Using a commonly-used open source license, Microsoft on Tuesday released source code for a virtualization technology it developed that is meant to make websites safer from attack. At least, that’s the hope.
The technology, named Web Sandbox, is designed to isolate the different parts of a Web page from each other via virtualization, thus enhancing security. Additionally, it will work with most browsers – not just Microsoft’s (NASDAQ: MSFT).
Web Sandbox, a project of Microsoft’s Live Labs, was released this week under the Apache License 2.0 license, although the company was careful to point out that the project is not sanctioned or sponsored by the Apache Software Foundation.
Microsoft released a community technology preview of Web Sandbox at its Professional Developers Conference (PDC) in Los Angeles in late October. However, more visible projects – for instance, Windows 7 and Windows Azure – got much more attention at the PDC. Web Sandbox was lost in the roar.
That doesn’t mean that it’s not important, however. “There’s a need for more Web standards and interoperability [driven by] the fact that things like cross-site scripting attacks are becoming more common,” Ray Valdes, vice president of Web services at Gartner, told InternetNews.com.
One issue behind the increase in vulnerability is that Web 2.0 sites are often composed of multiple components, combined into so-called ‘mashups.’
“Modern Web pages are made up of pieces that may be served from different locations —maps, visit counters, affiliate programs that run scripts on your page, gadgets built by outside developers, and more,” says a statement on the Live Labs Web Sandbox page.
With so much complexity going on behind the scenes, Live Labs developers were looking for a way to isolate processes that should not be allowed to communicate directly, if at all, with each other. The key is to virtualize each component to more tightly control what it can do to other components or what they could do to it. Thus the term ‘sandbox.’