Linked by Thom Holwerda on Mon 14th May 2012 15:20 UTC
Windows "Senate Judiciary Committee staffers plan to take a look at allegations that Microsoft has made it difficult for competing Web browsers to run on a certain version of Windows, an aide to Antitrust subcommittee Chairman Herb Kohl told The Hill Thursday." Good. We have to nip this in the bud, and with a bit of luck, it alerts Washington to the iOS situation as well. More browser competition equals a better web - mobile devices aren't magically exempt from this just because they have no keyboard. As simple as that.
Thread beginning with comment 518069
To read all comments associated with this story, please click here.
On the other hand
by vaette on Mon 14th May 2012 18:02 UTC
vaette
Member since:
2008-08-09

On the other hand it is a rather bad idea to in law enforce that all operating systems has to provide arbitrary applications with simultaneously writable and executable memory. There is certainly a huge security advantage to banning it.

Reply Score: 3

RE: On the other hand
by shmerl on Mon 14th May 2012 18:16 in reply to "On the other hand"
shmerl Member since:
2010-06-08

IE isn't banned from it. That's the problem. So IE could be exploited, while others are not allowed (presumable because of security reasons, while in reality because of the direct anticompetitive advantage).

Reply Parent Score: 6

RE[2]: On the other hand
by vaette on Mon 14th May 2012 18:43 in reply to "RE: On the other hand"
vaette Member since:
2008-08-09

Right, but minimizing the amount of code that is allowed to do potentially risky things is a good thing. The OS loader (and .NET JIT) has to be able to write pages and then mark them executable, the kernel is allowed to leak information between apps randomly, neither is an argument to allow all applications to do it.

I understand that it is unfortunate for competition, but allowing all applications this privilege really is excessive, and defining a bar that Chrome and Firefox reaches while preventing small developers from branding their random flickr viewer a "browser" to get access to dangerously powerful APIs is a nasty can of worms.

I'll also note that neither ChromeOS or Boot to Gecko give anyone else the capability to execute code in writable pages (on top of a lot of other extreme limitations compared to WinRT).

Reply Parent Score: 2

RE: On the other hand
by Neolander on Mon 14th May 2012 19:06 in reply to "On the other hand"
Neolander Member since:
2010-03-08

What about forbidding memory to be RWX, but allowing it to be either R-X or RW-, and letting software dynamically switch pages between both protection modes through system calls ?

This way, one both allows the existence of third-party JITs and still gets the full security benefits of DEP/NX. Forbidding the existence of self-modifying code is impossible anyway, since programs can always include a simple Turing-complete bytecode interpreter and read instructions from a data file in order to get the job done, even if it will be slow.

Edited 2012-05-14 19:10 UTC

Reply Parent Score: 2

RE: On the other hand
by pgeorgi on Tue 15th May 2012 07:42 in reply to "On the other hand"
pgeorgi Member since:
2010-02-18

On the other hand it is a rather bad idea to in law enforce that all operating systems has to provide arbitrary applications with simultaneously writable and executable memory. There is certainly a huge security advantage to banning it.

They don't provide the CLR compiler to metro apps on ARM as well.
That could be a middle ground: let Firefox et al compile Javascript to CLR, then let Microsoft's own JIT take care of security and speed.

It's allowed to use the JIT on x86, but not on ARM. It's all about iOS-style lock-in (you can't easily run downloadable code that way).

iOS was an oversight (who would have thought that Apple creates a hit?), but Microsoft is usually market leader by "Version 3".

The iOS lock-in should be fixed, the Metro lock-in avoided. No need to repeat making mistakes.

Reply Parent Score: 2

RE[2]: On the other hand
by vaette on Tue 15th May 2012 11:14 in reply to "RE: On the other hand"
vaette Member since:
2008-08-09

That is an interesting fact, and I agree that this would be a very good middle ground. Possibly restricting the code you generate to the JIT to be run in a secure context as well. Hopefully Microsoft can pick up that idea.

Reply Parent Score: 2