Microsoft says that WebGL is going to lead to a long series of difficult to resolve security vulnerabilities and want the 3d technology for browsers in its current form doesn’t support it. As an alternative hint the manufacturer on a solution of its own.
With WebGL enables web developers, the browser, without plug-ins, 3d images generate. Versions of Chrome, Firefox, Safari and Opera support WebGL, the Khronos Group at the beginning of march the first draft. Microsoft, however, was absent on the list of companies that support the technology.
In a blog post, the company from Redmond that on the occasion of a report with a critique on the security of WebGL, a private analysis of the standard. “The analysis led us to conclude that Microsoft products that WebGL would support difficult by the Security Development Lifecycle verification would come,” said the Microsoft Security Response Center.
A big problem is Microsoft that browser applications have access to graphics cards and associated drivers, while so far it has hardly had to reckon with possible malware threats. Not only would the WebGL itself to deal with vulnerabilities, but also the many drivers, which browserbouwers few can do. An additional problem would be that the average user is not used to his videokaartdrivers to upgrade, as there are already new versions come out that the leaks be sealed. “We expect there to be bugs appear on certain platforms or with specific video cards, and therefore possible targets for attacks,” explains Microsoft.
The manufacturer also points to the danger of denial-of-service issues and the proven inadequacy of the current security measures. “We see the need to identify solutions in this area, but our goal is to ensure that they are safe, what design and roll-out is concerned, and that they by default are safe,” says the security team of Microsoft. The company carries its own Direct3D as an alternative, because among other things, by restrictive apis less security issues would play.