A History of Improvements
A History of ImprovementsThere are other systemic improvements that OS developers can and will implement. One of them, sandboxing, has a long history in managed environments such as Java. In fact, not too long ago, many felt that Java and such managed environments were the future of operating systems. There's still something to that, but the security records of Java and .NET haven't been especially impressive, even though they were supposedly designed with that objective.Managed virtual environments improve security by managing memory for applications, by protecting memory corruption errors, for example. The price of this is mostly system performance. The problem is that the environments themselves can have vulnerabilities, and quite a few of these have surfaced over the years. Plus, there are so many other classes of errors in addition to memory errors, so applications aren't secure purely by being written in a managed environment. Still, memory corruption errors are important, and the trend toward managed code is a net plus for security. This is one reason a lot of corporate development has moved to such environments-from Java to ASP.NET. Writing conventional code that is carefully scrutinized for security vulnerabilities is hard and requires expertise you may not have. Writing managed code takes care of at least the straightforward errors. And, once again, it shouldn't make anything harder unless you are relying on techniques you shouldn't be. With its Chromium environment forming the basis for the Chrome browser and operating system, Google has taken the sandbox to the next level by protecting native code running in the browser. It hasn't prevented vulnerabilities and exploits in the Chrome browser, but it has limited the impact of those exploits by preventing them from reaching beyond the limited capabilities of the browser environment. In fact, the entire Chromium sandbox runs in user mode, so nothing an attacker does will exceed the capabilities of the user running the program. Something similar can be said for Protected Mode in Microsoft's Internet Explorer 7 and 8 under Vista and Windows 7. Protected Mode runs the browser in a specially crippled user context that has no write access to anywhere outside of the temp folders. Look for all these techniques to be more widely available as generalized facilities for applications. However, both Chromium under Windows and Protected Mode rely on Windows-specific features, such as integrity levels, job objects and restricted tokens, which are not necessarily available on other platforms. Thus, the development of sandboxes could be the latest chapter in an old story: the trade-off between maximum functionality and platform portability. But it all depends on how you write your programs. If you write programs to run in the Chromiun sandbox and follow its rules, you should get some portability along with whatever sandbox features Chromium provides on Windows, as well as Mac and Linux.