Microsoft Slams WebGL, Considers It Harmful
Microsoft Slams WebGL, Considers It Harmful
Posted 06/17/2011 at 7:17am
| by Paul Lilly
12
Comments
Print
Don't expect Microsoft to endorse WebGL (Web-based Graphics Library), the Khronos Group's cross-platform, low-level 3D graphics API for the web. Though it's supported in Mozilla Firefox and Google Chrome, and will be coming to future versions of Apple Safari and Opera, Microsoft is refusing to support WebGL in its current form because several security risks make it harmful, the Redmond software giant said.
"Our analysis has led us to conclude that Microsoft products supporting WebGL would have difficulty passing Microsoft's Security Development Lifecycle requirements," Microsoft said in a blog post.
One of Microsoft's key concerns is that browser support for WebGL directly exposes hardware functionality to the Web in a way it considers to be overly permissive. According to Microsoft, the security of WebGL as a whole depends on lower levels of the system, including OEM drivers, and while it might be possible to mitigate some of the risks, "the large attack surface exposed by WebGL remains a concern."
In addition to videocard driver vulnerabilities, Microsoft says WebGL relies too heavily on third parties to secure the Web experience. Microsoft caps off its concerns by pointing out problematic system DoS scenarios.
"We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities," Microsoft said. "In its current form, WebGL is not a technology Microsoft can endorse from a security perspective."
More like this
12
Comments
Comments are closed on this article
schneider1492
June 20, 2011 at 5:13am
I was excited to hear about webGL, but now im a little scared. imagine clicking on a link and boom some hacker has hardware level access to your system and all you can do is unplug it because even the power button can be disabled in settings.
many motherboard manufacturers have programs that flash your bios from in windows. its not impossible a security hole in your onboard graphics driver might allow a malicious bios to be flashed. with the space available to new uefi bios who knows what somebody might be able to make your computer do.
it sounds like after the epic fail that was ActiveX maybe Microsoft learned something. think about it, they just spent how many years cleaning up after the such disasters as auto-run and ActiveX, do you realy think micro
newegg911
June 18, 2011 at 6:34am
Quite obviously this has nothing to do with security, it's just that Microsoft doesn't want any competing software.
Honestly, if games weren't all Direct X these days, I'd probably dump Windows.
Silencer
June 18, 2011 at 4:21am
Charma. This is what they get, not for ActiveX, but for screwing up Windows 8. Heh, how's it feel, a new standard shoved up your a_s?
jesse_n_sf
June 17, 2011 at 2:14pm
Microsoft doesn't want both (ActiveX and WebGL) on their systems. This would be bad. so I agree with Microsoft.
Eoraptor
June 17, 2011 at 2:08pm
Leaving aside bludgeoning the recently deceased equine that is the ActiveX issue...
Isn't this MORE about microsoft trying to prevent people from leaving windows and microsoft Games in droves for cheaper, more open, web-based environments which they don't control? (think about it, if you could play Sim City, Civ, Warcrack, or EVE without Windows just from your browser, how many PCs with Windohs will M$ sell?)
Frank N Beenes
June 17, 2011 at 3:11pm
Im not sure thats their reasoning but I love the idea of never needing a Windows PC again.
MattyMattMatt
June 17, 2011 at 1:51pm
Aside from Active X lulz, I'd like to point out that this is the same company that believes it's a security risk to allow users to type javascript into the URL field because of XSS. Fools.
ferariman
June 17, 2011 at 11:09am
activex is one of the highest reasons for infections of noobs(like you) through internet explorer
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 21 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 21 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 19 hours ago
