<P> Microsoft's new Windows Runtime (or WinRT, not to be confused with Windows RT) programming and application model is essentially a COM - based API, although it relies on an enhanced COM . Because of its COM - like basis, Windows Runtime allows relatively easy interfacing from multiple languages, just as COM does, but it is essentially an unmanaged, native API . The API definitions are, however, stored in ". winmd" files, which are encoded in ECMA 335 metadata format, the same CLI metadata format that . NET uses with a few modifications . This common metadata format allows for significantly less overhead than P / Invoke when WinRT is invoked from . NET applications, and its syntax is much simpler . </P> <P> COM and ActiveX components are run as native code on the user's machine, with no sandboxing . There are therefore few restrictions on what the code can do . The prior practice of embedding ActiveX components on web pages with Internet Explorer did therefore lead to problems with malware infections . Microsoft recognized the problem with ActiveX as far back as 1996 when Charles Fitzgerald said, "We never made the claim up front that ActiveX is intrinsically secure". Recent versions of Internet Explorer prompt the user before installing ActiveX controls, enabling the user to disallow installation of controls from sites that the user does not trust . The ActiveX controls are signed with digital signatures to guarantee their authenticity . It is also possible to disable ActiveX controls altogether, or to allow only a selected few . The transparent support for out - of - process COM servers still promotes software safety in terms of process isolation . This can be useful for decoupling subsystems of large application into separate processes . Process isolation limits state corruption in one process from negatively affecting the integrity of the other processes, since they only communicate through strictly defined interfaces . Thus, only the affected subsystem needs to be restarted in order to regain valid state . This is not the case for subsystems within the same process, where a rogue pointer in one subsystem can randomly corrupt other subsystems . </P> <P> COM programmers build their software using COM - aware components . Different component types are identified by class IDs (CLSIDs), which are Globally Unique Identifiers (GUIDs). Each COM component exposes its functionality through one or more interfaces . The different interfaces supported by a component are distinguished from each other using interface IDs (IIDs), which are GUIDs too . COM interfaces have bindings in several languages, such as C, C++, Visual Basic, Delphi, Python and several of the scripting languages implemented on the Windows platform . All access to components is done through the methods of the interfaces . This allows techniques such as inter-process, or even inter-computer programming (the latter using the support of DCOM). </P> <P> All COM components implement the IUnknown (custom) interface, which exposes methods for reference counting and type conversion (casting). A custom IUnknown interface consists of a pointer to a virtual method table that contains a list of pointers to the functions that implement the functions declared in the interface, in the same order that they are declared in the interface . The in - process invocation overhead is therefore comparable to virtual method calls in C++ . In addition to custom interfaces, COM also supports dispatch interfaces inheriting from IDispatch . Dispatch interfaces support late binding for OLE Automation . This allows dispatch interfaces to be natively accessed from a wider range of programming languages than custom interfaces . </P>

What is com and dcom in web technology