RE: Securing ActiveX.

[Bill Frantz <frantz@netcom.com>]

At 5:49 PM -0800 12/16/96, Blake Coverett wrote:
>I agree 100%.  The intent of my comments was that such security *is*
>possible, but it's not available in widely deployed mass-market OS's.
>I'd love to hear feedback to the contrary, but it seems to me that it's
>extremely difficult to layer that type of security onto an existing system.

It depends on the level of compatibility you need.  If you need bug-for-bug
compatibility, then you get the security bugs too.  The only advantage you
have is being able to run two "systems" on one set of hardware.

If you allow some non-compatibilities, then things get better.  We had a
Unix running on KeyKOS which would run much of the Unix functionality.  For
example, we ran a number of the X demos.  On our IBM/370 version, we ran
IBM's CMS system with binary compatibility.  We used it for our development
environment, including editing, source management, compiling etc.  (There
was one IBM product we did not run.  It needed to read real-addresses to
grunge through system control blocks we hadn't emulated.  Since it had no
interface documentation, we would have had to look at its accesses, figure
out what it wanted, and simulate it.  Too much work for what was a pretty
bad product.)

If I was writing a Netscape implementation for KeyKOS, I would run Java
Applets in a separate protection domain because it would be relatively easy.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA