. Imagine another site having similar controls set up, except with illegitimate software. This is one of the ways spyware/malware gets installed onto systems. Alerting users when activeX is about to be used is not a bad thing, it's a step. Unfortunately it's a babystep: Firefox does a better job by simply limiting the authority and access that foreign code has. I'm sure other browsers do this too.
At current there isn't any way to run Flash or Quicktime in PC IE without using ActiveX. I agree that ActiveX can be used to deliver Spyware, but Microsoft doesn't provide any other plugin method for IE. It's really up to the user to not install an ActiveX plugin the first time. Also its important to make the distinction that this change isn't for the purposes of improving security, it was done in direct response to the patent suit by Eolas.
The message may sway some people to run Firefox, but in the end the uniformed user will just get angry at the site itself having no idea that QuickTime, Flash or whatever else uses ActiveX.
Post a Comment
Links to this post:
Create a Link
<< Home