February 20, 1997
From the Office of Brad Silverberg
Senior Vice President
Microsoft Corporation
1 Microsoft Way
Redmond, WA 98052
Dear Internet Users Everywhere:
You may have heard reports about a malicious software program created and demonstrated recently by the Chaos Computer Club (CCC) in Hamburg, Germany. I want to personally assure you that Microsoft® Internet Explorer 3.0 has the appropriate safeguards to protect against this type of threat. When you use its default security level (High) that comes pre-set, Internet Explorer 3.0 will not download and run any "unsigned" controls such as the one from the CCC.
The CCC demonstrated its malicious executable code running on Microsoft Internet Explorer 3.0, though they could just as easily have demonstrated a similar attack on any other browser. While it is unfortunate that hackers have created this harmful program, it does point out the need for users to act cautiously and responsibly on the Internet, just as they do in the physical world.
Malicious code can be written and disguised in many ways -- within application macros, Java™ applets, ActiveX™ controls, Navigator plug-ins, Macintosh® applications, and more. For that reason, with Internet Explorer 3.0, Microsoft has initiated efforts to protect users against these threats. Microsoft Authenticode™ in Internet Explorer 3.0 is the only commercial technology in use today that identifies who published executable code you might download from the Internet, and verifies that it hasn't been altered since publication.
If users choose to change the default security level from High to Medium, they still have the opportunity to protect themselves from unsigned code. At a Medium setting, prior to downloading and running executable software on your computer, Microsoft Internet Explorer presents you with a dialog either displaying the publisher's certificate, or informing you that an "unsigned control" can be run on your machine. At that point, in either case, you are in control and can decide how to proceed.
As you know, Microsoft is committed to giving users a rich computing experience while providing appropriate safeguards. Most useful and productive applications need a wide range of system services, and would be seriously limited in functionality without access to these services. This means that many Java applications will have to go "outside the sandbox" to provide users with rich functionality. By signing code, a developer can take advantage of these rich services while giving users the authentication and integrity safeguards they need. Other firms such as Sun and Netscape are following our lead, and have announced that they will also provide code signing for Java applets. Microsoft will also be providing an enhanced Java security model in Internet Explorer 4.0, giving users and developers flexible levels of functionality and security.
Microsoft takes the threat of malicious code very seriously. It is a problem that affects everyone in our industry. This issue is not tied to any specific vendor or group of people. All of us who use computers for work, education, or just plain fun need to be aware of potential risks and use the precautions that can ensure we all get the most out of our computers. For this reason, we are committed to providing great safeguards against these types of threats in Internet Explorer. We expect hackers and virus writers to get increasingly sophisticated -- but we pledge we’ll continue to keep you and us one step ahead of them.
Best regards,
Brad Silverberg