One of the scariest reads on things that you can do with IE in a while. Run an "app" by-passing all security restrictions... yikes. I'm glad that I use Mozilla.
hmm. I wonder when that was written... Is it just me or does HTA sound alot like the Mozilla/XUL applications (or probably the other way around since HTA seems to predate Mozilla).
They run with less security, sure. Microsoft sees these as being useful for intranets, where security can be easier: on the client, "allow HTAs from any local server, disallow from an outside server". This can be done by for IE by network administrators company-wide. For web apps running on the Internet, this becomes more of an issue. As a client you would want to approve each site that has these lax security restrictions. Without fine grain control of what the app is able to see and do, I don't see HTA's being popular on the Internet. They would be a rather large security vulnerability, and put too much choice in the hands of users with regards to security (a subject few people know about). Peter: it sounds like the same idea as XUL. Mozilla sandboxes XUL apps from the Internet and restricts them (you can't read local files, for example) unless you specifically give permission. Mozilla itself is a XUL app, remember. It just runs from the local hard drive, and because of that has no sandbox security restrictions.
Java Applets let you run applications downloaded from other places too. But like ryan pointed out with XUL, it runs in a sandbox. I hope microsoft is taking the necessary steps to make sure that this stuff really is secure. Also, I think that allowing these apps to run, as long as they are from your domain, could be a bit dangerous. It would only take one disgruntled developer to take down the corporate computer system. And the term sandbox scares me. How hard is it to really break out of a sandbox. I want my programs to run in solitary confinement, on Alcatraz.
Another thing that scares me is that users will probably just click on "Yes" whenever something asks for permission. This explains why things like Gator are so rampant.
Ya exactly, user's can't be trusted to manage their own security because they don't know enough about it. Which is why network administrators often lock down IE security in a high setting.
The advantage that sandboxes have over regularly-executed code is that sandboxes get viggorous security audits, and only allow code to run at a specific level. They also get a lot of attention from security experts, picking on them to find holes so they can brag about finding them. They are an extra layer of execution that code has to go through to work, and all they are concerned about is the security check. Regular code, on the other hand, often isn't written with security in mind and so is more easily exploitable (ie. buffer overflow). If you know your code will be executed in a sandbox you don't need to worry about security as much, which is nice. The Java Virtual Machine as far as I know is a sandboxed execution environment.
hmm. I wonder when that was written...
ReplyDeleteIs it just me or does HTA sound alot like the Mozilla/XUL applications (or probably the other way around since HTA seems to predate Mozilla).
They run with less security, sure. Microsoft sees these as being useful for intranets, where security can be easier: on the client, "allow HTAs from any local server, disallow from an outside server". This can be done by for IE by network administrators company-wide.
ReplyDeleteFor web apps running on the Internet, this becomes more of an issue. As a client you would want to approve each site that has these lax security restrictions.
Without fine grain control of what the app is able to see and do, I don't see HTA's being popular on the Internet. They would be a rather large security vulnerability, and put too much choice in the hands of users with regards to security (a subject few people know about).
Peter: it sounds like the same idea as XUL. Mozilla sandboxes XUL apps from the Internet and restricts them (you can't read local files, for example) unless you specifically give permission.
Mozilla itself is a XUL app, remember. It just runs from the local hard drive, and because of that has no sandbox security restrictions.
Java Applets let you run applications downloaded from other places too. But like ryan pointed out with XUL, it runs in a sandbox. I hope microsoft is taking the necessary steps to make sure that this stuff really is secure.
ReplyDeleteAlso, I think that allowing these apps to run, as long as they are from your domain, could be a bit dangerous. It would only take one disgruntled developer to take down the corporate computer system.
And the term sandbox scares me. How hard is it to really break out of a sandbox. I want my programs to run in solitary confinement, on Alcatraz.
Another thing that scares me is that users will probably just click on "Yes" whenever something asks for permission. This explains why things like Gator are so rampant.
ReplyDeleteYa exactly, user's can't be trusted to manage their own security because they don't know enough about it. Which is why network administrators often lock down IE security in a high setting.
ReplyDeleteThe advantage that sandboxes have over regularly-executed code is that sandboxes get viggorous security audits, and only allow code to run at a specific level. They also get a lot of attention from security experts, picking on them to find holes so they can brag about finding them. They are an extra layer of execution that code has to go through to work, and all they are concerned about is the security check.
ReplyDeleteRegular code, on the other hand, often isn't written with security in mind and so is more easily exploitable (ie. buffer overflow). If you know your code will be executed in a sandbox you don't need to worry about security as much, which is nice.
The Java Virtual Machine as far as I know is a sandboxed execution environment.