The graphics library is supposed to bring 3D graphics to the browser, but Microsoft says it's insecure. Do they have a point? Microsoft caused a stir last week when it posted a lengthy discourse on why it would not support WebGL, a new software library that extends JavaScript to allow 3D interactive graphics in a browser. Every other major browser will support it — Mozilla Firefox, Google Chrome, Apple Safari and even Opera, the stripped-down, basic browser, will support WebGL. But Microsoft said no, and it didn’t come from the developer group, it came from the Microsoft Security Research Center group.The reason cited was that Microsoft products supporting WebGL would have trouble passing Microsoft’s internal Security Development Lifecycle requirements. Microsoft cited three specific problems: Browser support for WebGL directly exposes hardware functionality to the Web in a way that it considered to be overly permissive; browser support for WebGL security services relies too heavily on third parties to secure the Web experience; and there are problematic system DoS scenarios. The first complaint is probably the biggest. Video drivers are notoriously buggy. Nvidia and AMD are constantly releasing new drivers, sometimes just days apart from a previous release. True story: AMD released new Radeon drivers on June 15, and when I installed the drivers, the installation partly failed. Ten minutes after installing the drivers, my system froze for the first time in months. Microsoft wouldn’t be able to control flaws in drivers exposed to Windows through WebGL without seriously impacting the system. Microsoft’s only alternative would be to block and/or disable those drivers with known exploits, which would cause all kinds of user problems, and guess who’d take the blame for it?Some bloggers, especially the anything-but-Microsoft crowd, were quick to accuse the company of going back to its not-invented-here mentality, but Microsoft has long shed that mentality. It’s hard to make that argument when developers right now are fretting that Microsoft will abandon .Net and Silverlight in favor of HTML 5 in Windows 8. Microsoft’s position was buttressed a little by Context Information Security, a software security firm in the UK, which had pointed out similar arguments almost a month before Microsoft did.Mike Shaver, Mozilla’s vice president of technical strategy, responded to Microsoft in a blog post that Mozilla is working to address weaknesses as noted by Microsoft, and then pointed out that Silverlight 5 is attempting to do the same things as WebGL and thus has the same vulnerabilities.Circling back to the point I made earlier about Nvidia and Vista, we’re often quick to blame Microsoft for problems when it actually isn’t within their domain. In recent years, there has been a major effort to harden the operating system and browser, and Shaver noted in his blog that the Vista/7 display driver model is much improved. The people who need to make a security effort now are the GPU vendors. Related content reviews 8 free Wi-Fi stumbling and surveying tools for Windows and Mac Measuring signal strength, channels, MAC addresses and security status of Wi-Fi networks is essential to monitoring Wi-Fi networks, and here are free tools – some for Windows, some for Macs – that can do just that. By Eric Geier Aug 11, 2020 13 mins Small and Medium Business Mac Wi-Fi analysis Microsoft adds resiliency, redundancy, security to Windows Server 2019 Windows Server 2019 upgrades enable greater scalability and more reliable recovery from outages for Shielded Virtual Machines. By Rand Morimoto Jun 18, 2018 4 mins Small and Medium Business Disaster Recovery Windows Server news analysis Leveraging Windows Server 2016 for hyperconvergence Hyperconverged infrastructure tools in Windows Server 2016 can support storage, SDN and cost savings when building enterprise data centers. By Rand Morimoto Mar 01, 2018 5 mins Small and Medium Business Windows Server SDN how-to Linux command line tools for working with non-Linux users If you work within a Linux terminal, working with non-Linux users can be difficult. These tools help with document compatibility and companywide instant messaging. By Bryan Lunduke Nov 01, 2017 4 mins Small and Medium Business Linux Windows PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe