Microsoft Puts 'Web Sandbox' into Open Source

Sandboxing tool aims to help secure processes on Web 2.0 Web sites through the magic of virtualization.

Using a commonly-used open source license, Microsoft on Tuesday released source code for a virtualization technology it developed that is meant to make websites safer from attack. At least, that's the hope.

The technology, named Web Sandbox, is designed to isolate the different parts of a Web page from each other via virtualization, thus enhancing security. Additionally, it will work with most browsers – not just Microsoft's (NASDAQ: MSFT).

Web Sandbox, a project of Microsoft's Live Labs, was released this week under the Apache License 2.0 license, although the company was careful to point out that the project is not sanctioned or sponsored by the Apache Software Foundation.

Microsoft released a community technology preview of Web Sandbox at its Professional Developers Conference (PDC) in Los Angeles in late October. However, more visible projects – for instance, Windows 7 and Windows Azure – got much more attention at the PDC. Web Sandbox was lost in the roar.

That doesn't mean that it's not important, however. "There's a need for more Web standards and interoperability [driven by] the fact that things like cross-site scripting attacks are becoming more common," Ray Valdes, vice president of Web services at Gartner, told

One issue behind the increase in vulnerability is that Web 2.0 sites are often composed of multiple components, combined into so-called 'mashups.'

"Modern Web pages are made up of pieces that may be served from different locations —maps, visit counters, affiliate programs that run scripts on your page, gadgets built by outside developers, and more," says a statement on the Live Labs Web Sandbox page.

With so much complexity going on behind the scenes, Live Labs developers were looking for a way to isolate processes that should not be allowed to communicate directly, if at all, with each other. The key is to virtualize each component to more tightly control what it can do to other components or what they could do to it. Thus the term 'sandbox.'

"The Sandbox is a framework that works on most modern browsers that support … the JavaScript standard, and provides the same features in all modern web browsers. No browser add-ons or changes are required to leverage this technology," said a blog posting on Microsoft's Port 25 open source community site.

This article was first published on To read the full article, click here.

Tags: open source, Windows, services, Microsoft, virtualization

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.