The RSS support in Windows Vista, primarily through Version 7 of its Internet Explorer Web browser, is built on...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the Windows RSS Platform, consisting of three components that expose feed handling and management to other Windows applications. All feeds managed by the RSS Platform are stored in the Common RSS Data Store. Feeds are cleansed of potentially malicious code by stripping out scripts and embedded objects. The Common RSS sync download engine downloads content at periodic intervals, using Attachment Execute Services to prevent automatic downloading of potentially malicious file types. Finally, the Common RSS Feed List can be queried by the RSS Platform APIs, giving application developers access to the list of feeds to which the user is subscribed.
The addition of the Windows RSS Platform is not aimed solely at making it easier for users to find, subscribe and manage their RSS feeds. It also means that developers can incorporate the rich capabilities of RSS into their applications. Events in an RSS feed, for example, can be displayed directly in an RSS-enabled calendar application, or a sales manager can have the latest online sales figures fed into his accounts application.
However, any technology that allows data to be shared across applications carries risks. In the same way that applications that use a browser for their user interface can become vulnerable to any browser bugs and vulnerabilities, applications that incorporate RSS can fall prey to any vulnerabilities found in the RSS-enabling technology. Also adware, spyware and other malicious software writers will no doubt start trying to find ways to add an RSS feed to the user's global feed repository or use it as a gateway to other data.
Microsoft has done a credible job in eliminating many exploitable vulnerabilities through its security development lifecycle (SDL) and renewed focus on security in its Windows operating system and major applications. The security features in Windows Vista mean that hackers are having to work harder to compromise users' PCs. But what about RSS-enabled applications from other vendors? You may feel that you can trust Internet Explorer to secure the login credentials for feeds such as Gmail that require a password to access them, but what about extending that trust to other applications? I would certainly test new RSS-enabled applications in a safe environment before allowing them to be used throughout an organization. And as with any relatively new technology, particularly one whose functionality is being expanded rapidly, security policies should be updated to define guidelines for acceptable usage.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these...continue reading
Is the Dell eDellRoot security threat a serious problem and, if so, can it be prevented with self-signed root certificate authorities? Expert Michael...continue reading
What does FIPS 140-2 Level 2 certification for devices cover? Expert Michael Cobb explains the FIPS 140-2 security standard and how vendors use it in...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.