An ActiveX Control warning message.

More and more frequently, I am getting a warning message that states:

“An ActiveX control on this page is not safe. Your current security settings prohibit running unsafe controls on this page. As a result, the page may not display as intended.”

I haven’t a clue as to what this is all about and would appreciate enlightenment. I am running Widows2000 and don’t remember ever performing any kind of security setting.


Widows2000 huh? Timor Mortis Conturbat Me Too

It means you have the security settings of your browser set to not accept ActiveX controls. You can set your security settings to accept them. For IE, click Tools, Internet Options. Click the security tab, then the custom level button. Enable all the ActiveX buttons, click OK, then apply. ActiveX is used for some animations. If you have a good antivirus program, there should be no reason to not have ActiveX enabled.

I hope you don’t mean setting “Download unsigned ActiveX controls” and “Initialize and script ActiveX controls not marked as safe” to Enable. If you do that, you’re leaving your system wide open to anyone.

cls is quite right.

An active-x control is in essence a program that you download and run in the browser.

It not only possible, but simple to write an active-x control that is destructive. A virus scanner would not raise an alarm whatsoever.

The purpose of “signing” a control is for the users piece of mind. Signing them doesn’t prevent them from being destructive, but provides a method to find the person who wrote the destructive code. The theory is that a person isn’t gonna deliberately write something harmful if you know where to find him.

[sailor,** if some people get 72 virgins in Paradise, I don’t see why I shouldn’t have 2000 widows right here and now.

cls and scotth, I quoted the message exactly as it appears on my screen. I haven’t yet seen anything about downloading any ActiveX controls.

racer72, thanks for the information. I had no idea where to begin looking for the setting.


Look at ActiveX as a little script that accompanies a webpage. Whenever you load that page, the script is coming along for the ride and wanting to ‘activate’ once that webpage is loaded into your browser. It’s a teeny tiny program. It’s usually trivial, like making an icon or banner spin around, or make a message start flashing or changing, ‘Buy X-10 NOW!’ ‘NOW DAMMIT!’, that kind of thing. To get it to do that, or anything interactive like that from within an already downloaded webpage, it needs to run an ActiveX script- a little program that makes it change or do its thing.

If you’re ActiveX controls are set high, as in ‘I don’t want these scripts ever to work when I visit a website’ (Which is a very good thing, by the way, not having them able to run), then you’ll get the message you saw. In effect, the message is saying, ‘Because of your security settings, the program that makes that little ad over there spin around and change colors isn’t allowed to run. Things aren’t going to look the way we wanted them to look. To get that ad to start spinning around again, allow ActiveX controls in… blah blah blah.’.

It’s been my experience that you’re not missing anything by not having ActiveX scripts enabled. What your missing is a lot of ‘interactive’ nonsense that some websites want to add to their pages. Considering the possible missuse of these scripts by nefarious types, it’s a good thing to keep them disabled.

It’s a very simplistic way to look at it, but it’s pretty close to what’s going on.

This seems like a good place to ask, rather than starting a new thread.

Whenever I’m in a chat room, the bottom of the window saya “WARNING: JAVA APPLET WINDOW” or something to that effect.

What am I being warned about, and what action should I be prepared to take?

Active-X components are compiled code that runs locally on your machine. If your machine doesn’t have the component, it is downloaded and installed. It is not a script.

I have written entire applications that run as active-x components. You can do nearly anything in active-x that can be done within a Visual Basic application.

On the java applet window:

Java applets run in a “security sandbox” that gives the applet no access to local resources. That means, it doesn’t have access to local files, etc. It is also set up so that the only place an applet can connect is the server it was loaded from.

This behaviour can be side stepped with a “signed” applet. I have never seen a signed applet on the internet (though, there are probably some out there). Signed applets are usually used as network applications within an organization.

So, I wouldn’t worry to much about the applet window warning.

LouisB: Could you give an example of a page that causes that message?

Good idea cls.

The page very well may have an unsigned active-x component and that is why it is marked as “unsafe”. If that is the case, I recommend not changing setting to allow it to run.

These links deal more with .exe files but they pretty much explain security settings and signed code. NOTE: the first link may not work. I had to fill out a form to get to the page and I don’t want to delete the cookie and complete the form again. See:
Verisign or a bit more detailed and cumbersome site.

NP: The Black League - Utopia A.D.

cls, the yahoo email login page throws that message at me, especially when I log out of one account and login as a different user. I think it has to do with all the winkenblinken adds on the page.

I was under the impression that any kind of code is essentially a script. How are they different?

<gross oversimplification> ‘scripts’ are interpreted as they are executed, examples include HTML, VBScript, JCL, and REXX. Compiled code is source code that has been passed through a compiler and converted to code the machine can understand without interpretation (or with much much less interpretation). Compiled languages include Visual Basic, COBOL, C and many others.</gross oversimplification> Someone will be along in a bit to go more into the security seting on Active X stuff. I’m ironically, a bit busy compiling code right now.

Thank God you didn’t give me the technical version… you lost me with the oversimplified one.

Put it this way, I thought ActiveX was a lot like Java in what it did and how it did it. Is that right? If so, or even not, really, what are those commands (Java, ActiveX) called? Scripts, code?

Is a code not a script and a script not a code?

I have disabled almost everything for internet sites. The few I trust I have put on the safe list. For the others active-x pops a prompt and I decide if I want to allow it. Most of the time I go and surf elsewhere, not so much because I do’n’t trust the active-x script but because I want content and I do not need to endure a site where some kid displayed his abilities. That crap earns minus points from me very fast.

All scripts could be considered code but not all code would be considered scripts. Here are some things from the MSDN Reference that ships with Visual Studio 6.0 that may go to answer more of the OP.


I think your point about ActiveX being like Jave is mostly correct in that both follow object oriented philosophies. FTR I am not a programmer so I don’t know all of the intricate programming details but I am a Configuration Management Specialist so my job is really more of “how does it all fit together to create an application”.

NP: Tiamat - Wildhoney / Gaia

Surprisingly, that makes sense, Opengrave.