While security experts applaud Microsoft's recently released Service Pack 2, some companies that distribute their software over the Web are watching the product's introduction with dread and suspicion.For years, software developers have offered applications to the world in Microsoft's Internet Explorer Web browser . . .

While security experts applaud Microsoft's recently released Service Pack 2, some companies that distribute their software over the Web are watching the product's introduction with dread and suspicion.

For years, software developers have offered applications to the world in Microsoft's Internet Explorer Web browser through the company's powerful proprietary API (application programming interface) called ActiveX. The technology starts up external applications, or "plug-ins," within a Web page.

But a tool that can run good software in a browser can also run bad software, and as a result ActiveX has been implicated in a wide array of security scenarios, most recently in the surreptitious installation of adware, spyware and worse.

Microsoft's long-delayed and glitchy Service Pack 2, the security-focused update for the Windows operating system released this month, clipped ActiveX's wings with a more cautious alert system that springs into action when a Web site tries to run an ActiveX control, sprout a pop-up window or run other code.

In the past, IE prompted users with a simple "yes" or "no" option on a security screen before allowing plug-in installations. With SP2, Microsoft blocks ActiveX controls from running by default and flashes an explicit warning that unknown software can cause harm to a PC. Users who still want to install a plug-in must now take a series of complex steps to override the protection scheme.

The changes have alarmed some software vendors that depend on ActiveX and has aroused suspicion that Microsoft is using security imperatives to further its strategic ends.

The link for this article located at Paul Festa, CNET News.com is no longer available.