One Man's Security is Another Man's Prison
As of December 2011, this topic has been archived. As a result, it is no longer actively maintained. For more information, see Archived Content. For information, recommendations, and guidance regarding the current version of Internet Explorer, see Internet Explorer Developer Center.
November 8, 1999
This applies not only to the physical security of one's environment, but also to the "digital" security as it applies to computer systems, programs, and networks. No user wants a malicious program to wander around on their hard disk deleting files, but at the same time, they want bona fide applications to create, access, and update their existing documents.
Don't get me wrong. I'm not trying to downgrade the importance of security and how it relates to computers. I am simply trying to help shed some light on how difficult this task is to undertake. It is an important problem for all in the industry to address.
Almost every week, there appears to be some news story of a new computer virus, of a Web site being compromised, or of some other security breakdown related to computers. The regularity of these stories is perhaps more of an indication of the depravity of some of our fellow human beings than of any inherent flaw present in computer systems and applications. In actuality, computer systems today are more secure than they have ever been. However, computers have also extended into far more facets of our lives than previously, which provides a far larger opportunity for a security problem to affect people. At the same time, it seems malicious individuals are expending almost inhuman energies at being a negative force in our lives. (I could easily move into a philosophical discussion here, but I doubt that is what you want.)
The primary focus of computers is to allow access to data. This might be in the form of editing a text document, calculating bank balances, reading e-mail, or calculating pi to one more decimal place. On one hand, we design computers to give us access to data; on the other hand, in order to provide security, we need to prevent access to data. The goal is to know who should have access, and who shouldn't. This isn't as straightforward as it might seem.
When personal computers were pretty much islands unto themselves, it was a lot easier to maintain security: The only way to get data onto, or from, a computer was with a floppy disk. Then, users would have a physical product that they could touch, hold, and manipulate. There was an act of conscious acknowledgement involved with inserting a floppy disk into the drive, and intentionally executing the "Setup" program.
Viruses were a known problem, but it was fairly easy for users to police their application installation procedures—either install only "commercial" software, or take precautions loading shareware or other "non-commercial" software. Add to this that most computer users of those days were fairly savvy in the process of computer operations, and you have a recipe for a fairly stable environment.
Suddenly, things changed. Not only are computers now used on a regular basis by people who have no idea what the differences are between an ASCII Text file and a Binary Executable, but you suddenly have exposed access to downloading data onto those systems in a virtually transparent fashion. And then, add to this the explosive growth of the Web.
In the beginning, Web pages were pure text. There was no programmatic interaction between the Web pages you were reading, and the system on which you were reading them. The opportunities for malicious Web pages were equally nil. Just about the worst thing that a Web site could do was to use a timed redirect on its pages to move you to another page without your control.
As browsers started exposing more and more functionality to Web sites, we suddenly saw an increase in malicious interaction. For the most part, there wasn't anything really "new" that was suddenly available to these nefarious individuals, but their prank code was now easier to move from system to system. Even though the potential "holes" they had to work through were getting smaller and smaller, the sheer complexity of the underlying systems would often provide some unexpected interactions that would allow them to sneak through a well-crafted barrier.
Security is a real issue, a real problem. It is one that Microsoft, and other computer-related companies, take very seriously. It also represents a double-edged sword. On the one side, it is important to continue to increase both the functionality available to bona fide applications and the ease at which they interact with users. At the same time, it is important to appropriately safeguard these systems and prevent inappropriate access, while not impacting users with burdensome security barriers. Being able to provide both of these features equally well is possible, but not without a lot of careful design work and tradeoffs.
As a developer, your role in addressing the security needs in your application depends a lot on the type of application you are developing, and its level of interaction with the user as well as the operating system itself. Applications that are web-based will face a much higher degree of scrutiny, because they represent a greater potential threat to the user. Such applications should not expect to be able to have access to the same freedoms as a locally installed application. Applications that are locally installed are able to interact much closer with information located on the client system, but if they provide any option for connecting to other systems via the Internet, they will need to be careful to provide the appropriate safeguards to prevent the potential of either viruses, or exposing private information about the user without their permission. And applications that don't specifically provide any form of network connection also need to think carefully about security. They still need to identify what forms of abuse they might possibly be exposing through any form of scripting or programmable interfaces that they provide.
Web browsers and other connectivity support applications can, and should, work hard at providing as safe an environment as possible, but security also requires some level of diligence on the part of the computer user. Computers are not (yet) simple appliances, although many people treat them as such. Computers are fairly complex machines capable of an incredible variety of operations. It is this flexibility that opens up the potential for viruses, hackers, and other forms of inappropriate access. Just as users of table saws, gas stoves, and automobiles need to understand their product to use them safely, so too should the standard computer user. At the least, they need to have enough understanding of their computers to protect themselves from malicious individuals.
Robert Hess is an evangelist in Microsoft's Developer Relations Group. Fortunately for all of us, his opinions are his own.