It's all but official: Microsoft won't release the next version of Windows (code-named Memphis) until 1998. The beta is out, though, and we review it in this month's Registry. You'll also find undocumented secrets about Microsoft's upgraded browser, Internet Explorer 4.0, which will be built into Windows 98 and which is the biggest and most visible change to the OS. (For reviews, see "Memphis: The Inside Story," page 66, and "IE 4.0 Secrets," page 182.)

However, until Microsoft straightens out the security fiasco surrounding IE and ActiveX, the best secret we can divulge is this: Proceed with caution. Why? Because Internet Explorer (3.x and later) has a back door Sandra Bullock could drive a bus through. In a nutshell, scriptable software available on the Internet can compromise your system, something vendors should be protecting us from (for details, check out www.zdnet.com/wsources/latebreak).

Symantec mistakenly left the door open in Internet Explorer. A core OCX in Norton Utilities 2.0's System Genie is marked "scriptable," which means any programmer using a Microsoft scripting tool--VBScript, C++, Visual C++, or Visual J++--could control it. Macromedia did the same with its Shockwave plug-in for Navigator. Fortunately, the good guys discovered these problems first: Both vendors have since shut the door. But there's no telling how many other products may leave you vulnerable.

Not My Problem

More troubling is Microsoft's response to the situation. At press time, the company's response was that Netscape's Navigator does it, too. Not the best time to adopt a "me, too" attitude. However, Microsoft inadvertently acknowledges the underlying problem, which is Internet Explorer's and Navigator's architectures. Both browsers give third-party software vendors an opportunity to access your machine without your knowledge.

While Microsoft provides the architecture and the tools that make a backdoor attack possible under IE, it doesn't provide a security mechanism to prevent it. Microsoft includes VeriSign's Authenticode technology in IE, but code signing a la Authenticode doesn't deter attacks such as the one Norton Utilities exposed us to; it only helps guard against malicious downloads. Worse, Internet Explorer provides configuration options that mislead us into thinking we're protected from security threats when we are not.

The Crown Jewel

I don't know why Microsoft doesn't swallow its pride on this one and come up with a solution, but I can guess: ActiveX.

If it wasn't for ActiveX encouraging developers to pursue a component-like architecture, such attacks might be impossible. In light of the network computer- Java onslaught, the key to Microsoft's future rests in ActiveX. All roads at Microsoft lead to ActiveX--Win32, Internet Explorer, the development tools (from VBScript to Visual Studio), and Microsoft's entire Internet strategy.

Shut down any part of ActiveX, which is what you must currently do if you want to protect yourself from the security risks IE exposes you to, and the charm of Microsoft's approach becomes dust. ActiveX is Microsoft's crown jewel, the key to its future, and Microsoft will be damned before it acknowledges that ActiveX has a security problem. Instead, Microsoft points to Netscape and Sun and claims that the forthcoming versions of Communicator and Java will do the same things (including code signing) Internet Explorer and ActiveX do now.

Monkey see, monkey do? Call it what you like, but from my point of view, Microsoft is focusing too much on Netscape and Sun and is putting your best interests aside.

I hope that by the time you read this, both Microsoft and Netscape will have acted. Just as Authenticode warns you when you're about to download code from the Net, there should be something similar to tell you when you're about to execute code from the Net. At press time, Microsoft VP Brad Silverberg said that code signing for Web sites is coming.

In addition, you need an end user scanner for discovering which software packages on your computers are "safe for scripting." Controls toggled as safe, such as the one in Norton Utilities, are the culprits. Microsoft's application development tools (Visual Basic, Visual C++, et al.) have this capability. Now package the scanner in a way that lets the rest of us mortals assess the risk.

Finally, because invasion potentially involves data theft, it's time for encryption that's built into the operating system in a way that doesn't make opening and closing files a drawn-out process. That way, if someone tries to pickpocket your hard disk, she'll be out of luck.

David Berlind is editor-in-chief of Windows Sources. You can reach him at dberlind@zd.com.

Source: Windows Sources