South Korea kills ActiveX-based government digital certificate service • The Register


South Korea on Thursday shuttered a government-run digital certificate service that required the use of Microsoft’s ancient ActiveX technology.

Microsoft launched ActiveX way back in 1996 and it was effectively the company’s riposte to Java. An evolution of Microsoft’s COM (Component Object Model) and OLE (object linking and embedding), ActiveX made it possible to embed elements of other applications in a web page and even inside other apps by using an “ActiveX control” and a plug-in. The pre-.Net tech was Microsoft’s big mid-90s play for a cross-platform application delivery platform and lives in on technologies like

Until today it also lived on inside a digital certificate authority that South Korea’s government ran to secure government and financial services websites.

ActiveX was introduced to do the job in 1999, when it wasn’t the worst imaginable choice. But Microsoft has all-but walked away from ActiveX and its new Edge browser doesn’t support the tech. ActiveX controls have also become a vector for plenty of nasty exploits.

COBOL-coding volunteers sought as slammed mainframes slow New Jersey’s coronavirus response


South Korea knew it had an ActiveX problem way back in 2015, because even then the need to use ActiveX to do business on local websites irked outsiders.

For locals, the requirement to run the code was so annoying that getting rid of it became an election promise at the nation’s 2017 presidential election.

That promise has now been delivered: the nation’s Ministry of Science and ICT today annnouced the service’s planned demise.

South Korean websites will therefore no longer need to include ActiveX and individuals can ditch the plug-in. There’s also an economic pay-off: the nation’s tech firms can compete in a market for digital certificates unencumbered by a dominant government player. ®

You May Also Like…