Even if this is everything you say it is, it doesn't do anything for the
> Basically, Microsoft is proposing an API which can be used to contact a
> Trust Authority, through either a Trust Provider (a piece of software which
> determines rules for how Trust is to be verified) or a Trust Administrator
> (which could be local or off-site and determines which Trust Authorities
> should be consulted, how, and when).
That's all very well, for applications (user takes a positive action to
download and install). If that's how it's supposed to be used, bravo for
Microsoft. It's about time. For applets, though, it means that you have to
assume that *every* applet was written with the same security level as
the browser it's running under.
Netscape has shown themselves to be mildly bogus, but it's possible to
track them, and they *do* seem to care about security. Even if there are
no holes in Explorer itself, its security is held hostage to holes in
*every* applet it trusts. You don't have to just trust Netscape and Microsoft,
you have to trust Frobco.
See, it's not that I don't trust FrobCo, authors of the FrobCalc applet, to
not be malicious. It's that I don't trust them to be *competant*.
If the applet's running in a secure environment then the worst that can
happen is that a security hole in the design and implementation of that
environment is used. That means you have to keep up on one vendor's
position on security.
If the applet's just certified as being from a non-malicious source, then
you have to worry about *their* security position. Every applet needs to
be secure. FrobCo has to spend as much time and money on security as
Netscape... because if there's a hole in FrobCalc a cracker can put
FrobCalc and the supporting exploit stuff up on a web page and wait for
people to walk into his trap.
For applications, this is harder. A phreak can put all the Microsoft Word
exploits on his web page he wants, but they won't do anything until you
download and view them. He has to find *naive* flies... he won't just
catch everyone clicking thropugh his page with the right software.
And the potential legal liability for FrobCo, if this causes damage, is real.
Unlike the usual shrinkwrap license situation, the victim hasn't done
*anything* to absolve FrobCo of liability. They have taken no positive action
to say "I agree to give up my implied right to the product actually working
as advertised in exchange for running this software"... because they never
knew they were running it!
No, security is too important to be implemented and reimplemented by dozens
of separate garage developers writing Microsoft Explorer applets. I see a
great future for product liability lawyers and security consultants, though.
From: Russ <Russ .