Not that common. A bigger plague (though somewhat later if my memory seves me right) was toolbars that was sneaked into every other application.
The power consumption alone of JavaScript easily shadows that. Pretty much no desktop computer in the world can go in lower sleep states because of javascript "idling" in the background. And a decent percentage of CPU cores are constantly pegged at 100%. Imagine the number of batteries that has prematurely died because of the stress of javascript - when all the user wanted was to read static text.
Enabling ActiveX for your bank site is hardly the same. The real issue was running it on another OS than windows. Happily trade it for what we have today though.
Tons of business apps were written in ways that required activeX. It was one of the main reasons so many companies held on to ancient versions of IE.
Sure you could disable activeX but in practice it would have been rare.
People bitch that sites don’t support people who disable JavaScript but it really isn’t worth catering to that type of person. I’ve been in multiple shops where we had the debate about how to handle non-JavaScript clients and every single time all the developers agreed it wasn’t worth the hassle.
This includes companies who had blind developers using screen readers and companies that had major legal liability if the site wasn’t accessible. The “screen readers don’t support JavaScript” argument has been dead for years now. The only people without JavaScript are those who intentionally disable it.
It’s just not worth building what is almost a second website for incredibly tiny amount of non-JavaScript viewers out there.
ActiveX was never as big an issue as weird CSS rendering and JScript weirdness. Even VBScript was a minimal issue.
In some ways, it's for the best that Microsoft basically stopped development in the days of IE6, as it didn't lead to the exponential feature bloat that has been the case the last few years.
It was incredibly common to see Windows installs utterly compromised by ActiveX controls doing god-knows-what, to both the infected computer and every other computer on the corporate network.
The damage to individuals and the economy in terms of lost productivity and compromised personal information directly attributable to ActiveX's "compromise my system by design" nature is incalculable.
To compare that to Javascript is rather spectacular.
If you want to argue that Javascript has been able to wreak more damage over time precisely because it's not as objectively insane and immediately destructive as ActiveX, well fine. It could be said that Javascript is Covid-19 to ActiveX's ebolavirus. Ebola is so wantonly destructive that it kills many of its victims before they have a chance to infect others, whereas Covid's less-awful nature has actually allowed it to harm more people over time and is now probably here to stay, like influenza.
Flash was an abonimation, yet you could disable it with barely any consequences. Same with ActiveX.
This was very nearly not the case.
IE/Win had close to 100% market share at one point. We were a hair's breadth away from a future where you could, in fact, not disable ActiveX without shutting yourself off from much of the web, like Javascript today.
South Korea was actually there for a time. If you wanted to spend money online, various regulations meant running ActiveX was a requirement.
I think you're looking at the past with rose-colored glasses.
ActiveX allowed the execution of unsandboxed x86 code from controls embedded in webpages and was enabled by default in Internet Explorer, the dominant browser of the time.
Javascript caught on because it's at least interpreted and sandboxed, a huge step up from what ActiveX was.
There are many negative things that could correctly be said about Javascript.
But this? This comment is absolutely special.
ActiveX controls were native code, with full system access by design. Possibly even worse, it was an absolutely blatant attempt by Microsoft to monopolize the web and maintain Windows' and Internet Explorer's dominance, as the controls were of course (in practice) intimately tied to IE on Windows on x86.
If you turn off JS and all the other features (ActiveX, etc.) that should've never been allowed on anything other than sites you fully trust, probably a very long time.
I wonder how much malware now just refuses to run on XP because it attempts to use functions that were introduced in later versions.
I loved it when it first came out. We built some really nice applications using ActiveX. The problem was when they enabled it in IE without thinking through the implications.
IIRC, by default, only intranet apps would be allowed to run ActiveX controls that were signed. Internet apps would prompt a warning - but as we all know now, users just clicked through them and enabled them to run.
ActiveX itself is very nice and very simple - it is, after all, just a documented interface for components.
It allowed us to port all those enterprise desktop apps into the browser. We had very efficient and fast web applications running in the browser long before the ajax revolution that came some years later. It completely changed the cost of IT and administration for a large number of businesses - you no longer had to maintain all these different custom-built desktop applications for every business unit - you just pointed their browser to the web app (we all know these advantages today, but back then it was completely revolutionary).
You couldn't do it with just HTML then, you can now thanks for the new input types, xmlhttprequest (from Microsoft) etc.
The mostly JS-less web was fine, fast, and reliable 20 years ago and I never had ActiveX.
I hear stories about Flash and ActiveX but I literally never needed these to shop or pay bills online. Payments also didn't require scripts from a dozen domains and four redirects..
There was a lot wrong with ActiveX, starting with the fact that it was proprietary and Windows/X86 only, but the basic concept of cleanly embeddable controls was extremely sound and is something the modern Javascript world is only slowly groping towards.
In the 90s many things were only possible with ActiveX or Java Applets. ActiveX just had the nice side effect of only running on Windows and IE. But, it's important to remember browsers were much much less capable than they are today. I was writing 'webapps' and manipulating the dom and javascript was sloooow (on both IE or FF). One hack I did was have the server dynamically writing js code (instead of doing something on the client) and doing htmx like we see making a comeback today.
ActiveX is from. 1996, and java applets are from 95. I'm not sure if those technologies were capable of much back then, but the web used to be a much more diverse place before traditional plugins got purged and replaced by Javascript; I'd argue that javascript would be the worst way to do any kind of interactive website back in those days, because almost everyone was on Windows and the alternatives were so much more useful.
Yes, and that was for internal use on the intranet. And yes, it was a huge problem that they insisted on using such old versions of IE, but that was the issue - not ActiveX.
Perhaps the question should have been, why make a special version for the ones with javascript?
This is very true: if you wanted to do anything interactive you really had to dive into Java, Flash, or ActiveX. But, as you say, ActiveX was Windows and IE only, and that wasn't an accident.
And it wasn't just that JavaScript and DOM manipulation were slow: it was incredibly lacking in capabilities. Any kind of basic drawing? Nope. Multimedia support? Nope. Local storage? Nope. Decent networking capability and access to remote APIs? Nope. Good, standardised browser APIs? Nope, and hence the arrival of JQuery, Dojo, et al.
I completely agree with you but Microsoft's approach was deliberately and calculatedly shady.
And that’s not even the worst part. The worst was all of the corporate sites that were built to run exclusively on IE6 and straight up couldn’t be used in alternative browsers. I’m talking scripts written in VBScript rather than JavaScript. ActiveX plug-ins rather than something cross-platform.
One big problem with IE7 was its asinine "This page contains scripts or ActiveX controls that could access your computer" warning banner that it plastered all over basically everything, including static .htm pages that didn't have even a single line of JavaScript, much less ActiveX. I got really tired of answering emails from users who were frightened half to death by that warning. It had the effect of desensitizing users to actual threats, or at least it would have if IE7 had ever gained much popularity.
It was a terrible piece of work and I was glad when it never achieved any significant market share.
And yet the desktop was somewhat captured not by IE+ActiveX controls but by Ajax technologies, another invention of IE. (And Flash, to another extent) Oh what days were those...
Today we are all basically running JavascriptStations.
The power consumption alone of JavaScript easily shadows that. Pretty much no desktop computer in the world can go in lower sleep states because of javascript "idling" in the background. And a decent percentage of CPU cores are constantly pegged at 100%. Imagine the number of batteries that has prematurely died because of the stress of javascript - when all the user wanted was to read static text.
Enabling ActiveX for your bank site is hardly the same. The real issue was running it on another OS than windows. Happily trade it for what we have today though.
reply