Rupert Goodwins' Diary

Wednesday 15/05/2002If Israel versus Palestine isn't exciting enough for you, and Pakistan versus India seems as lacking in thrills as a day on Margate beach, then get involved in the .Net versus Java debate.

Wednesday 15/05/2002

If Israel versus Palestine isn't exciting enough for you, and Pakistan versus India seems as lacking in thrills as a day on Margate beach, then get involved in the .Net versus Java debate. I've never heard so much hollering, apart from the howler monkey house in Regent's Park. It's hard to pick the nits of truth from the shaggy hairpiece of confusion on this one -- but sometimes, the proponents don't help themselves.

Microsoft has a nice collection of supporting documents for the enquiring mind, for example, and one is a report by a company called Foundstone. A security specialist, it says that Microsoft brought it in as an advisor in the early days of .Net, and as a result it's got a unique insight into the technologies that make it all so secure.

Fair enough. But what to make of claims such as '[.Net] verifies all managed code to ensure memory type safety. This eliminates the risk of code executing or provoking "unexpected actions..." "Buffer overflows... refering to memory containing anything other than defined variables... referencing stack locations outside the allocated stack frame... and transfering execution to arbitrary locations within a process are also prevented by the verification process"? Stirring stuff -- and, as far as I understand it, impossible. One of the enduring delights of computer software is that you can't normally prove it'll do -- or not do -- anything. Alan Turing first came up with this as the halting problem: there's no general way to tell whether software will reach the end of its code or not, and by extension you can't say that in all circumstances your software will do what you say it will.

You can have a jolly good bash at it, but you can't guarantee it. You certainly can't guarantee it with .Net, whose language -- C# -- includes the sort of memory arithmetic that is particularly prone to errors with security implications. Yet here is a security consultancy making statements that appear to rewrite some fundamental aspects of computational logic. Doesn't compute.

Either I'm wrong, and it is possible to guarantee such things -- in which case, it's very exciting -- or hype is more important than accuracy in the great .Net sell. I've asked Foundstone to help me out here, but no reply as yet. I'll keep you posted.