Toronto, ON, July 1997
Java programs download from a server similar to a Web page. When they're received by your computer, your browser starts an interpreter that executes the program. Java restricts these programs to a sandbox where they can use the screen and computer power of your computer. Supposedly, they can't get to your files, or to other computers on your network.
However, rogue Java applets can monopolize or exploit your system's resources in an annoying, inappropriate, or destructive manner, largely by consuming your computer's system resources.
ActiveX encapsulates programs for sending over the Internet. Unlike Java, ActiveX programs can access your computer's file system. Microsoft recognized users would balk at downloading programs that could erase their hard drives, so they developed Authenticode. When you're about to download an ActiveX control, Microsoft Internet Explorer displays a warning, and shows you the Authenticode certificate. Should the control have no certificate, you see a warning message. A certificate doesn't ensure the program is safe; it just says where it comes from.
Malicious ActiveX control can read, modify, or delete any file on your computer, or insert a virus into your system.