"What about Java, JavaScript, ActiveX, and all this stuff?" -- That's a question that I hear
more and more often these days. People are worried about viruses, about Trojan horses damaging their files,
about programs stealing their secrets, and about malicious code crashing their systems. As of this writing,
very little actual damage has occurred. The people who are finding security holes in the emerging Web and
Net products have been the good guys; when the good guys find a hole, they document it and bring it to the
attention of the appropriate people. But we have no assurance that this will continue. If the bad guys find
holes, they may exploit them for vandalism or personal gain.
Can we prevent that? How worried should you be about it? Are there really new dangers here? What does it
all mean for you and your business?
Rookie Borderguards
How many pieces of software on your computer talk directly to other computers? How many are willing to
accept data from other computers, and obey commands and instructions of various kinds embedded in
that data? Until recently, the answers to those questions would have
been "one or two" and "none, of course."
But nets, and the Net, have come into their own, and now it's all the rage to be Net-aware. Each
piece of software that talks to the Net is one more frontier, one more place that an attacker might
try to get a foothold in your system. And of course each frontier has its guards; each piece of
software has its security measures to keep out those attackers. But the more Net-aware applications
you have, the more complexity you have and the more different sets of security controls that might
contain exploitable bugs or design flaws.
Active content is a hot idea in the network world today. Active content means that your computer
is willing to take orders from other computers. You click on a link, and a Java applet gets downloaded
from a server somewhere, and runs. It runs surrounded by vigilant guards, and if those guards are doing
their jobs, the applet can do you no harm. You click on a different link, and an ActiveX control gets
downloaded. This time you get to be your own borderguard, deciding whether or not you trust the source
of the code that it contains, or the owner of the server that is attempting to invoke it.
Your newsreader sees a binary in a newsgroup you're reading, and again you get to decide whether
or not to accept it and execute it. If you're a guru, maybe you can verify its PGP signature to
determine for sure who posted it, and then maybe you can decide whether you believe it's virus-free
and not a Trojan horse. But more likely you just see who the posting claims to be from, hope it's
not a forgery, and make your decision based on that. Or maybe you Just Say No.
So you have a decision to make. You can stay a few generations behind, keep Java and JavaScript turned
off, refuse to install or download any software from the Net at all, and maybe miss out on the future.
This has its own dangers, though! People aren't moving onto the Internet just because it's fun; there
are great advantages to being there, and we'd be the last people to advise you to just Run Away.
What's the worst that can happen? The result of the usual security bug in a Net-connected program is
that an attacker can, by putting just the right stuff on his Web page, or sending just the right bits
down the wire to your computer, cause arbitrary code to execute on your machine.
That is, the attacker can cause your computer to do anything it's capable of, from erasing all
your files to subtly corrupting your key data to sending threatening letters to the local police. Smaller
and more limited security bugs occur also, but the arbitrary-code sort of bug seems to be the most common.
So are things going to improve?
Securing the Frontiers
Technological problems seldom have purely technological solutions. Whether you're an individual user
or an administrator responsible for a LAN full of systems, one of the most important parts of security
is awareness. What are you using, what are you doing? Are your users bringing in their own browsers
from home, or is everyone using the centrally-administered one that you've set up, with all the
security controls set right? Does your firewall really block the things you think it does? Have
you changed the passwords on all your servers to something other than the default password that all
systems of that brand come supplied with?
But there is some technology that will help. Digital signature systems are just about ripe, and
before long it should be possible to reliably determine where a piece of active content came from
and to automatically or manually use that to decide how much to trust it. Security models for active
content are being worked on in ivory towers and chilly basements, and we will gradually come to have
a better understanding of what security in an active, wired world really looks like.
Oh, and anyone who's about to send me the standard message "this is only a problem because PC
operating systems are so stupid; simply fixing the obvious OS deficiencies would make all these
problems go away," be warned that I've had that debate many times before, and you might want to
save yourself the typing. Even operating systems designed with security in mind were not designed
with this kind of security in mind. We need new techniques to protect our systems against these
new kinds of threats.
There are some standardization efforts going on in the fields of encryption and security, and
while they have all the usual problems that standardization efforts always have ("The great thing
about standards is that there are always so many different ones to choose from"), in time it should be
possible for most of your Net-aware programs to share their borderguards, by making use of standard
system-provided facilities for most of their security. I'm not going to go into these developments in
detail here, though, both because they aren't quite here yet, and because today I want to make you
worry a little. There'll be time enough for relief later on!
So what's the bottom line? Again, I don't want to scare you away from the Internet or to tell
you that it's a terribly dangerous place. But I do want to move you to think a bit about your
system and how it communicates with the world. Take inventory of your own frontiers and your
own border guards, and satisfy yourself that you know enough about your system's security to
be confident that you've got it right.