Can someone explain to me what that is and how it works (in layman's terms)? Or recommmend a website where I can find that info? If anyone is curious why I'm asking, please refer to my post a little ways down the page. Thank you.

ActiveX scripting is also known as VBScript, which looks like full VB (Visual Basic) code, but is vastly simpler. However, the term tends to include any web page that makes use of ActiveX controls, which are small programs that can be run from HTML pages on a Windows machine. A scripting language is a kind of programming language, that is written out into a text file, and is usually not turned into files that run on their own (like Word, NotePad, and Explorer do). Instead, a script is typically read as-is by another program, which then performs the tasks contained in the script. Scripts are commonly used on web pages to make menus move and look cool, make animations fly around a page, and other eye candy, but sometimes they do useful things. The advantage of script files is that they are very fast to write, don't require special preparation, are easy to modify at anytime in a plain text editor, can be written right into HTML pages, can pass through security measures if disguised (though running them is harder), and so forth. Some of the more popular scripting languages used on HTML pages are JavaScript, Perl, PHP, and VBScript. There are many sites that will give information on scripting languages, but don't bother with VBScript; JavaScript is perhaps the most common in web pages. VBScript is likely going to be phased out, since it has so many security problems. JavaScript was designed with security in mind, but VBScript was not. The new .NET technology is slated to replace it. VBScript has a lot of power on a Windows machine, which is part of the problem. As such, its best used on Microsoft servers, rather than on the pages a client sees in a web browser.

Jeff, thanks that is a great explanation. Not sure I understand it all :) How does the browser, in this case IE6, know if an active X control is safe or not safe, and if it signed? I am still trying to understand how comet cursor got into my computer without my permission or knowing it until after the fact. Thanks again.

Suzi, If you didn't install it and you haven't let anyone else into your machine, then why don't you download a free antivirus program and get rid of your problem. This is a programming forum, your question belongs in the security/virus section.

junky-toof, You missed the point of my post. I know how to get rid of it and prevent it from happening again. I am trying to learn from a programming perspective how the code for active x scripts works. I do believe is a programming topic.

You might want to look at this info page: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q216434 titled "How Internet Explorer Determines If ActiveX Controls Are Safe". However, it's more about how it is done, which is a tad technical, so let me just summarise the implications. I'm hesitant to mention this, for fear people will get ideas, but I guess it's public knowledge already anyway. The ActiveX security model relies primarily on the honor system. When a developer marks their control as safe, they are simply claiming it is safe, but there is no agency required to verify this. Micro$oft will now try to ban me from the internet, or use that statement to promote their new .Net technology (I hope that remains a bad joke). The scary bits are never publicised, since they negatively impact sales. One attempt to tighten IE security is the certificate. It's an electronic document that is co-signed by some corporation with a lot of clout, such as VeriSign, and helps give the end-user a sense of security. It's not so much a verification that something's safe, since it's extremely difficult to detect all the capabilites of compiled software; it's more like finger printing in public. That is, a certificate exposes the vendor publicly, hopefully makes them visibly accountable, and tends to ward-off the less savory. Thus, the world sees the vendor in the open, and if they ever go over the line, presumably no company will ever again certify their products. It can be a big help, but obviously it is not foolproof. It's interesting that comet never certified their control... If I never post again, you will all know why, but please don't all cheer at once :)

Lol, Jeff. Thank you again. I did a google search about active x controls and found that M$ site you listed. It was hard to understand, but your explanation clarified it well. I'm not even sure I trust VeriSign now because of their deceptive marketing practices, trying to get people to change their domain name registratiion to them. I see Go Daddy sued them and won, or VeriSign settled, forget which. I emailed Jamie Rosen (founder of comet systems) and asked her why their active x wasn't certified. Thanks again.