Following a wave of browser related awesomeness, comprised of multi-process architecture (Chrome) and bar-raising sexiness (Safari), a brave and very unlikely candidate has dropped a few breadcrumbs concerning a new solution in the works.
Microsoft’s prototype—codenamed Gazelle—is reportedly after a huge fish. Taking a different route to their desired success than the aforementioned, the company’s research team recently released a thesis on what a secure browser should really look like. The statement addresses a number of security issues that have been around since day one, and the proposed solutions make Gazelle out to be the first browser that thinks like an operating system.
The catch? It’s slower, it uses more resources than IE7 and as of today, it’s still unavailable for test runs. If it’s ever finally released to the public, what do you think the chances are that the world will trade in convenience and speed for security?
Before we get into OS, let’s talk about Web pages for a second. In simpler times (like 1997), a Web page was nothing more than a bunch of static information viewed piecemeal.
Present day, Web 2.0 comes stock with oh, about a thousand and one Web applications that are each pulling and grabbing information from various sources. And while it’s perfectly lovely and convenient to see an aggregation of content, in doing so you run the risk of bringing in information from multiple unknown, untrusting Web sites or services.
Microsoft is treating this security issue as *the* problem to be solved during this strange, blurry time between Web 2.0 and 3.0. Their proposed solution is to take the idea of multi-process architecture, mix it with the stability of an operating system and pop out a browser that’s like no other before it. The proposed multi-principal OS will hopefully be the outcome of another project under development at Microsoft Research called "MashupOS," which Microsoft has discussed publicly.
This change in approach is radical, and no doubt a result of how powerful and interactive browsers have become. With the standard that Web applications have reached (think Google Docs) a surfacing question is, “Why even bother with an OS when my browser can do it?”
Out with the Old
In Gazelle, Microsoft tosses out the old-fashioned idea of a Web page as an integral whole. Content is separated into processes based on site of origin, much like Chrome’s tabs. For example, a page that contains text from one URL, streaming media from another, and ads from yet another would be split into three separate processes. That makes each portion of the content inherently more stable and secure, and best of all, if one application crashes, it doesn’t drag the rest down with it.
Security wise, a system like this would in effect provide cross-domain protection that prevents code in one domain from compromising the integrity of other domains. Communication lines cold be controlled without making many changes to the existing Web API, and backwards compatibility would be maintained.
"Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance and backward compatibility," Microsoft Research said.
When’s the Action?
Word around e-street is that Gazelle is unlikely to see the light of day as this was a Microsoft Research effort designed as a "what if" scenario. Also, isolating all of those processes caused the browser to run significantly slower than what we’re used to. At this point, poor speed is enough to dismiss a browser without much knowledge of it otherwise.