Back when Windows XP was in development, I wrote a column titled, “Ding, Dong, the Witch Is Dead (Almost)!”
I was writing about how Windows 98 was soon to done in by a more stable, more secure version of Windows, and about how the new version would, alongside OS X and Linux, usher in an era in which applications would be more sanely isolated from each other. No longer would we have to worry about single applications crashing and taking down our whole systems.
Lately, though, I’ve been displeased to find that misbehavior of certain applications I use is visited upon other, totally unrelated applications, leading to crashes, system resource problems and even potential security breaches on the machines I use. The problem is that a growing number of the applications I rely on are served up to me through my Web browser, and compared to operating systems, Web browsers do a lousy job playing host to applications.
Case in point: A few months ago, while reading a post on a security blog, I carelessly clicked on a proof-of-concept exploit of a Google cross-site scripting vulnerability. Without realizing it, I’d allowed this code to configure my Gmail account to forward all messages to the author of the POC. Google fixed the gap, but didn’t do much to advertise it to their users, and any unintended forwarding setups persisted after the fix occurred.
Fortunately, I was too lame to get a golden ticket to the then invitation-only Gmail service until every possible permutation of my name had been claimed by someone else, so I only use that account as a destination for mailing list messages and quasi-junk mail. In any case, the exploit writer closed his e-mail account fairly quickly under the server strain of more inattentive Gmail users than he’d perhaps anticipated.
Sure, I should have been clicking more carefully, but does computing in the software-as-a-service world have to mean settling for crude isolation between my blog reading and e-mail management applications?
Even if I amp up my script-running vigilance–I’ve been getting acquainted with the NoScript plug-in for Firefox–I’ll still have to worry that some Flash ad on a Web site in tab one will demolish the performance of the online Word processor I’m using in tab two, or even crash my whole browser session.
Software as a service is turning Web browsers into the operating systems of the Internet. If they know what’s good for them, Google, Salesforce.com, et al will start working more closely with groups such as the Mozilla Foundation to help deliver to us browsers to serve as the credible application hosts that we require.