For the most part, you really do not have to worry about ActiveX controls unless they are unsigned and scripted. They are only available on a PC version of MSIE, and are rarely found on websites anymore, except where something needs to interact with your operating system. As you pointed out, web based AV scanners are the most common places that use these, because they must have direct access to your OS.
If you have not altered your browser's security settings then you will not be able to run unsigned or scripted ActiveX controls anyway. Signed controls are verified by companies such as Verisign, that the company providing the product is in good standing and are exactly who they say they are. These signed controls are allowed to run, sometimes requiring a confirmation from you.
The ActiveX controls have always been there ... the reason you are seeing the pop up now is due to a legal requirement by MS whenever MSIE loads an object that is programmed into a webpage and the site does not adhere to a very strict coding requirement. If the page is coded properly, you will never see the pop-up and the ActiveX will simply install if it is signed and trusted.
Anyway, back to your follow up question about removing them.
First of all, if you remove them, you will have to reinstall them again to run the AV scanner you mentioned. In the case of a few McAfee products, it has to remain installed all the time or the AV won't work. Therefore, so long as the prompt came from a reputable website and company, I would actually leave them there.
Now, if you actually want to remove them, since they are just software, like anything else on your computer (they are not spyware, malware or virii) you will have to remove them manually. Ad-aware, AV scanners, etc will not take them out unless they seem to be a threat.
To remove objects from your browser (objects include ActiveX, java classes, cab files, etc) you should make sure your browser & messenger is closed and then open your control panel and choose "Internet Options". This could be done through the browser as well, but if you open the browser there is a chance that the control will get loaded and be unable to be removed while being used.
In the center "Temporary Internet Files" area, choose the "Settings" button. Next, choose the "View Objects" button. You will now be able to see any objects that have been downloaded for use on your browser. You may be surprised at how many are actually there, since this pop-up only started lately (last autoupdate) and ActiveX has been used since Windows 3.11.
Choose the objects you want to delete and delete them, simple as that.
Again, keep in mind that some are required objects, so you may want to be careful what you remove, otherwise you will have to install them again. Some places that have required ActiveX controls include any online AV scanners, Microsoft Update website has a number of ActiveX controls (but you do not get prompted because the site is coded properly), most Passport websites, Microsoft software sites use a validation control, etc etc.
I wish you luck in your endeavor, but if they are not from unknown websites, I would leave them be since they are used as part of the required software you use.
Submitted by: Glen P. of Winnipeg, MB, Canada
ActiveX is a scripting language/library package for Internet Explorer. It's like Java in so far as you can write applications that can do various things - like as you've mentioned - scan for viruses - and of course, run Windows Update.
As for which ones are OK and which aren't, that depends largely on the TYPE of ActiveX control. They fall into two main categories.
First off, there are those you download that generally become "inert" once the application (such as the online virus scan) is complete and/or the window it's running in gets closed. They generally don't run in the background and are doing nothing more than "collecting dust" on your hard drive.
In the other category, there are occasions when you visit a web page and it wants to install something such as a toolbar that gets loaded every time you launch IE. MANY of these so called "toolbars" offer little in the way of value and come with a side order of spyware and/or adware. If you happen to notice a bunch of pop-ups after you've installed something - chances are excellent you've got infested.
The 2nd category tends to be more pernicious - requiring a bit more effort to remove as I'm sure you're probably familiar with. The first category, however, should be VERY easy to remove. First off, right-click on My Computer and select Explore. Next, right-click on your C: drive and select Properties, you should see a window pop up with a graphic of your hard drive's usage. Below and off to the right of the graphic, you should see a button marked Disk Cleanup. (Note: You can also access this by clicking on Start | All Programs | Accessories | System Tools and select the Disk Cleanup option there.)
On the disk cleanup menu, there's a list of items that you can remove - temp files, temp Internet files, recycle bin junk, and most importantly for our purposes now - "downloaded program files" or "web client/publisher temporary files". Those ActiveX files will wind up in either the Downloaded Program Files or Web Client categories. Make sure those two options are selected and click OK to proceed. That should get rid of those dormant files.
On the down side... Let's say you use Norton (or Trend Micro's or Panda's) online AV scanner on a regular basis. Having to download the components each and every time you want to scan your computer can be a hassle. More often than not, many of those files are used over again to save time and hassle downloading the thing over again. The only things that get updated are the definition files for the virus scanner.
As for which ones to allow and which ones to stop before they get a foothold on your computer... I would say that largely depends on the site itself. Antivirus scanners, Windows Update and such fall into the good to go category. Toolbars generally fall into the "not on your life" or "when hell freezes over" category.
