Against Integrated Systems

There is a current trend in software to build systems that can do many things. This trend is the most obvious when it comes to web browsers. But from a security perspective this trend is incredibly dangerous. I really don't want my applications to do more than the minimum necessary.

What is the real problem with browsers? Fundamentally the problem is that they have a huge attack surface. A browser have to parse and run a multitude of different languages with a ton of interactions and side effects to keep track off. To make it worse, all this code is by definition untrusted - it comes from somewhere on the web. Thus we have the current situation where most of the exploits that are used in one or another way involves the browser. The NSA claims in internal documents that if they can get someone to run something in their browser, they will own the computer.

The next time you're thinking about building an application and you feel the browser is the right place, consider the security implications of that decisions. Another related point to this is also that crypto should not be done in the browser. Even if you do the best you can with the new modern standards, crypto in the browser is inherently a bad idea. If you care enough to actually do crypto, then care that extra bit to not make it useless.

What about other applications? We are seeing IM clients getting more and more power, and this of course causes a bunch of issues as well. Mail clients are in the same situation. I don't want my email client to render HTML and JavaScript - I want the best mail reading experience I can get. And the list of these kind of integrations continue.

So I implore you to consider writing a native application instead of a web application next time. I know there are issued with native applications as well, and they are harder to deliver and keep up-to-date. But at the end of the day a native application will likely keep your users more secure.