Feeds

Microsoft: Silverlight youth beats Flash experience

Outta your sandbox

Internet Security Threat Report 2014

It sounds like Microsoft is getting the same treatment from Apple as Adobe Systems when it comes to putting its media player on the iPad and iPhone.

It's been put on hold.

Regardless of whether Silverlight makes it on to either, Microsoft still feels pretty good about how it stacks up against Flash in security - an area where Apple chief executive Steve Jobs recently unloaded on Flash.

There's no Flash on the iPhone, Jobs said, because Flash is riddled with bugs. "Whenever a Mac crashes more often than not it's because of Flash," Jobs said. Adobe's chief technology officer Kevin Lynch fired back: "We don't ship Flash with any known crash bugs."

In an interview ahead of next Tuesday’s release of the latest installment in the Silverlight story, Silverlight 4, corporate vice president for the .Net developer platform Scott Guthrie told The Reg that security and performance for the player are "super critical" to Microsoft.

Overall, he added, Silverlight 4 positions Microsoft "very well" as a technology for building and delivering Rich Internet Applications (RIAs) against the Flash-based Adobe Integrated Runtime (AIR).

The stakes are certainly higher with this version of Silverlight than previous editions.

Silverlight 3 ran applications from the safety of a sand-boxed environment, to protect your PC from potentially malicious code that might be hidden inside that video of the cat playing chopsticks you just downloaded from YouTube and started watching during your lunch break.

But version 4 lets you chose to run applications outside the sandbox as it taps into your computer in a way that would embarrass its predecessors.

Video in Silverlight 4 will integrate with the media hardware on your PC, like the processor and any camcorders - should the application using Silverlight need to use a video, that is. Silverlight 4 adds new APIs that let you re-size and re-position video or other content using Silverlight outside the browser and on the desktop. Applications can be integrated with the task bar at the bottom of your Windows-7 screen or the doc on Apple's OS X. Applications written in Silverlight 4 can also access the PC's clipboard.

Applications in Silverlight 4 can read and write to the file system if the application is supported. And you can customize the chrome and host HTML - handy for running video build in HTML 5 but also potentially handy for cross-site scripting or SQL-injection attacks.

Guthrie said security is something Microsoft worries about every day but noted Silverlight has enjoyed a very good reputation since version 1.0 in 2007. He attributed that to youth.

Silverlight has been built in an era when its been possible to take advantage of the best practices that have evolved as the result of the last decade's word of attacks. Technologies like Flash, which hails from the mid 1990s, predate this and contain layer upon layer of legacy code and fixes to cope with first the PC and then the rise of the web.

"Any code written in the last five years tends to be more secure than the code written 10 years ago - that's true for us and others," Guthrie said. "Silverlight, because it's been written over the last two to three years, is able to incorporate the best practices we've learned. We feel pretty good about Silverlight's security."

Interestingly, during the recent Pwn2Own hacker contest at CanSecWest, Google's Chrome was the only browser not to succumb to attacks from hackers that felled Internet Explorer, Mozilla's Firefox, and Apple's Safari. All these pre-date the two to three year window while Chrome is Silverlight's peer, having been first released in 2008.

Overall, Guthrie said he felt Silverlight 4 positions Microsoft well against Adobe's Flash-based AIR for RIAs. Like Silverlight, AIR breaks down the barrier between downloaded applications and their access to the local hardware and data on your PC.

In many ways, Silverlight 4 closes the gap on Flash and AIR on a features perspective with simple additions like the ability to print from Silverlight and the addition of support for rich text, bi-directional, and RTL text.

Guthrie repeated the latest market-share numbers Microsoft has claimed show Silverlight's growing uptake is closing in on Flash's ubiquity - Adobe claims Flash runs on more than 90 per cent of PCs.

He claimed Microsoft's data shows 60 per cent of all devices on the internet now run Silverlight - up from 45 per cent when in November 2009 when Microsoft released the Silverlight 4 beta. Guthrie cites major events like the Vancouver Winter Olympics, the March Madness basketball frenzy in the US, and Victoria's Secret fashion show have all been broadcast online using the Silverlight player have helped drive uptake as viewers had to downloaded the player.

Guthrie claimed this gives Silverlight RIAs and edge over AIR, because you don't need to download a separate Microsoft RIA runtime. You get the RIA as part of Silverlight. AIR, though, needs to be downloaded separately to Flash, so while Flash is ubiquitous AIR's still striving for penetration. He claimed Silverlight is installed on "three times" as many machines as AIR, making the Silverlight RIA option more attractive to developers looking for an existing market to target.

"While Flash is installed on lots of machines, AIR is not...so the day we ship next week our out-of-browser support will be installed on far more machines than AIR," Guthrie said.

That's a maybe, but there's still one device they all want to be on and that won't be running Silverlight, Flash, or AIR anytime soon. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
That dreaded syncing feeling: Will Microsoft EVER fix OneDrive?
Microsoft's long history of broken Windows sync
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Nokia's N1 fondleslab's HIDDEN BRILLIANCE: The 'Z Launcher'
Sugarcoating Android's Lollipop makes tab easier to swallow
Bug fixes! Get your APPLE BUG FIXES! iOS and OS X updates right here!
Yosemite fixes Wi-Fi hiccup, older iOS devices get performance boost
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Meet Windows 10's new UI for OneDrive – also known as File Explorer
New preview build continues Redmond's retreat to the desktop
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.