Ahn is gone, but ActiveX remains

A securities firm Web site says the user needs to install a security module, a part of Microsoft’s ActiveX plugin.

One of the pledges made by former presidential candidate Ahn Cheol-soo was to eliminate ActiveX Controls, technical standards developed by Microsoft for Internet Explorer.

“ActiveX is irritating everyday life for the people of Korea,” he said in a speech, “I will lift ActiveX and that will be a crucial part of my campaign.”

When the founder of Korea’s largest antivirus software firm, AhnLab, announced he would drop his presidential bid, it disappointed many Web users who hoped to see the annoying and sometimes dangerous Microsoft software disappear.

“I wasn’t exactly a fan of Ahn Cheol-soo, but I made up my mind to vote for him simply because he promised to scrap ActiveX,” said Jason Lee, an office worker in his mid-30s. “ActiveX is just too annoying. Each time I try to buy something from an Internet shopping site or make financial transactions, I am forced to install them and my computer is increasingly filled with unnecessarily software. It is almost junk.”

ActiveX was developed in 1996 to extend Internet Explorer into a variety of areas, ranging from graphics to multimedia, security and online shopping. It can be automatically or optionally downloaded and executed by a Web browser.

The problematic plugin is probably used more in Korea than anywhere in the world because Internet Explorer is still the nation’s most popular Web browser, relied on by government, financial institutions and shopping sites. As of May, Internet Explorer’s market share in Korea was 80 percent, followed by Chrome at 14.8 percent and Firefox at 4.5 percent. That is largely because the Windows operating system is predominant here. Globally, Google’s Chrome has a larger share than Internet Explorer.

A spokeswoman for Microsoft Korea also said the unit “had a hard time localizing Windows 8, the latest PC operating system, before its release in Korea last month due to Korean Web sites’ heavy reliance on ActiveX.”

According to a second-quarter survey of 200 public and private Web sites by the Korea Communications Commission, a top government agency overseeing IT policies, 84 percent, or 168 sites, were using ActiveX. The plugin had the largest usage for Web security - 42.2 percent for public sites and 39.7 percent for private sites. The next biggest use of ActiveX was for online shopping and personal verification.

When accessing the Ministry of Gender Equality & Family Web site that provides information on sex offenders at www.sexoffender.go.kr, a Web security ActiveX called WebSAFER must be downloaded and installed. Unless, of course, the main page does not show up. And this happens with many public sites - especially those issuing electronic documents, such as resident registrations.

Some Korean Web sites even block access through browsers other than Explorer. For instance, if you enter the site of Hyundai Card, a credit card company, with the Mac browser Safari, the message “Please use an Internet Explorer” pops up. Access to the site requires installation of a handful of ActiveX programs for security - including a digital certificate.

Thus the ActiveX plugin has created a vicious circle of forcing more Web users to opt for Internet Explorer and being trapped.

The irony of ActiveX is that although it is meant to enhance Web security, it has a security loophole that makes it a tool to spread malicious codes or viruses. Excessive installation of Active X can slow down a computer because the plugin eats up a sizable portion of memory.

ActiveX was introduced to Korea in the late 1990s. Digital certificates for financial transactions over the Internet in the form of the ActiveX plugin were adopted in 1999. ActiveX gained momentum in the early 2000s, when Korean financial institutions launched online banking and stock trading services and adopted the plugin to beef up security.

Kim Gi-chang, a professor of law at Korea University, describes ActiveX in online shopping and security as a “chronic problem.” “Korea should now be quick to get out of this anachronistic issue that foreign countries eliminated long time ago,” he said.

The government has made several pledges in the past several years to improve the situation by reducing heavy ActiveX use, with meager signs of progress. The Ministry of Strategy and Finance said late last month that it would launch a survey of ActiveX usage among Korean Web sites next year, and based on that would encourage site operators to build sites without the plugin.

By Seo Ji-eun [spring@joongang.co.kr]