At some point, you've probably seen an error message pop up that "Active Content on this webpage has been blocked. Click here for options." Microsoft and the other browser makers give us these warning so we can try to make choices about what to trust on the web and what to avoid. Unfortunately, most average computer users don't know what "active content" is or how to decide what to trust. There are no easy answers for deciding who to trust but after reading this overview, you should have a little more idea of the risks you are taking.
Web scripts are used on almost every web site now. These scripts let the web designer customize the look and feel of the site and are very easy to use. The script is written into the webpage and is executed by your browser. There are limits to what the script can do, making them mostly safe. Unfortunately, one of the ways they can be exploited is to redirect you from a legitimate web site to a look-alike malicious one that may download viruses or collect personal information.
Java and ActiveX controls are actual programs that are already on your computer or can be automatically downloaded into your browser. ActiveX can do anything on your computer that you can do. That's helpful if the web page is supposed to find and run a program for you but very dangerous if exploited by a hacker. Untrustworthy ActiveX controls can be used to load spyware, collect personal information, connect to other computers or do other damage. (If you're trying to load or update well-known software like Flash Player or Adobe Reader, it's probably okay. On the other hand, if the browser is trying to launch something like WeatherBug or MemoryMeter, SAY NO!) Java applets usually run in a more restricted environment and have less rights on your computer (and therefore can do less damage if exploited), but if that environment isn't secure, malicious Java applets may be used for attack as well.