Like I’ve said before, despite several visual and functional similarities, frogans and widgets are not the same thing. I like to imply that we live in a happy universe where frogans and widgets can peacefully coexist. Like Rodney King said, “Can’t we all… just… get along?”

Well, wouldn’t that be nice. But can you really, really trust a widget?

According to the Q3 2007 Web Security Trends Report from the Finjan Malicious Code Research Center (MCRC), you can never be too sure if a widget is as cute and cuddly on the inside as it is on the outside:

“Our findings suggest that new attacks that exploit the insecurities of widgets and gadgets are imminent, and that a revised security model should be explored in order to keep users protected from such attacks.
All types of widget environments (OS, 3rd party applications, and web widgets) were found to be plagued with inadequate security models that allowed malicious widgets to run.”

What? Next, they’re going to tell us not to let them get wet; nor to feed them after midnight!

It’s not as if the writing wasn’t already on the wall. All these proliferating mini-apps, cruising the Info-way to and from your computer, often accessing your system resources and running JavaScript of unbeknown intent. Yikes!

Among other things, the MCRC suggests that organizations limit the internal use of widgets, and even go so far as blocking the downloading widget and gadget file types at corporate network gateways.

Is there any hope for those of us wanting an interactive, online desktop pal without fearing that it might stab us in the back?

Frogans, like widgets, have a knack for being cute and cuddly and for displaying content in a small, unobtrusive format. (For a look at their major differences, see “Frogans vs.Widgets”.)

However, in Frogans Technology development, and apparently unlike with widget engines, end-user security has been a major consideration from the start. While not impossible, a malicious attack from a frogans, is really, really improbable. Here are a few reasons why:

• FSDL (Frogans Slide Description Language) – Written in XML this is the only language in which a frogans can be authored. No Flash, no JavaScript. FSDL provides no references to end-user system resources.
• No disc cache – Frogans slides are loaded into active memory only (and they don’t take up very much of that) – never onto your hard drive.
• Image and FSDL parsing – Here the Frogans Player trades off a bit of speed for iron-clad parsing security.(Given the size limitation requirements for frogans resources, this is a minimal speed issue). The Frogans Player simply rejects corrupt files and corrupt images.
• Fonts – The FSDL specifications (v.3.0) permit only certain typographic fonts to be used in a frogans slide. These fonts are integrated into the Frogans Player which has exclusive access to them. Principally implemented as an access and compatibility feature this is also an insurance against corrupted fonts which could eventually be used in an exploit attempt.
• The frogans address – Each frogans publisher on the Main Frogans Network obtains their frogans address at frogans.com and agrees to the terms therein. This allows STG Interactive to suspend a frogans address (and consequently the frogans concerned) should an FSDL document or an image at that address be used in an attempt to exploit a possible Frogans Player security flaw.
  Moreover, frogans addresses are secured by means of digital signatures.
• We encourage the developer community to go looking for any security flaws they can find in the Frogans Player. Anybody who informs us of one will be cited the release notes of patched Frogans Player upgrades. What more could you ask for? A free frogans address with a cool name like “frogans*DemonHacker”? We’re open to suggestions on that front.
• All the above points apply to all three of the principal platforms for Internet end-users. Linux users won’t be left to fall by the wayside. Mac OS X users won’t be out in the cold. Windows users won’t be left blowing in the wind.

We’re pretty sure that Frogans Technology is going to be a hit in corporate environments because of its clear advantages in terms of security, and what’s good enough for them should well do for the rest of us.

So if you happen to come across a cute and cuddly widget, take heed that looks can be deceiving. On the other hand, your favorite frogans can look like Dracula’s nightmare and still be the perfect pet. I’d like to know what the MCRC will have to say about that.

Up until now I’ve jabbered a lot about how neat frogans are as elements on the desktop, how cool the authoring environment is, the groovy Frogans Player, how the revolution will be televised, etc. It was getting about time to write about that much-neglected third pillar of Frogans technology, the one you’ve all been waiting for, the Frogans Network System Language, or FNSL for the in-crowd.

Rather than being a post, I did it as a static page. So don’t wait another instant! Go to the FNSL/Frogans Network Fun Overview by clicking here!

Should I be getting paranoid about a frogans wiring my desktop to the Internet? In my last entry I talked about how a frogans can become a permanent window from your desktop to the Net, and how this can be a means by which Internet publishers can strengthen their ties with end-users. Is this not just another way for Big Brother to infringe on our privacy?

I’ve been talking about a frogans as a permanent desktop browsing tool, but I think I need to expand a little bit about what is meant by “browsing”.

Perhaps the moniker “browser” is misleading. Back in the old days when browsing applied only to physical activities that you do in bookstores, record stores, libraries, and mail-order catalogues, you never had to consider the idea that an invisible entity was browsing back at you. Okay, there’s the occasional clerk eyeing the customers, watching to see if that Hot Tuna LP is going to move, or if that kid’s paid for everything that’s in his backpack. But at least that clerk was a person with whom you could make eye contact.

Today it’s a different scene. Instead of walking in into a building, or a room, to feed our eyes, ears, stomachs and brains, we exchange digits through an enticing mysterious black box. The vast majority know little of how the thing works by itself, and even less of how it interacts with that maze of bigger boxes on the other end of the line. Yet we light the thing up, make it an integral part of our lives, fill it up with all sorts of personal, professional and financial information, and then go and use it to browse through other black boxes that are not fundamentally different from our own.

Talk about blind trust. It sounds like leaving your entire wallet at the door as a right of passage.

Alright, not completely so. That’s because the perceived risk of becoming a victim of fraud or the invasion of privacy has been, up until now, acceptable to most people. But who’s to say if the perception, or reality, of these risks will be kept in check? And for how long?

Can you trust that frogans, that window-less window, wide-open day and night – can you trust it to keep the mosquitos, burglers and peeping toms at bay and out of your hair? The reality is that trust can never be imposed. It can only be earned. The ultimate profusion of Frogans technology will depend on its reputation for assuring the end-user’s security and privacy.

One-way window, mirrored sunglasses, and all that

Frogans technology implements security measures that, until now, have been unheard of in Internet navigation.

While a frogans is the navigational interface that you see on your screen, it is the Frogans Player that displays it and manages its connection to the Internet. Unlike a desktop widget, for example, a frogans is not an application, but rather an interactive rendering of images and content written in FSDL that the Frogans Player has located on the Internet and displays on your screen. Frogans Technology architecture assures that it is only the Frogans Player that will ever be capable of doing this, guaranteeing that a frogans, regardless of its author, will always carry with it the privacy and security measures provided by the Frogans Player.

For instance:

• The Frogans Player will never allow any content from a frogans to be written to the end-user’s hard drive. This is a huge step away from the conventions accepted for web browsers. Frogans content is loaded only into active memory, protecting the end-user from any possible corrupted or malicious content (should it get past the parsing process, which is highly improbable).
• The Frogans Player will never transmit information concerning the end-user, be it their operating system, system fonts, applications installed, or other content. The Frogans Player may transmit session information concerning a frogans to a server, but this information is temporary and completely anonymous with respect to the end-user.

All that is to say that a frogans, if it is intended to be a window overlooking the Internet, is a one-way window. It’s part of the deal. If there are any other Internet technologies out there that can assure the same level of consideration the end-user, I hope that someone will say so by hitting me with some comments.