When/why does Internet Explorer block installation of a (signed) ActiveX control?

Question

When the user visits a page that contains a signed ActiveX control that has never been seen before, I'd expect IE to ask the user for permission to install the control. But sometimes IE puts up a security warning instead.

For example, consider this site, which has a test control: http://www.pcpitstop.com/testax.asp

I'd expect to get this message -- and sometimes, I do:

"The website wants to run the following add-on: 'XXX' from 'YYY'. If you trust the the website and the add-on and want to allow it to run, click here..."

But under IE8 on XP, I usually get this instead:

"To help protect your security, Internet Explorer has restricted this site from showing certain content. Click here for options..."

What's going on? Any ideas?

Thanks!

Answer 1

"The website wants to run the following add-on: 'XXX' from 'YYY'. If you trust the the website and the add-on and want to allow it to run, click here..."

This is so called ActiveX Opt-In or Per-site ActiveX. It happens when control is already installed but was not used for the current website. If your AX control was installed from another site or within another control from the same OCX - you will get this message.

As for IE8 + WinXP: looks like security level for Internet Zone is too high. Try default settings and make sure your CAB is signed properly. Unsigned controls are off be default.

Answer 2

ActiveX objects can execute code, so there is a security concern, so IE by default disables scripts that has ActiveX objects and warns the user