Microsoft's Internet Explorer moves may create a Netscape bonanza

Microsoft's new version of Internet Explorer includes a semi-permeable virtual machine. Watch out, the law of unexpected consequences is in full force

Readers familiar with the British television sitcoms "Yes, Minister" and "Yes, Prime Minister" are well-versed in the comedic implications of the bureaucratic manner of thinking. The shows' creators, Anthony Jay and Jonathan Lynn, are unequaled at parodying the decision-making process of large organizations and the unusual thought processes of the political class. A classic example of this is what may be referred to as "politician's logic." This concept can be demonstrated in the following syllogism, which can be applied to the typical government response to any societal problem:

  • Something must be done.
  • This is something.
  • Therefore, we must do it.

Sadly, this politician's logic usually results in the "law of unintended consequences," which recognizes that the marshalling of massive government resources to solve one problem inevitably creates a larger and more intractable problem somewhere else. To wit: welfare (illegitimacy), foreign aid (arms sales), nuclear power (environmental damage), and lowering the voting age to 18 (Bill Clinton).

The law of unintended consequences

These same rules apply in the Internet Age. Microsoft's Internet strategy has been chronicled here in JavaWorld and in many other prestigious places on many occasions. While the average IQ in Redmond, Washington, often seems to be higher than in any other high-technology center, Microsoft surely is not immune to the impact of unintended consequences.

Where Java is concerned, Microsoft's intentions can be summarized in the following, somewhat tortured, syllogism:

  • Proprietary is good.
  • Java is bad.
  • Therefore, we must make Java proprietary.

Most likely, this example of "Microsoft logic" would have been viewed with skepticism in Plato's Academy. Given the competitive landscape of the software industry, however, a lot of otherwise logical people are giving it currency.

The basic issue is this: Microsoft recently announced the next beta release of Internet Explorer 4.0 (available later this summer), which will include a virtual machine that allows developers to write Java code that has access to virtually all Windows functions -- including ActiveX components, existing DLLs, and even device drivers. These capabilities, packaged as J/Direct combined with Microsoft's existing Raw Native Interface (RNI), let programmers program in Java virtually anything that can be done in C, C++, or Visual Basic -- with all of the attendant potential for security problems that these languages bring.

Developers writing Java applications that will execute natively on a Windows client or server may well cheer this development. As a result of a new set of simple extensions to the standard Java Development Kit (JDK), they have access to a large body of existing Component Object Model (COM) modules as well as any software already written and compiled for Windows using another language.

But there's a downside. Where Java code, especially applets, is written to the new specifications and executes within a browser, the issue can rapidly become pathological. In short, untrusted applets downloaded to and executed by Internet Explorer have free rein to do on the client system whatever they wish: access memory, write to disk, transfer information to other devices via existing drivers. The potential for mischief is virtually unlimited.

Many in the Java community view this development as a severe attack on Java's integrity. Thanks to the law of unintended consequences, their fears are largely misplaced.

The reason is simple. Imagine if you will, a new CaboComm (the technically adept shakedown company that recently tried to extort money from Netscape to disclose the fix to an esoteric Navigator bug). This new company writes a Java program that successfully attacks the virtual machine in Internet Explorer and performs an unpleasant act on a series of supposedly secure, remote clients. There are many nasty alternatives: spurious database access, overwriting memory, accessing the network through an existing device driver.

The question is this: When this attack is successful, is it an indictment of Java security or a bug in Internet Explorer?

However great the reach of Microsoft's marketing machine, surely it is the latter. The open door Microsoft has created for Java programs in Internet Explorer has the potential to create more problems for its own support organization than it will for Java. The law of unintended consequences indicates that in an attempt to undermine Java, Microsoft may well subvert its own reputation.

Rely on the less ethical in the Java community (and there are a few) to attack Internet Explorer early and often. Those who consider Java to be the ultimate weapon in their Holy War against Microsoft have a new lease on life. Paradoxically, Microsoft has given them the weapons to cause the company severe damage.

This is very good news for Netscape. Any offending Java code will not execute within a Navigator or Communicator environment even when hosted on a Windows machine. This will be a big win for "secure" Netscape and bad news for "buggy" or even "dangerous" Microsoft. The market share Internet Explorer has taken from Navigator may well return to Netscape in a matter of months.

The Netscape response

While Microsoft has been busy attempting to tear down Java's walls, Netscape has been busy building them higher and stronger. Having recently adopted JavaBeans as its overall component model, Netscape's "crossware" architecture is starting to look more and more compelling. The combination of Java, Beans, IIOP, and CORBA provides a substantial, standard, and relatively secure operating platform for corporate computing. The architecture has obvious advantages in the extranet and in the World Wide Web, where cross-platform operation is virtually mandatory. As Microsoft undermines its own advantage in the intranet with a leaky Internet Explorer, the Netscape ONE environment is rapidly becoming a more viable alternative for the corporate intranet.

Having embraced IIOP last fall, Netscape is quickly moving to heal any rifts in the anti-Microsoft alliance. It recently submitted a position paper to the Object Management Group along with IBM, Oracle, and Sun to make JavaBeans the official object model for CORBA. Netscape also announced a series of Java commitments at its DevCon event in June:

  • Implementation of its directory, messaging, and database connectivity services as JavaBeans.
  • Implementation of other services such as security and transaction processing as Beans in the future.
  • Development of a 100 percent Java version of its Communicator client for shipment in 1998.

In short, Netscape has the potential to provide the corporate IS community with a superior technical alternative to its existing Microsoft infrastructure. While the best technology doesn't necessarily win, Microsoft's suspect strategy with Internet Explorer may negate the benefits of its incumbent status. Self-inflicted wounds are often the most painful.

Sadly, Netscape is in the process of missing this opportunity by hurrying its technology to market. Deciding when to ship software is an art, not a science. Balancing customer commitments and market opportunity against quality and robustness is a constant challenge. Early indications are that Netscape is rushing Communicator and Enterprise Server 3.0 shipments to market before they are ready. In particular, AWT 1.1 and JavaBeans support are missing from the initial release. Similarly, the CORBA API for Enterprise Server will not be included with initial shipments.

Conclusion

Microsoft's approach to Java has much to offer on the server as a mechanism to connect to existing services like OLE and COM. However, shipping a sieve-like virtual machine in Internet Explorer allows people to develop untrustworthy and very dangerous applets. In providing this opening, Microsoft undermines Internet Explorer's credibility much more than Java's. Navigator and Communicator are the potential winners, as is Netscape overall. The door is wide open for Netscape if it can execute. The law of unintended consequences is in full effect and it applies to everyone.

William Blundon is executive vice president and co-founder of The Extraprise Group, a leading provider of application development, training, and strategic advisory services for corporations building Internet, intranet, and extranet sites. His focus in the last eight years has been on distributed object environments and the Internet. He is a former director of the Object Management Group.