Friday, April 9, 2010

WebKit To Improve Security, Performance

The next-gen WebKit will be WebKit2. Like Apache and OpenSSH before it, WebKit will take on separation of user-facing processes and back-end logic to enhance the project with the delivery of privilege separation, sandboxing, multiple CPU saturation, and other performance and security goodness. Unlike Google's Chrome, which uses WebKit within per-page processes separated to protect the application from a single crashing window and prevent cross-page exploits but depends on Chrome for management of all the processes needed to provide the benefits of separating the application into processes, WebKit2 will offer process management for rendering so that any application wanting to leverage it can do so without unnecessary internal complexity or boilerplate insertion of code for process management.

The specific benefits of WebKit2 will be seen in time, but from the WebKit wiki page announcing WebKit2, one can access beta-version build instructions for testing purposes.

One benefit of WebKit2 will be the isolation of misbehaving instances of Adobe Flash from web pages on which no such misbehavior is manifest, so that losing a page to a Flash issue doesn't cause users to lose the state of their thirty other open windows with half-filled forms and half-read source articles. The plug-in will take down only the process to which it is plugged. Another benefit? When one closes a window and kills the associated processes, the killed processes' resources are immediately available to the system, and don't contribute to the bloated resource consumption of long-running browser applications. This will continue to be a major benefit so long as proprietary plug-ins remain a major feature of the Web.

The browser competition can only help users: the better the performance, the happier they will be on more modest hardware, and the longer their current computational power will satisfy their needs. And who knows? Perhaps Apple's recruitment of Mozilla's former security chief signals impending improvements to the robustness of Apple software in the face of malicious code.

No comments: