RE: Adobe AIR + .NET Command Proxy Security concerns.

NOTE: Brand Politics mostly (Adobe are offended). If it's not your cup of tea, move on ;)

Yesterdays post has sparked an initial debate on my approach to the AIR + Command Proxy and how we believe it has security concerns associated to it.

The original post can be found here (great time to read the post, comments and come back to this spot in time).

Note: This is a response to the comments in order of weight in terms of (did they have a point).

Rather than bury this deep within the comments of such post, I thought I’d bring it more out to the open as I think these are some great data points all AIR adoptee’s (or likely to adopt) readers of this blog should be weary of. It’s in no way an attempt to discourage you from AIR adoption, that’s something we at Microsoft entrust you’ll decide based on merit and that alone (no upside in such a weak campaign).

Note: 4 immediate responses from Adobe only? 3 of which have nothing to do with the actual technology but more defending each other or for that matter echoing points I’ve already made in my original post.

Let’s keep the conversation focused gentleman and a little less wolf-pack responses.

To: Ryan Stewart @ Adobe asks:

Q. I don't really see where you've given a reason why this is a bad approach?

I should have expanded on this in more depth Ryan, I apologize for that (I assumed all were on the same page. As It seemed obvious to me and other peers I respect)

The communication channel between the command proxy and AIR application looks like a potential vulnerability. One of the things application developers should worry about with security is insecure cross-process communication mechanisms hanging around on someone’s machine. For example if a process listens on a named pipe, and that named pipe has no ACLs and no validation of inbound communication, the process is vulnerable to all kinds of attacks when garbage is sent down the pipe. In the example on using the command proxy how do you secure it so that it doesn’t turn into a general purpose process launcher?

The question I have floating around is “what is being solved here”?

AIR to me is simply a hint in empowering a specific target audience (flex/javascript) to extend such skills beyond the browser sandbox. In allowing this, AIR will of course have certain levels of access beyond a browser in terms of security, which isn’t a problem per say as some solutions may require this. The notion however to break out of the limitations imposed by AIR by leaving an open proxy running on the users machine is definitely not the way to solve the imposed limitations.

I’ve run this past a few internal and external minds to simply ensure I have a sanity check on this and they’ve all raised similar concerns. I simply assumed that this would be a logical conclusion, open ended proxies that can run Photoshop today can do interesting things tomorrow.

Spyware has a habit for example of being really good at telling you it’s not spyware, as why else would any sane person install it.

to: Matt Voerman @ Adobe.

If I was quick to judge, I apologise – just from personal experience, I’ve always found you quick to focus on me personally and not so much the topic. Yet, looking at your post from an outsiders perspective I can see how others may differ in my opinion (personality clash maybe based on local interaction).

Ok, so I found you had approx 1 point in your entire rant. The rest I already covered – IN THE ORIGINAL POST. I’d say practice what you preach hehehe.

The point: “…Two of the most requested features…”

Yet these features go ignored or have lack of commitment. The counter response to these two “requested” features is to create an insecure proxy that kind of taints the waters for all involved (which I’ll get into shortly). If your folks spent less time trying to defend one another and AIR and focus in on why this is being discussed, you’d realize it’s not about discrediting AIR or attacking Mike. It’s about ensuring that a solution of this magnitude is one that we at Microsoft are concerned about. As assume it goes pair shape, and Windows Vista based AIR solutions become tainted both our brands suffer.

To state “we don’t support this – signed Adobe” is like effectively saying “I gave birth to an idea, turned the idea into a solution and I want you – as an Adobe employee - to adopt it but at the same time I won’t support you in doing so”… take responsibility for it at the very least. As to state Adobe won’t support it underpins the notion it has flaws and is probably an immature solution.

to: JD @ Adobe.

Since we are on the topic of establishing an understanding of what our past, present and future.

Can I ask what is you do for Adobe?

You aren’t clear in that regard and to be openly honest you appear to be an “industry analyst” but with an Adobe bias? Are you a professional blogger for Adobe and do you have anything to contribute to the conversation other than what Matt may or may not have said?

That all being stated, I hadn’t really looked at my profile from that perspective and will amend if folks feel it’s misleading. (I’m surprised people actually read it. I didn’t think anything of it as the other day Mike Chambers noted I spelled "were" wrong (so either Mike didn't notice it himself or simply didn't care?)

Interesting though my profile is being a point of focus though, I mean again what does this have to do with the topic? What was that you were saying about the definition of ad hominem J .. waters get murky fast don’t they.

to: Mike Chambers @ Adobe.

I’m at a loss as to why you of all people aren’t seeing the objective here since you are the one writing it. It’s not about AIR vs. Microsoft, it’s simply a case of “…ok we are nervous because you’re effectively endorsing an insecure solution via Adobe platform without thinking through the long term effects associated with doing so..”. It’s concerning and support or not it or not, it’s almost irresponsible.


Folks, this is not about competing and it’s something I cannot stress enough. This is about ensuring that as a large brand you take responsibility for your platform and how you endorse it, specifically when it comes to our operating system. It’s in your best interest to consult us on these matters, as we are the ones whom know our own platform the best and to simply brush us aside as a competitor and do not tell is borderline irresponsible.

Let’s assume the worst happens. Let’s assume the proxy opens Pandora ’s Box. Adobe loses a lot of credibility in the desktop space by providing consumers (e.g. say eBay Desktop app uses this concept for whatever reason) essentially an endorsed vulnerability. This in turn creates havoc (insert FUD rant here) and whilst people may lose faith in your brand, in the end it also falls in our lap as well. As the perception is “Windows Vista should have protected me”.

That is my underlying point. Protection. Simply saying “We don’t support it” isn’t fair as Mike has a lot of respect within the AIR community and this respect carries weight. It’s kind like assigning 99% guarantee to an item – at the end of the day most know 99% guarantee is essentially a 100% guarantee but leaving 1% on the table in the event something goes wrong.

Kind of like Adobe essentially guarantee’s 95% of the worlds computers have Flash…