Microsoft takes Gazelle secure browser on road trip Microsoft will next month present its browser-as-operating-system project to an international symposium of computer and security experts. The Microsoft Research team behind Gazelle plans to discuss the architecture and principles behind their baby at the Usenix Security Symposium in Montreal, Canada. Gazelle is designed to …
This article next to the latest IE on WinXP Exploit. How's about they fix the current OS/Browser before dreaming up a new one.
Anyone remember GM parading around concept cars? Look where GM is now!
Every day Apple OSX looks better, because it is "mokeyboy-free" (as in no monkeyboy, not that Apples stuff is free, lol).
Gee, thanks for setting the bar so high Helen. How about designing a product to be truly "secure". No unnecessary features, no extensions, no active content. Just secure communications between a remote device and a bank/retailer so I can do secure transactions without worry.
I really don't want to troll here about MS, Windows, Linux, OSX .... as the article says this is a research project, not a beta product.
This is interesting concept and I was thinking about this the other night. Web development techniques are really on a different level then 15 years ago and maybe there is no need for OS in some cases. You might argue that this goes againts every architecture principle, but maybe this research can show that we can break the principles. Remember when BEA tried to create JAVA server which would not need OS?
"This article next to the latest IE on WinXP Exploit. How's about they fix the current OS/Browser before dreaming up a new one."
The current OS browser is Vista and IE8 - which aren't impacted in this exploit. In fact, and correct me if I'm wrong here, but I believe the current OS/Browser - which isn't impacted - is nearly 3 years old, and it's successor is due for release within a couple of months....
So fuck you and your overpriced fisher-price, over-priced and under powered door stop.
""""
Gazelle is a kernel that tries to sidestep these issues by treating the browser as a self-contained operating system. It's designed to protect website instances from each other and from the host machine by managing access to the PC's underlying resources.
Microsoft senior researcher Helen Wang working on Gazelle said Microsoft's work could lead to browsers evolving into multi-principal - translated: multiple website - operating systems. "Web applications would take a giant step forward in functionality and quality."
"I would like to see Web applications achieve function and quality parity with desktop apps," Wang said on the Microsoft Research site. "That's the ultimate goal of this research."
""""
OR.. they could not be huge ivory tower morons and realize that Google did a better job at solving the problem by running each website as a seperate process and taking advantage of the native platform's sandboxing capabilities.
You get all the same benefits without having to run a OS on top of a OS and replicating a crapload of already-existing functionality. Way to over-engineer, Microsoft Research.
"How's about they fix the current OS/Browser before dreaming up a new one."
Perhaps because the current setup is fundamentally flawed and a whone new approach is needed? Firefox had enjoyed a steady stream of patches and highly critical exploits the width of the Amazon river since it launched, and Safari hasn't proben to be bullet proof either. Security through the use of a niche operating system and browser is no security.
Kudos to MS for taking the lead in this area. As with any other innovation, it requires more resources, so the right time for people to finally roll it out is when the hardware's ready. We're now reaching that point which is why Chrome and Gazelle are doing these interesting things. One day Opera and Firefox will do the same.
You can only polish a turd so much. Sometimes it's better just to start again. Personally, I'd welcome a version of IE where I could be confident that I'm not opening up my computer to all sorts of threats just by using it.
This might actually be enough of an innovation to tempt me back to IE if it is done properly.
Paris - **Insert smutty comment regarding lack of security holes here**
"Today, 20 plus parallel sessions are quite common; the browser is more of an operating system than a data display application," Mozilla Labs said.
Perhaps these people could look up the definition of 'operating sytem' before making trendwhore statements. Also, no mention of Chrome, the pioneers of the browser=OS bullshit?
Surely this is a huge backward step? MS have just spent years trying to protect the computer FROM the browser, so that IE7 and 8 run in 'protected mode', reversing their bad decision to integrate IE so tightly in with the OS.
So in order to protect us from cross scripting they propose to give the browser direct access to hardware and control of our whole computer again?
Perhaps I'm just stoopid, but I don't get it.
Surely the answer to cross scripting is quarantining browser instances from each other.
To this purpose, with virtual machines on the desktop in the future, surely this is a key application that would benefit? Giving any old website access to my hard disk again is NOT something I wish to do. I didn't like it last time, and it didn't turn out all too well, as I recall.
If you can't run 20 VMs at once, surely a special 'secure mode' VM that launches your banking site, and others for your trusted shopping sites is the answer. Then you run all your other browser sessions in one VM, where you are less worried about cross scripting.
My current solution is to run online banking only after shutting down Firefox and re-starting it. With no other sites open until I've finished. It's not that hard, and seeing as you get timed out so quickly on the bank's sites, it's no loss to my productivity.
@drag:
"OR.. they could not be huge ivory tower morons and realize that Google did a better job at solving the problem by running each website as a seperate process and taking advantage of the native platform's sandboxing capabilities."
IE8 runs each website as a seperate process, so if one website cracks up a tab, the rest of the tabs won't have a problem also the other instances of the browser are not affected.
"My current solution is to run online banking only after shutting down Firefox and re-starting it. With no other sites open until I've finished. It's not that hard, and seeing as you get timed out so quickly on the bank's sites, it's no loss to my productivity."
I really don't want to be cynical, but you kinda remind me Minister of Health from South Africa who was protecting himself from HIV by taking a shower right after the sex ...
your solution solves one problem out of 1000.... if you are really that paranoid, then you should
a.use two partitions and two OS and use one only for banking (make sure they don't see each other after reboot)
or
b. use VMWARE for all non-banking browsing
I would also recommend Z100g Antivirus Router (I use it as extra protection layer next to my normal AV)
First off I am no Mac fanboy, but sure like the idea that Apple did a code shrink in Snow Leopard (that is the kind of stuff I like to see). I have one Mac laptop versus one Sony laptop (Vista) and three PC desktops, and two of my desktops run Vista (one runs x64 and other x86).
My point is that MS should not go around hyping things that aren't here. Look at Vista, what ever happened to WinFS, Utlimate Extras for Enthusiasts (I would have liked a Win9x/XP VM or something to play with, not animated wallpaper). They look more and more like GM to me. GM hyping the future and letting other companies take the present, now GM has no future (or it looks grim). Will be interesting to see if GM will be around in 2020 to put out a hydrogen car.
@ Jimbo 7:
"your solution solves one problem out of 1000.... if you are really that paranoid, then you should a.use two partitions and two OS and use one only for banking (make sure they don't see each other after reboot)"
True, my solution only solves one problem, but it's the problem I can solve easily, and with little effort. I also maintain my computers to keep them as secure as I reasonably can. So far it's been enough. There's no reason to ignore a problem I can easily solve because there are others that I can't...
@Greg Fleming:
"Anyone who has 20+ browser sessions open simultaneously is a moron. They can't be actually using any of this content meaningfully."
I'm not so sure about that... I've currently got a few browser windows up: El Reg, a cricket scoreboard, a BBC iPlayer window (bit of radio for background while I do boring spreadsheet work), a shared spreadsheet I'm getting data from, and a couple of company's websites I'm selling to. I've just received an email with industry news, and I'm likely to click on at least 10 links in that, and then read the stories through the next half hour between calls, and admin work.
It's a perfectly efficient way of working. Does clutter the interface, so I guess Mozilla are right to be looking at new ways to display multiple tabs (and hopefully browser windows too).
Try doing some research on products online, and having 10-30 browser windows and tabs open is easy to achieve, before you whittle them down to the few useful ones.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
