Feeds

Microsoft: Silverlight youth beats Flash experience

Outta your sandbox

High performance access to file storage

It sounds like Microsoft is getting the same treatment from Apple as Adobe Systems when it comes to putting its media player on the iPad and iPhone.

It's been put on hold.

Regardless of whether Silverlight makes it on to either, Microsoft still feels pretty good about how it stacks up against Flash in security - an area where Apple chief executive Steve Jobs recently unloaded on Flash.

There's no Flash on the iPhone, Jobs said, because Flash is riddled with bugs. "Whenever a Mac crashes more often than not it's because of Flash," Jobs said. Adobe's chief technology officer Kevin Lynch fired back: "We don't ship Flash with any known crash bugs."

In an interview ahead of next Tuesday’s release of the latest installment in the Silverlight story, Silverlight 4, corporate vice president for the .Net developer platform Scott Guthrie told The Reg that security and performance for the player are "super critical" to Microsoft.

Overall, he added, Silverlight 4 positions Microsoft "very well" as a technology for building and delivering Rich Internet Applications (RIAs) against the Flash-based Adobe Integrated Runtime (AIR).

The stakes are certainly higher with this version of Silverlight than previous editions.

Silverlight 3 ran applications from the safety of a sand-boxed environment, to protect your PC from potentially malicious code that might be hidden inside that video of the cat playing chopsticks you just downloaded from YouTube and started watching during your lunch break.

But version 4 lets you chose to run applications outside the sandbox as it taps into your computer in a way that would embarrass its predecessors.

Video in Silverlight 4 will integrate with the media hardware on your PC, like the processor and any camcorders - should the application using Silverlight need to use a video, that is. Silverlight 4 adds new APIs that let you re-size and re-position video or other content using Silverlight outside the browser and on the desktop. Applications can be integrated with the task bar at the bottom of your Windows-7 screen or the doc on Apple's OS X. Applications written in Silverlight 4 can also access the PC's clipboard.

Applications in Silverlight 4 can read and write to the file system if the application is supported. And you can customize the chrome and host HTML - handy for running video build in HTML 5 but also potentially handy for cross-site scripting or SQL-injection attacks.

Guthrie said security is something Microsoft worries about every day but noted Silverlight has enjoyed a very good reputation since version 1.0 in 2007. He attributed that to youth.

Silverlight has been built in an era when its been possible to take advantage of the best practices that have evolved as the result of the last decade's word of attacks. Technologies like Flash, which hails from the mid 1990s, predate this and contain layer upon layer of legacy code and fixes to cope with first the PC and then the rise of the web.

"Any code written in the last five years tends to be more secure than the code written 10 years ago - that's true for us and others," Guthrie said. "Silverlight, because it's been written over the last two to three years, is able to incorporate the best practices we've learned. We feel pretty good about Silverlight's security."

Interestingly, during the recent Pwn2Own hacker contest at CanSecWest, Google's Chrome was the only browser not to succumb to attacks from hackers that felled Internet Explorer, Mozilla's Firefox, and Apple's Safari. All these pre-date the two to three year window while Chrome is Silverlight's peer, having been first released in 2008.

Overall, Guthrie said he felt Silverlight 4 positions Microsoft well against Adobe's Flash-based AIR for RIAs. Like Silverlight, AIR breaks down the barrier between downloaded applications and their access to the local hardware and data on your PC.

In many ways, Silverlight 4 closes the gap on Flash and AIR on a features perspective with simple additions like the ability to print from Silverlight and the addition of support for rich text, bi-directional, and RTL text.

Guthrie repeated the latest market-share numbers Microsoft has claimed show Silverlight's growing uptake is closing in on Flash's ubiquity - Adobe claims Flash runs on more than 90 per cent of PCs.

He claimed Microsoft's data shows 60 per cent of all devices on the internet now run Silverlight - up from 45 per cent when in November 2009 when Microsoft released the Silverlight 4 beta. Guthrie cites major events like the Vancouver Winter Olympics, the March Madness basketball frenzy in the US, and Victoria's Secret fashion show have all been broadcast online using the Silverlight player have helped drive uptake as viewers had to downloaded the player.

Guthrie claimed this gives Silverlight RIAs and edge over AIR, because you don't need to download a separate Microsoft RIA runtime. You get the RIA as part of Silverlight. AIR, though, needs to be downloaded separately to Flash, so while Flash is ubiquitous AIR's still striving for penetration. He claimed Silverlight is installed on "three times" as many machines as AIR, making the Silverlight RIA option more attractive to developers looking for an existing market to target.

"While Flash is installed on lots of machines, AIR is not...so the day we ship next week our out-of-browser support will be installed on far more machines than AIR," Guthrie said.

That's a maybe, but there's still one device they all want to be on and that won't be running Silverlight, Flash, or AIR anytime soon. ®

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.