Tuesday, July 06, 2004

More Thoughts on Internet Explorer Security

Maybe my last post was too severe. Windows Internet Explorer has a lot of security problems, and it will continue to have problems. The people who created it may prove to be misguided, however they are in the experimental phase of a new technology, and with anything new, "mistakes are made". In fact, we have not properly explored the design space unless mistakes are made.

A major source of security problem in Internet Explorer is the worldview that underlies its architecture. Just as pet owners come to resemble their pets, software reflects the organization that creates it. Microsoft is a large company that expects to dominate any field that it enters. Internet Explorer security is based on the concept that a small number of large media companies will dominate the internet and provide content for the masses. These companies need to install helper applications to web enable their content. ActiveX and other mechanisms are there to make this process work seamlessly without bothering the user. Also, because the applications are platform specific, they help cement the domination of Windows.

In practice the internet is more like the Wild West, with lawless thugs riding roughshod over whatever they can. Mechanisms to seamlessly deliver helper applications are exploited by the bad guys to seamlessly deliver unwanted programs of all sorts. Butler Lampson (now at Microsoft Research) recently published an excellent paper on security in IEEE Computer. He talks about trusted computing bases and sandboxing applications to prevent them from doing things that they should not. Now all we need is for the right people to listen to what he has to say.

No comments: