[4976] in WWW Security List Archive
Re: Prediction:Plug-ins will go away (Re: Automatic trojans)
daemon@ATHENA.MIT.EDU (Richard Costine)
Thu Apr 3 17:49:36 1997
Date: Thu, 03 Apr 1997 14:41:14 -0400
From: Richard Costine <rjc@n2k.com>
To: jay@homecom.com
CC: Matthew Patton <patton@sysnet.net>, WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Jay Heiser wrote:
>
> Richard Costine wrote:
>
> Jay Heiser wrote:
>
> > executable content. I think that plugins are either going to go
> away,
> > or they are going to be extended to take advantage of some
> browser-based
> > security infrastructure. Executable content is a great idea, but
> it's
> > Matthew Patton wrote:
> > Any thoughts on how to deal with this other than the obvious and
>
> > never ending "user awareness training"??
> I agree that executable content is a "good thing" - it adds value to
> the......
> library-based media. It also works provided that you have a trusted
> sandbox to play in. I don't think most "clueful" folks place a lot
> of
> trust in the sandbox that they've been given to use (ie. Java and
> ActiveX). I guess supplying this "trust" is a job for the real
> programmers that are left. You know: the ones that actually know how
> to
> write code that will manage a linked-list or binary-tree, or still
> know
> what a hash table is, and why you would use one in lieu of the
> former,
> Note: Clueful = Internet security-consious group of people
>
> Java security could be much better, but so far, it already seems better
> than a lot of network code. Sendmail is hardly foolproof. Kerberos has
> undergone 4 major revisions. Heck, MS-Word macros represent a huge
> risk. Compared to other code, Java ain't that bad. Humanity might
> be better served by putting resources into replacing sendmail than
> performing major surgery on the JVM.
Agreed. Sendmail is a beastie that should not be run as root on any
system exposed to the 'net. (Along with Ichat, Apache and any other big,
burly, and potentially security-hole-laden code). We use smap as an MTA,
it passes it off to a directory that sendmail periodically looks at and
delivers. smap runs as root for as long as it takes to accept the
connection and turns into a non-root user.
As far as Java goes... it still is a big program that I have to trust.
Do I trust it more than ActiveX. Yes. Do I trust ActiveX more than some
arbitrary piece of code (ie. plugin) that I download from the net. Yes.
It's supposed to run in some kind of sandbox.
I trust Java with good reason, Sun has a better track-record with
security-issues than Microsoft, which likes to ignore messy things like
strong authentication and encryption of passwords. Microsoft has a
vested interest to lock you into using its OS and the applications that
only run on it - I don't believe ActiveX runs with netscape browsers or
unix systems (I haven't gotten MSIE working on FreeBSD yet :))). We've
seen time and again that Microsoft puts that interest in front of
security. Sun makes hardware, they don't have that interest.
(( BTW. There is a free implementation of the JVM - It called Kaffe. ))
Plugins will go away when the sandbox gives us enough room to do all the
neat things we expect from a network application - but without giving
away the store. For example, a java based RealAudio player that one can
trust instead of the raplayer executable program that runs on my machine
would be a start. Or ... A MS-Exchange version written in Java so I can
run freebsd and use MS-exchange on it. We're still a long way from that.
