Blog: Microsoft Releases 'Web Sandbox' as Open Source

Microsoft Releases 'Web Sandbox' as Open Source
InternetNews.com (01/28/09) Johnston, Stuart J.

Microsoft's Live Labs has released the source code for Web Sandbox, a technology that it hopes will make Web sites safer from attack. Web Sandbox walls off the various parts of a Web page--such as maps, visit counters, and affiliate programs that run scripts--from each other. This isolation is accomplished by virtualizing each of these components, which in turn places tighter controls on what the components can do to one another. Web Sandbox does not require browser add-ons or changes, and will work on most Web browsers that support JavaScript. Despite the release of the source code, Microsoft is advising developers not to build production Web sites with Web Sandbox since the technology is still under development. However, Microsoft is urging developers to test Web Sandbox by trying to break through its security so that its protection can be strengthened. Analysts say that vulnerabilities created by Web 2.0 mashups make technology such as Web Sandbox important. "There's a need for more Web standards and interoperability [driven by] the fact that things like cross-site scripting attacks are becoming more common," says Gartner's Ray Valdes.

View Full Article