Feeds

MS to block internet apps by default in .NET

It's the corporates, stoopid...

  • alert
  • submit to reddit

Build a business case: developing custom apps

Microsoft is to implement a switch in default security settings in a forthcoming service release for the .NET Framework. As shipped, the default policy will be not to allow managed code to run from the Internet. Think about that one for a moment and then think about what you thought .NET was supposed to be about, folks - but don't worry, you can always switch it back on.

In a posting to a .NET discussion group, .NET client architect Chris Anderson explained this, somewhat redundantly, as meaning that "we are secure by default." He also said Microsoft was continuing to "comb the product for quality and security issues." Under the new regime it will be possible to turn running code from the Internet zone back on via the .NET Framework security utilities, or "you can easily add a web site into the Trusted Sites internet explorer zone, add a site to the .NET Framework security settings, or set the .NET Framework to trust a specific publisher or strong name or hash value, etc."

Given the blizzard of security bad news that has engulfed Microsoft of late, and Bill Gates' consequent discovery of security as the number one priority, it would seem obvious that the .NET switch is in some way connected, and that "secure by default" (which we note is an OpenBSD slogan) will be guesting in Redmond marketing campaigns Real Soon Now.

The real point, as Anderson makes clear further on in the posting, is: "We believe that one of the most compelling usage of safe mobile code is in the corporate intranet. By changing the default for the internet zone, we make it safer for corporations to deploy the .NET Framework in their networks."

Alternatively, if Microsoft can say to its corporate customers that .NET is absolutely secure because only your own trusted applications will run, and you're in no danger from stuff from out in the badlands, then they're less likely to foot-drag because of their perception that Microsoft products are dangerously insecure. Put simply, Microsoft needs a brick wall it can point to.

The move does however represent a serious downscaling of what .NET was originally supposed to be about, and is going to foreground trust as an issue as it rolls out beyond corporate intranets. Nor is it the entire answer (remember that when the Microsoft sales people come round). If an application can manage to persuade IE that it's running in a secure zone, then you're still knackered. We believe this happened relatively recently... ®

Build a business case: developing custom apps

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.