Will Microsoft Change How ActiveX Runs in IE 8?

A security expert calls for ActiveX to be disabled from running by default, but an analyst says that won't work as PC users rely on too many such controls.

LAS VEGAS -Conspicuously absent from Microsoft's annual MIX conference here was any discussion by the software giant about whether it plans to change the way ActiveX will run in Internet Explorer 8.

Microsoft announced the first beta for IE8, the latest version of its Web browser, at the conference on March 5. The beta for IE 8 can be downloaded here.

Some security experts, like Will Dormann, a vulnerability analyst at the Carnegie Mellon Software Engineering Institute CERT/CC, are calling for ActiveX to be disabled from running by default in IE 8.

Dormann is telling IE users that they should, from a security perspective, disable ActiveX controls from running by default. "It would be nice if this is something Microsoft did with the next version of the browser," he said.

But Chris Swenson, the director of software industry analysis at the NPD Group disagrees with such a drastic approach. There are far too many Active X controls in circulation, including Flash, and many PC users rely on them, Swenson said.

"Disabling ActiveX would in many ways break the Web, especially in the areas of rich media and rich Internet application consumption. This was the fear a few years back when Microsoft was sued and the plaintiff argued that ActiveX violated their patent," Swenson told eWEEK.

"Microsoft, Macromedia and others really thought the suit might break the Web as we knew it but, thankfully, it didn't get to that point," he said.

With regard to the absence of information about whether IE 8 will include anti-malware blockers, anti-virus integration or changes to dangerous ActiveX-related defaults, Swenson said that Dean Hachamovitch, the general manager for Internet Explorer, had told him that they really wanted to focus here at MIX on the improvements to IE 8 that developers have been clamoring for.

Microsoft is trying to convey to Web developers and Web designers that it understands their pain points, especially the necessity to tweak pages to take into consideration the peculiarities of different Web browsers, Swenson said. That is why Microsoft has focused on building new features to help alleviate those issues, he said.

"By supporting CSS 2.1, HTML 5 and other Web standards in IE 8, Web designers and Web developers can spend less time tweaking their code to look good in different browsers, and more time creating great Web experiences," said Swenson.

"The integrated developer tools will, no doubt, help Web designers and developers quickly identify what might be wrong with their existing code, and help them make changes quickly and efficiently," he said.