In a previous article, we looked at the .NET Framework settings of the custom security settings in Internet Explorer 7. In this article I want to review ActiveX controls and plug-ins. Let's begin by reviewing what an ActiveX controls are and why Microsoft would want to provide users with a greater level of control over how Internet Explorer handles them.
Fundamentally, an ActiveX control is a small compiled (not plain-text markup like a web page) application that can be downloaded to your computer from a web page to typically do a very specific task. In the days before Microsoft implemented security zones in both Internet Explorer and Windows, ActiveX controls could be run with full access to the computer including the file system. Virus writers leveraged this situation to exploit the computer by using ActiveX controls to do everything from deleting files to sending unintended emails to everyone in a user's address book. For an example of how this was done, see this 1999 article by CNN.
While major improvements in both Windows and Internet Explorer have greatly mitigated the threat ActiveX controls were used to exploit, the basic operation of the controls remains the same. ActiveX controls still are used widely and do offer a great deal of programming power for developers. Because of this, Microsoft continues to support ActiveX controls and has built security measures into Internet Explorer to help ensure they're used safely and effectively.
It is possible to tweak Internet Explorer's handling of ActiveX controls and it is to that topic that we now turn. Many of the options in the ActiveX controls and plug-ins section are variations on a theme but each is important.
If you have recently upgraded Internet Explorer, be sure you know how to configure security settings properly to fix security problems with Internet Explorer 8.