According the application, the patent (no. 6,662,341) covers writing a standard HTML file that runs in its own window outside of the browser. This means, according to the filing, that the author of an HTML application file won't face the security constraints imposed by a browser. This relaxed security allows an HTML author to do things such as: read from a user's local computer; write to a user's local computer and perform scripting of frames between domains.
The patent paves the way for what it calls HTML applications -- a new file type that windows would interpret as a standalone application that could be run outside of the browser.
"Most existing Windows application development environments require knowledge of specialised computer languages such as C++, or Visual Basic," says the patent. "Learning a specialised computer language is often difficult for non-technical individuals. However, many non-technical individuals can use HTML and scripting languages, such as VBScript and Jscript (Microsoft's implementation of JavaScript)."
Because HTML and scripting languages are run inside a Web browser, they inherit the browser's user interface and security mechanisms. "Because non-technical individuals have knowledge of HTML and scripting languages, it would be advantageous to leverage such existing knowledge to implement a Windows application," says the patent. "Such applications should be free to define their own user interface elements and to run as trusted code on the system, that is, outside of the security model imposed by the Web browser. The present invention is directed to achieving this result."
Microsoft's patent appears to be platform agnostic, making it likely to apply to all operating systems including Linux and Unix. The operating system would recognise files to be run as applications by the HTML application file extension, .hta.
Microsoft did not immediately respond to requests for comment.
Talkback
Erm, aren't Microsoft supposed to be adding security features not finding new ways to bypass them?
Everybody ready for the next round of viruses? I just hope they provide a way to stop these *applications* from running. Also, how does this differ enough from all the other scripting options to allow a patent!
Huh? I mean, you expect a non tech-savvy person to write an app for you? You trust him/her? I mean, I can't believe Microsoft is adding more potential bugs into the system -- when there are already too many bugs to count -- and it's doing it with the help of non tech-savvy persons. And compare that with the "professional programmers" at Microsoft who always make bugs.
I find this sort of thing laughable. Perhaps allowing HTML or other scripting languages to write non-browser apps is a nice idea, but to justify it by saying it's to enable non-technical people to write programs? How naive ARE these people? There's a reason why Software Engineering degrees are available, and it's not just so the university can make a few extra bob off the back of a fad. I suppose I shouldn't complain since I can continue to have a very profitable career from coming in and tidying up/fixing/replacing systems written by cowboys. I mean, I know what a hammer and a nail look like, and I probably even know a bit about joining two pieces of wood in the correct manner, but would I build my own set of wardrobes? Would I do it for someone else? Come on... and don't even get me started on the security implications. Hackers must be rubbing their hands with glee.
Will it affect XUL and mozillas' approach?
Like they need more security holes. Maybe it's a move to enable them to throw patent infringement lawsuits at malware authors...
Next they'll patent the 'ease of use'/'ease of cracking' features inherent in their technology ;-)
What's next? Patenting colors, so that any application that uses colors (i.e. all of them) has to pay Microsoft a royalty.
It seems that Microsoft has found a way of the Linux threat: just patent the whole of computing.
Hta exist since 2000, what is the difference with the patent ?
On the surface, this looks like a complete reversal of all the "smoke and mirrors" talk about being security conscious, that MS has been hyping over the last year or so. They have just provided a means of bypassing all the security they have allegedly been working for. As far as I am concerned, this is just another reason to distrust anything that comes from MS.
Linux won't be allowed to implement this "solution". MS may "invent" more of these strange solutions and then - by virtue of their monopoly - promote them in real life; linux will be cornered.
Lets prevent this by creating a website with al kinds of useless inventions, so that nobody can "invent" them anymore.
On the other hand: if you are clever enough to invent something even more stupid, your patent applications may actually be helped by our incomplete website.
By the way: will the html-application runtime have webbrowsing capabilities? If yes: is it a (extended) webbrowser and as such not 'new'?
This is M$'s answer to Java. Ever heard of Java applets? This is the same thing, only without the security. They can't stand that Sun (or anyone else, for that matter) is taking limelight from them.
MIcrosoft will eventually have to open source thier product to stay competitive with Linux, in my opinion. A fair price for their products would also help. Other than that, I they are facing the rise and fall of the Microsoft Empire.
I certainly hope this is a joke, but then again M$ has never joked when opening up "another" security hole in thier OS.
I would hope the Mozilla writers as well as other browser writers will have better sense than to allow this kind of crap.
Just another way to prove that you will have to have more third party software to fix and protect what M$ couldn't or wouldn't.
Doc
I thought patents had to be for specific products or clearly defined ideas. I think I will patent "using only the digits one and zero, represented by on and off in a switching mechanism, I will construct a calulating device able to solve any concevable query" oh goody I will be the worlds richest man!
Keep in mind, patents can take years to be cleared, and in the meantime still be used by t he inventor. It's most likely this patent was applied for long before the current crop of MS security issues.
However with MS' supposed renewed focus on security and attenpt at bettering their public image in this regard, the word of this patent's acceptance couldn't have come at a worse time.
So what's the news ? People have been using HTML applications [.hta] for years !!! And they work only with IE . At the simplest, You just make an htl page and save as .hta., if i remember correctly.
Errata- in my last post, i meant 'html' . 'htl' was a typo.
HTML apps were alwas considered a security threat. So apart from some pending patent now issued, is there something new here? Or did I miss something ?