Most Web browsers can be configured so that certain "helper" applications are automatically run when files of particular type are downloaded from the net. Although this is a good way to provide extensibility, you should not configure your Web browser so that programs downloaded from the net are automatically executed. Doing so poses a profound risk, because it provides a way for outsiders to run programs on your computer without your explicit permission. (For example, a program could be embedded in an HTML page as an included "image.")
The exception to these hard and fast rules may be the Java programming language. The creators of Java have gone to great lengths to make sure that a program written in Java cannot harm the computer on which it is running. Whether or not the creators are correct remains to be seen. However, we have our doubts based on past experiences with complex software. As this book goes to press, there is no indication that Java has any significant protections against denial of service attacks. Also, as this book goes to press, several serious security bugs in Sun's and Netscape's implementations of Java have been reported.
Most users run Web browsers that are provided by third parties with whom the user has no formal relationship or signed contract. Instead, users are asked to click buttons that say " ACCEPT " to signify their acceptance of the terms of a non-negotiable license agreement. These license agreements limit the liability of the companies that distribute the software.
Individuals and organizations using such software should carefully read the license agreements. They rarely do. In particular, consider these two clauses in the Netscape Navigator 2.02b license. Interestingly, these are the only two paragraphs of the Netscape license agreement that are in all capital letters. They must be important
What these paragraphs mean is that Netscape Communications disclaims any liability for anything that its Navigator software might do. This means that the Navigator could scan your computer's disks for interesting information and send it, encrypted, to a Netscape Commerce Server, when it is sent an appropriate command. We don't think that Navigator actually has this code compiled into it, but we don't know, because Netscape has not published the source code for either its Navigator or Commerce Server. (Netscape is not alone in keeping its source code secret.)
We do know, however, that users have reported some security lapses in 2.0beta Navigator having to do with Netscape's Live Script, renamed Java Script, programming language. A feature in a beta version of the browser allowed any server to query the Web browser for the list of URLS that had been visited by the user. As URLS can contain passwords, this posed serious security issues. Although this feature has been taken out of Navigator, it is possible that it could be reintroduced in the future through the use of a programming language such as Java.
Indeed, programming languages such as Java create a whole new layer of security issues. Java is a programming language that is designed to allow the downloading of applications over the World Wide Web. Java is designed to be secure: the programs are run on a virtual machine, and they are not run unless they are approved by a "verifier" on the Web browser. In the initial implementation of Java for Web browsers, programs written in Java are permitted to access the network or to touch the user's filesystem, but not both. Programs that can touch the filesystem are permitted to read any file, but only to write in a specially predetermined directory.
Unfortunately, Java's current security model is rather restrictive, and it is therefore quite likely that users will demand a more open model that gives Java programs more access to a user's filesystems and the network. This will probably produce a new round of security problems.