And I would recommend running your usual spyware suite (Ad Aware, Spybot, etc...) after you do install something just in case there are any "surprises".
Submitted by: Pete Z.
Ok, lets start out by identifying what an activex control actually is. An activex control is a small piece of software that, when run, allows for more content distribution, and more control over your machine than what a simple web document can deliver. Activex controls were introduced in Internet Explorer my Microsoft in the late 1990's to allow web developers to enhance their abilities to deliver content and run small code on a client machine. This is, of course, a double-edged sword of sorts. While activex allows for enhanced content, it also leaves your system open to security issues. Activex controls can write to your hard disk, access your registry, delete files, download files to your computer, and so on, as opposed to Java that sits in a protected space in memory and isn't allowed to interact with other programs.
There is a layer of security added to activex. That layer is the certificate layer. Certificates are like broken promises. Anyone with a credit card number can get their activex control signed by Verisign. The important thing to know about activex is that unless you absolutely trust the distributor of the control, you should not download any activex content. A corporate virus protection site, such as Symantec, delivers safe, secure activex controls, and I wouldn't be too concerned with these, but there are more activex controls circulating the web that aren't safe, and you should always use caution when downloading them.
You can verify your security settings by clicking on Tools -> Internet Options. Click the 'Security' tab and click 'Custom Level.' From there you can turn off all activex content, or have Internet Explorer prompt you whenever activex content is ready for download. If you would like to delete activex controls that you have already installed, navigate to your 'C:\windows\downloaded program files\' folder in explorer.
Right-click those activex controls you would like to remove, and then click remove. I hope I've answered your question.
Submitted by: Joseph M.
I actually have the same problem. When ever I open a flash page, it always happens. "ActiveX" is a name probably dreamed up by the marketing people at Microsoft. It has as much intrinsic meaning as "cougar" does for a make of automobile. It refers to a somewhat loosely defined group of methods developed by Microsoft for sharing information and functionality among programs. One of these technologies is called "ActiveX controls." These are objects that are like small programs or "applets" and a number of Microsoft programs like Office and Internet Explorer (IE) are designed to be able to interact with them. An example is a spell checker. Since Word comes with a spell checker, other Microsoft programs such as Outlook Express can make use of it. In fact, any program with the appropriate interface can use this spell checker.
This built-in interactivity between various components and programs leads to greatly increased versatility and flexibility. Furthermore, programmers can easily create new ActiveX controls with Visual Basic , C++, and other programming languages. One place where ActiveX controls are very common is in Internet Explorer. An ActiveX control can be automatically downloaded and executed by Internet Explorer. Once downloaded, an ActiveX control in effect becomes part of the operating system. For example, IE cannot read PDF files by itself but can do so with an ActiveX control from Adobe. Similarly, IE needs a control to display Flash. Microsoft delivered a long-awaited update for Internet Explorer 6 that changes the way the browser loads embedded ActiveX controls. the problem is that it had a problem in it and now you will get the active X problem. to overcome this you have to update IE 6 to a previous edition while Microsoft fixes the problem, hope this helps.
Submitted by: Joshua W.
ActiveX controls are basically Windows programs that are designed to be downloaded through a browser (specifically, Internet Explorer, though the Mozilla variants can use ActiveX controls with a special plug-in, but that's another story.) As they are Windows programs, they can do anything Windows program can do. So the potential danger is there.
However, Microsoft DOES want you to feel safe, so ActiveX controls are now "digitally signed". Basically, the browser will contact a central server, which will vouch for the ActiveX controls' authenticity. So if your browser tells you that the controls are signed, from so-and-so company, and you recognize the name (in fact, it's supposed to provide a link to the company website and all that), it's likely safe to download. Conversely, do not download any unsigned controls, or accept any controls that do NOT pass the authenticity test. As always, safe computing involves trust, and you should only trust a source worthy of trust.
To manage ActiveX controls in use by Internet Explorer, go to control panel, Internet Options, and click on Programs tab, then look for "manage plug-ins" button at the bottom of the dialog box. That should give you a list of all plug-ins and ActiveX controls that currently reside on your PC. You may also see "Browser Help Object" and "Browser Extension" in the list. Select the control and you can then select "Disable" to deactivate it.
This is based on IE6 with latest updates. I'm not sure if they moved the stuff in IE7 beta, but it should be at a similar place.
Hope that helps.
Submitted by: Kasey C. of San Francisco, California