Without question, Web-based applications are one of the most important developments in modern computing. You could even argue that the greatest threat to Microsoft's dominance of the PC desktop isn't Linux or open source; it's the Web. When any application can be delivered over the Internet and displayed in a browser window, who even needs an OS?
But not so fast. Stop for a minute to consider the complexity of a modern Web app. The amount and variety of data flying back and forth over port 80 is simply astounding. What we call a Web "page" might actually be a vast collection of disparate objects, including not just HTML and images but also executable instructions, state stored as cookies, XML and JSON data, and plug-in content. And these objects need not all originate from the same server or even the same domain. It's a virtual free-for-all, no pun intended.
For all that sophistication, however, Web clients are remarkably laissez-faire. True to their roots, today's browsers are little more than glorified document viewers. They'll mix and match all of that content however we ask them to with very little oversight. Each page is free to pull in content and code from wherever it likes and handle it all with equal privilege. Unlike a desktop OS, in a Web browser, there's really no one minding the store. And look where that's gotten us: The browser is now the leading vector for all forms of malware and phishing attacks.
Maybe it's time we changed our approach. Maybe it's time we stopped treating the browser as a passive client and instead put it in the driver's seat, giving it the power and authority to enforce a security model for the distributed applications it serves. In other words, maybe we need a Web browser that thinks like an OS.
A new project aims to build just such a browser -- and would you believe it comes from Microsoft?
Running apps like a gazelle
Don't scoff. Sure, Microsoft's Web security track record has been abysmal, but that's all the more reason for it to get it right this time. A modern browser design like Google Chrome could easily wind up eating Internet Explorer's lunch if something doesn't change. Microsoft's proposed answer to that challenge is ambitious, if not downright radical.
