Search This Blog

Wednesday, February 15, 2006

What makes a plugin secure?

Here are some characteristics of a secure plugin:

1. It is digitally signed by the publisher by a third party issued certificate. This way the user at least knows where the plugin in coming from.

2. Inform the user of any actions which can lead to any changes in the system before hand and allow user to reject the proposed actions.

3. Give user the option to save current system settings such that the user can go back to it after the plugin has finished execution if the user so desires.

Items 2 and 3 above are sometimes the responsiblity of the application installing and using the plugin and not the plugin itself. From the end user perspective they are the same. So the the word plugin here can mean either just the plugin or the plugin together with web application driving it.

Both java applets and activex components are plugins. Both are written to the disk and saved for future use. ActiveX components can be used by applications other than the web browser while for most practical purposes, java applets can only be used from a web browser (there are stanalone java applet hosting programs out there but they are mostly used by developers and not by end users). The ActiveX component installation requires modification to system registery and hence the end user must have administrative privilege in order to install it while Java applets don't need any adminitrative privilege for installation. One can argue that this makes a signed Java Applet a bigger security threat than an ActiveX component since even a user with minimum previlege can download and run it without the knowledge of the system adminstrator. The only way to avoid this situation is to set the browser to not allow Java Applets all together.

No comments: