msemail

My observation from using Internet Explorer is that it is very easy to simply navigate to a web site, and have the registry and File System modified without permission. For obvious reasons, this is undesirable, and in my opinion has led to the decline in its use.

I would like to see Internet Explorer sandboxed in order to increase its prestige and offer a safer browsing experience to the millions of active users. I believe that it must be sandboxed and will attempt to show a little bit of what led to it not being sandboxed.

Some of the basics of Internet Explorer come from old technology

    HyperCard consisted of a stack of cards. These stacks were intended to be run from a floppy disc and so were at the time essentially guaranteed to be sandboxed. As the card system became more prevalent it began running directly from the system and that meant the stack had access to the entire system. This presented a security issue because the runtime environment of the stack suddenly had access to places it was not intended to have access to.

    HyperCards greatly influenced the HyperText stack system used by the World Wide Web which Mosiac attempted to conform to when originally creating their browser. However, the HyperText system was not the only reason the Mosiac browser was created. Mosiac was also created with the idea to support ALL the competing protocols at the time (hence the name, a composite of all of the different technologies). Some of these protocols include access which has the ability to bypass the Transport Security Layer.

    However, the only component of Mosiac that mattered was the WWW aspect. A prefix was used in some cases to differentiate the other protocols, for example ftp.SomeIP, but it was the www.SomeIP which was really the star (in fact most people still assume they must prefix their website names with www). It became so popular that Microsoft eventually bought SpyGlass Mosiac (not MCC which would become Netscape) and began heavily supporting the development of Internet Explorer.

    As the two competed, they essentially co-developed certain browser aspects through competition. The most popular of those shared aspects would be the heavily pushed HyperCard system by Brenden Eich which became ECMAScript.

    The release of Internet Explorer 3 attempted to adopt many of the available protocols and new technologies which led to more avenues of exploits. The hooks for these exploits were never removed. In fact, they were expanded upon as Internet Explorer 4 rolled out a way to update the Operating System from the browser, and also took over the facility of Windows Explorer.

    Subsequent releases of 5,6,7, etc. were all in the right direction as they attempt to include features that make the web what it is today. XHR support, css support, dynamic element support, etc. The code introduced in Internet Explorer 5+ in my opinion does not majorly contribute to Internet Explorer's current dilemma. It is just that the streamlining of UX was not as quick as other companies, presumably because of the cost of constantly fixing bugs, errors, and security flaws.

The inclusion of this old technology presents grave security concerns

    Some of these inclusions are not an Internet Explorer only problem, it is just exacerbated in Internet Explorer because when the sandbox fails, the system runtime takes over. This runtime includes available hooks from Internet Explorer 3 and Internet Explorer 4 designed to modify the Operating System. I am not sure what this code looks like, but I can imagine it being very scary. I deeply, truly, sincerely, synonym for please do this, wish that the code included to update the Operating System can be entirely wiped out.

    Gaining access to the browser runtime seems to be a current them in all of the browsers.  For example, the exploits of the stack system lead to Chrome, Firefox, and Opera all also being exploited at the annual hackathon (Pwn2Own).

    Once the stack has been bypassed by malicious means, code executes on the runtime the browser runs in. As Internet Explorer originally also supported updating the Operating System -- which included access to the registry, to the hard drive, and to system folders and settings – executing code in the runtime environment is far more dangerous. This access should never be given to a browser which is used as the interface between a local machine and every hacker in the world.

Sandboxing the runtime of the browser is the only way to ensure that the heavily authorized runtime can never be accessed. Bypassing this sandbox should not result in access to a runtime environment which can run at the system level and which has access to system critical areas. Note that only this March this occurred at Pwn2Own.

Keep in mind that when other browsers have their sandbox bypassed, there is another sandbox, just like Chuck Norris. Code executing in a browser environment is one thing (such as vulnerabilities in Chrome and FireFox), but executing code at the system level is unacceptable.

I am not entirely sure of the exact approach that is used to create these sandboxed environments. However, what is clear is that Internet Explorer is not sandboxed enough. If there is a single line of code that is aware that it is executing in a Microsoft Windows runtime, it should be removed. The other browsers are developed with the idea of running from any Operating System, and this is how the Internet Explorer browser should be as well.

Recently, it has become popular for large companies to spinoff subsets of their companies, and this is generally pushed by people like Carl Icahn. Perhaps it would make sense to do this with Internet Explorer, and push it towards being its own entity (while still wholly owned by Microsoft) with the intention of both clearing its name and increasing user base.

I am a large fan of Microsoft technologies (ASP.Net MVC is amazing), and would like to see the Internet Explorer browser become a viable option. Please do not take this as a rant, if it reads like that I apologize.

Sincerely,

Travis