Feeds

Microsoft: Silverlight youth beats Flash experience

Outta your sandbox

The Power of One Brief: Top reasons to choose HP BladeSystem

It sounds like Microsoft is getting the same treatment from Apple as Adobe Systems when it comes to putting its media player on the iPad and iPhone.

It's been put on hold.

Regardless of whether Silverlight makes it on to either, Microsoft still feels pretty good about how it stacks up against Flash in security - an area where Apple chief executive Steve Jobs recently unloaded on Flash.

There's no Flash on the iPhone, Jobs said, because Flash is riddled with bugs. "Whenever a Mac crashes more often than not it's because of Flash," Jobs said. Adobe's chief technology officer Kevin Lynch fired back: "We don't ship Flash with any known crash bugs."

In an interview ahead of next Tuesday’s release of the latest installment in the Silverlight story, Silverlight 4, corporate vice president for the .Net developer platform Scott Guthrie told The Reg that security and performance for the player are "super critical" to Microsoft.

Overall, he added, Silverlight 4 positions Microsoft "very well" as a technology for building and delivering Rich Internet Applications (RIAs) against the Flash-based Adobe Integrated Runtime (AIR).

The stakes are certainly higher with this version of Silverlight than previous editions.

Silverlight 3 ran applications from the safety of a sand-boxed environment, to protect your PC from potentially malicious code that might be hidden inside that video of the cat playing chopsticks you just downloaded from YouTube and started watching during your lunch break.

But version 4 lets you chose to run applications outside the sandbox as it taps into your computer in a way that would embarrass its predecessors.

Video in Silverlight 4 will integrate with the media hardware on your PC, like the processor and any camcorders - should the application using Silverlight need to use a video, that is. Silverlight 4 adds new APIs that let you re-size and re-position video or other content using Silverlight outside the browser and on the desktop. Applications can be integrated with the task bar at the bottom of your Windows-7 screen or the doc on Apple's OS X. Applications written in Silverlight 4 can also access the PC's clipboard.

Applications in Silverlight 4 can read and write to the file system if the application is supported. And you can customize the chrome and host HTML - handy for running video build in HTML 5 but also potentially handy for cross-site scripting or SQL-injection attacks.

Guthrie said security is something Microsoft worries about every day but noted Silverlight has enjoyed a very good reputation since version 1.0 in 2007. He attributed that to youth.

Silverlight has been built in an era when its been possible to take advantage of the best practices that have evolved as the result of the last decade's word of attacks. Technologies like Flash, which hails from the mid 1990s, predate this and contain layer upon layer of legacy code and fixes to cope with first the PC and then the rise of the web.

"Any code written in the last five years tends to be more secure than the code written 10 years ago - that's true for us and others," Guthrie said. "Silverlight, because it's been written over the last two to three years, is able to incorporate the best practices we've learned. We feel pretty good about Silverlight's security."

Interestingly, during the recent Pwn2Own hacker contest at CanSecWest, Google's Chrome was the only browser not to succumb to attacks from hackers that felled Internet Explorer, Mozilla's Firefox, and Apple's Safari. All these pre-date the two to three year window while Chrome is Silverlight's peer, having been first released in 2008.

Overall, Guthrie said he felt Silverlight 4 positions Microsoft well against Adobe's Flash-based AIR for RIAs. Like Silverlight, AIR breaks down the barrier between downloaded applications and their access to the local hardware and data on your PC.

In many ways, Silverlight 4 closes the gap on Flash and AIR on a features perspective with simple additions like the ability to print from Silverlight and the addition of support for rich text, bi-directional, and RTL text.

Guthrie repeated the latest market-share numbers Microsoft has claimed show Silverlight's growing uptake is closing in on Flash's ubiquity - Adobe claims Flash runs on more than 90 per cent of PCs.

He claimed Microsoft's data shows 60 per cent of all devices on the internet now run Silverlight - up from 45 per cent when in November 2009 when Microsoft released the Silverlight 4 beta. Guthrie cites major events like the Vancouver Winter Olympics, the March Madness basketball frenzy in the US, and Victoria's Secret fashion show have all been broadcast online using the Silverlight player have helped drive uptake as viewers had to downloaded the player.

Guthrie claimed this gives Silverlight RIAs and edge over AIR, because you don't need to download a separate Microsoft RIA runtime. You get the RIA as part of Silverlight. AIR, though, needs to be downloaded separately to Flash, so while Flash is ubiquitous AIR's still striving for penetration. He claimed Silverlight is installed on "three times" as many machines as AIR, making the Silverlight RIA option more attractive to developers looking for an existing market to target.

"While Flash is installed on lots of machines, AIR is not...so the day we ship next week our out-of-browser support will be installed on far more machines than AIR," Guthrie said.

That's a maybe, but there's still one device they all want to be on and that won't be running Silverlight, Flash, or AIR anytime soon. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.