posted by Thom Holwerda on Wed 10th Dec 2008 19:49 UTC, submitted by BluenoseJake
IconGoogle has released an early version of Native Client, a framework designed to run portable x86 binaries inside a web browser - in a sandbox. Native Client also includes technologies that allow for easier communication between JavaScript and Native Client executables, which makes it possible for web applications to leverage native code when it comes to processor intensive tasks. This sounds eerily similar to Microsoft's ActiveX - one of the biggest security failures of the Windows operating system. Google insists, however, that Native Client is much, much more secure.

Google also released a research paper concerning Native Client, and in this paper, they detail the extensive work they have done on making sure Native Client is a safe and secure way of running native code inside your web browser. When comparing it to ActiveX, the paper claims:

Perhaps the most prevalent example of using native code in interactive web pages is Microsoft's ActiveX. ActiveX controls rely on a trust model to provide security, with controls cryptographically signed using Microsoft's proprietary Authenticode system, and only permitted to run once a user has indicated they trust the publisher. This dependency on the user making prudent trust decisions is commonly exploited. ActiveX provides no guarantee that a trusted control is safe, and even when the control itself is not inherently malicious, defects in the control can be exploited, often permitting execution of arbitrary code. In contrast, NaCl is designed to prevent such exploitation, even for flawed NaCl modules.

Native Client is available as a preview release starting today. On a final note, everybody who does not mention Google OS in the comments gets a cookie.

e p (4)    36 Comment(s)

Technology White Papers

See More