The RSS support in Windows Vista, primarily through Version 7 of its Internet Explorer Web browser, is built on...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the Windows RSS Platform, consisting of three components that expose feed handling and management to other Windows applications. All feeds managed by the RSS Platform are stored in the Common RSS Data Store. Feeds are cleansed of potentially malicious code by stripping out scripts and embedded objects. The Common RSS sync download engine downloads content at periodic intervals, using Attachment Execute Services to prevent automatic downloading of potentially malicious file types. Finally, the Common RSS Feed List can be queried by the RSS Platform APIs, giving application developers access to the list of feeds to which the user is subscribed.
The addition of the Windows RSS Platform is not aimed solely at making it easier for users to find, subscribe and manage their RSS feeds. It also means that developers can incorporate the rich capabilities of RSS into their applications. Events in an RSS feed, for example, can be displayed directly in an RSS-enabled calendar application, or a sales manager can have the latest online sales figures fed into his accounts application.
However, any technology that allows data to be shared across applications carries risks. In the same way that applications that use a browser for their user interface can become vulnerable to any browser bugs and vulnerabilities, applications that incorporate RSS can fall prey to any vulnerabilities found in the RSS-enabling technology. Also adware, spyware and other malicious software writers will no doubt start trying to find ways to add an RSS feed to the user's global feed repository or use it as a gateway to other data.
Microsoft has done a credible job in eliminating many exploitable vulnerabilities through its security development lifecycle (SDL) and renewed focus on security in its Windows operating system and major applications. The security features in Windows Vista mean that hackers are having to work harder to compromise users' PCs. But what about RSS-enabled applications from other vendors? You may feel that you can trust Internet Explorer to secure the login credentials for feeds such as Gmail that require a password to access them, but what about extending that trust to other applications? I would certainly test new RSS-enabled applications in a safe environment before allowing them to be used throughout an organization. And as with any relatively new technology, particularly one whose functionality is being expanded rapidly, security policies should be updated to define guidelines for acceptable usage.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
The TLS protocol has fallen on hard times, but expert Michael Cobb explains how client puzzles can help fix some of the problems.continue reading
Microsoft's Wi-Fi Sense for Windows 10 can share encrypted passwords for Wi-Fi networks, but is it safe? Expert Michael Cobb has the answer.continue reading
Several security vendors and providers have been hacked over the last year. Expert Michael Cobb explains how enterprises should prepare for a vendor ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.