Microsoft Delays IE's ActiveX D-Day
By Ryan Naraine
March 28, 2006
http://www.eweek.com/article2/0,1895,1943847,00.asp
Microsoft is moving full steam ahead with a plan to permanently modify the way Internet Explorer renders multimedia content on Web pages, but in what amounts to an admission that the changes could be disruptive, the software maker plans to give Web developers an extra 60 days to continue making preparations.
The IE update, which results from a multimillion-dollar patent spat with Eolas Technologies, changes the way the browser handles ActiveX controls and could have a significant impact on how online advertising and streaming media content is delivered over the Internet.
According to information reaching eWEEK, Microsoft announced the plans for a one-time 60-day extension during a conference call with industry partners on March 28 wherein Redmond officials reiterated the need for Web pages to be completely re-authored to avoid possible disruptions.
If Web sites and advertising units aren't re-authored, Microsoft warned that ActiveX Controls and Java Applets will require user activation before the user can interact with the control.
Michael Wallent, general manager of the Microsoft Windows Client Platform, confirmed that the changes will be included in a cumulative IE security update that's on tap to ship on April 11 and said the 60-day extension would apply only to a "small set of customers."
Wallent, who hosted the call with lead program manager Kellie Eickmeyer, said some enterprise customers have requested more time to ensure that applications that require ActiveX controls work without major disruptions.
"They need the extra time to make sure those apps work very well. We had an open discussion on how to make sure they receive the security protections during this grace period," he said in an interview with eWEEK.
To read more about IE's multimedia handling, click here.
According to a Microsoft partner who participated in the confidential discussion, the company offered to release a "patch update" on top of the April patch that disables the ActiveX changes through June 2006.
During the grace period, the Microsoft officials urged that the patch update not be applied to all machines because another IE update scheduled for June will override all changes.
The big push now is for developers to recode Web sites and Web applications to cater for the browser update.
If not, users won't be able to directly interact with Microsoft ActiveX controls loaded by the APPLET, EMBED or OBJECT elements without first activating the user interface with an extra mouse click.
"We've been talking to customers and partners about this update since December [2005], and we're trying to get them ready for what will happen once the IE update goes out to everyone. The majority of companies have successfully modified their content to make sure that no additional clicks will be required but some people need more time," Wallent said.
During the March 28 call, which included a demo of the changes, one source said some advertising content served by Yahoo was impacted.
Microsoft's own Channel9 marketing site was also partially affected during the demo.
"Six months from now, there will be no difference to the Internet experience whatsoever," Wallent said, insisting that customers and developers have been very receptive to making the necessary content modifications.
However, sources tell eWEEK that the situation could be chaotic when the IE patch ships as an automatic update to users of IE 6 on Windows XP SP2 and Windows Server 2003.
Read more here about Microsoft scrapping IE changes in an Eolas patent dispute.
"Despite what Microsoft says about minimal impact, it makes it much harder to use an application that has a lot of ActiveX or Applets. Each time you load a page with a control, you have to activate it. So if the user goes to PageA with a control and activates it, then goes to PageB with a control and activates that one, if they then go back to PageA again then have to activate it again," said the source, who requested anonymity.
He said software vendors and sites that use ActiveX, Flash and Applets "will get a lot of howls" from users when the update ships on April 11.
At this stage it's optional, but when it becomes a "security" patch, the source argued that millions of people will not understand what is happening when multimedia content loads in a different way.
Some widely deployed programs that use ActiveX controls within the browser include Adobe's Reader and Flash, Apple's QuickTime Player, Microsoft's Windows Media Player, RealNetworks' RealPlayer and Sun's JVM (Java Virtual Machine).
A white paper detailing the ActiveX changes has been published on the MSDN (Microsoft Developer Network).