Saturday, September 14, 2024

Microsoft Puts ‘Web Sandbox’ into Open Source

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Using a commonly-used open source license, Microsoft on Tuesday released source code for a virtualization technology it developed that is meant to make websites safer from attack. At least, that’s the hope.

The technology, named Web Sandbox, is designed to isolate the different parts of a Web page from each other via virtualization, thus enhancing security. Additionally, it will work with most browsers – not just Microsoft’s (NASDAQ: MSFT).

Web Sandbox, a project of Microsoft’s Live Labs, was released this week under the Apache License 2.0 license, although the company was careful to point out that the project is not sanctioned or sponsored by the Apache Software Foundation.

Microsoft released a community technology preview of Web Sandbox at its Professional Developers Conference (PDC) in Los Angeles in late October. However, more visible projects – for instance, Windows 7 and Windows Azure – got much more attention at the PDC. Web Sandbox was lost in the roar.

That doesn’t mean that it’s not important, however. “There’s a need for more Web standards and interoperability [driven by] the fact that things like cross-site scripting attacks are becoming more common,” Ray Valdes, vice president of Web services at Gartner, told InternetNews.com.

One issue behind the increase in vulnerability is that Web 2.0 sites are often composed of multiple components, combined into so-called ‘mashups.’

“Modern Web pages are made up of pieces that may be served from different locations —maps, visit counters, affiliate programs that run scripts on your page, gadgets built by outside developers, and more,” says a statement on the Live Labs Web Sandbox page.

With so much complexity going on behind the scenes, Live Labs developers were looking for a way to isolate processes that should not be allowed to communicate directly, if at all, with each other. The key is to virtualize each component to more tightly control what it can do to other components or what they could do to it. Thus the term ‘sandbox.’

“The Sandbox is a framework that works on most modern browsers that support … the JavaScript standard, and provides the same features in all modern web browsers. No browser add-ons or changes are required to leverage this technology,” said a blog posting on Microsoft’s Port 25 open source community site.

This article was first published on InternetNews.com. To read the full article, click here.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles