The RSS support in Windows Vista, primarily through Version 7 of its Internet Explorer Web browser, is built on...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the Windows RSS Platform, consisting of three components that expose feed handling and management to other Windows applications. All feeds managed by the RSS Platform are stored in the Common RSS Data Store. Feeds are cleansed of potentially malicious code by stripping out scripts and embedded objects. The Common RSS sync download engine downloads content at periodic intervals, using Attachment Execute Services to prevent automatic downloading of potentially malicious file types. Finally, the Common RSS Feed List can be queried by the RSS Platform APIs, giving application developers access to the list of feeds to which the user is subscribed.
The addition of the Windows RSS Platform is not aimed solely at making it easier for users to find, subscribe and manage their RSS feeds. It also means that developers can incorporate the rich capabilities of RSS into their applications. Events in an RSS feed, for example, can be displayed directly in an RSS-enabled calendar application, or a sales manager can have the latest online sales figures fed into his accounts application.
However, any technology that allows data to be shared across applications carries risks. In the same way that applications that use a browser for their user interface can become vulnerable to any browser bugs and vulnerabilities, applications that incorporate RSS can fall prey to any vulnerabilities found in the RSS-enabling technology. Also adware, spyware and other malicious software writers will no doubt start trying to find ways to add an RSS feed to the user's global feed repository or use it as a gateway to other data.
Microsoft has done a credible job in eliminating many exploitable vulnerabilities through its security development lifecycle (SDL) and renewed focus on security in its Windows operating system and major applications. The security features in Windows Vista mean that hackers are having to work harder to compromise users' PCs. But what about RSS-enabled applications from other vendors? You may feel that you can trust Internet Explorer to secure the login credentials for feeds such as Gmail that require a password to access them, but what about extending that trust to other applications? I would certainly test new RSS-enabled applications in a safe environment before allowing them to be used throughout an organization. And as with any relatively new technology, particularly one whose functionality is being expanded rapidly, security policies should be updated to define guidelines for acceptable usage.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
Address bar spoofing attacks can be detrimental to an organization. Expert Michael Cobb details several vulnerabilities and explains how to defend ...continue reading
Facebook added OpenPGP encryption to its messaging services to help improve messaging safety. Expert Michael Cobb explains the benefits of the ...continue reading
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.