Active content allows the page to do something. In computer lingo, it is interactive, dynamic, it has functionality. This allows web designers to create more interesting page, but also carries the risk that malicious programs can gain access to your computer, read and interfere with your files.
Not everything is bad about active content!
An example of an excellent site using active content:
Sodaplay Constructor (Java)
What types of active content are there?
JavaScript, a script program, another example of which is Visual Basic Script (only found on Internet Explorer.)
What are the risks of active content?
There are risks associated with active content: ActiveX has been used to install spyware, malicious scripts like JavaScript have been used to create viruses and worms, hijack your browser and steal confidential information, and Java has been used to install Trojan horses. Internet browser manufactures have been forced to issue patches to fix vulnerabilities, and so have the two producers of Java virtual machines which implement Java applets, Microsoft and Sun.
What security is provided?
JavaScript (and other scripts), Java and ActiveX all attempt to provide security, but use different methods: JavaScript is controlled by security policies imposed by the browser it runs in; Java is run in a 'sandbox', an area divided off from the rest of your computer where it can't do any harm; ActiveX controls may be signed by the author to say that they are safe, and unsigned ActiveX controls are blocked by default in Internet Explorer.
What can I do to protect myself from the risks?
It is possible to disable all active content. Indeed some computer experts recommend doing just this. But some sites will not work without active content. The next three pages deal with the risks of each type of active content and what you can do to protect yourself.
However, three basic pieces of advice I can give right now are: