Because the E platform and CapDesk are infrastructure tools, they touch on many different aspects of computing. We will deal with the competition in several segments: competing security technologies, competing distributed software development technologies, and competing desktops.
The security technology field is broken into hundreds of specialized applications for specialized purposes, which is perhaps one of the best indicators of just how problematic all the existing technologies are. Combex has demonstrated that security can coexist with flexibility and power, but there is another point less often noted in the common wisdom but which is truly inescapable: Security cannot coexist with complexity. Complexity invites the identification of chinks in the armor.
Here we consider 2 of the more general-purpose and common security systems: access control lists as found in Unix and Windows NT, and firewalls such as the Linux IPCHAINS utility.
Firewalls: firewalls are inherently unable to implement POLA. They are perimeter security systems only (though the perimeter may be applied to a single computer, for those willing to administer such systems). Once an infection has breached the perimeter, all the materials and machines within the perimeter are immediately open to convenient assault. In a POLA-based security regime, acquisition of a single authority does not assist in acquiring the next authority. POLA by its nature yields defense-in-depth architectures, both on the desktop and on the network. And although a firewall may be able to use virus detection software to catch and delete well known viruses before they infect the network, they cannot catch the brand new virus that has not yet been identified and is in its most infectious state.
Access Control Lists: Access Control Lists (ACLs) as provided by Unix and Win NT are also inherently unable to implement POLA. It is possible, with acts of sufficient system admin legerdemain, to cast certain applications into their own private user spaces (web servers are frequently treated as separate users), but this is far too complicated for the user of a word processor that supports the creation of document-embedded viruses with an embedded programming language, or the user of a web browser that supports Active-X controls.
All the currently popular security systems are designed as wrap-arounds for systems in which the security regime was inadequately addressed in the deepest underpinning layers. To meet the security needs of todays extreme-security organizations, and tomorrows average user of Web-based smart contracting, a fundamental change is required: the type of change afforded by E and CapDesk.
Distributed Software Development Technologies
The premier languages of the Web today are Java and Perl. Perl is a powerful string-manipulation language for building short CGI scripts to drive simple data-driven Web pages. It is virtually useless once one leaves this important but limited niche: its lack of modularity and casual disregard for readability make it unusable for more complex applications.
Java is a serious language for diverse professional purposes, and it does have a security architecture.
CapDesk running a Web Browser that has launched an E caplet. Caplets deliver on the promise first made by Java applets: flexible powerful applications downloaded over the Web that can be run safely on the local machine while still being centrally maintained. Note the Save button on the Caplet, which is impossible on a Java Applet because of the restrictions imposed by the Java Sandbox
The Java Security Manager is not, strictly speaking, capable of implementing POLA. However, close inspection of the documentation shows that, in principle, it comes surprisingly close to supporting POLA. Alas, there is a fatal flaw in the Security Manager: using this fine-grain security imposes such a complexity burden on the user that, in practice, no one ever uses it. The Security Manager has 3 basic settings:
In the specific niche of secure distributed application development, Java has a number of other disadvantages compared to E, including these:
In a very important sense, Java should not be looked upon as a competitor. The E platform runs on top of the Java Virtual Machine; all E programs are 100% Pure Java according to the definition promulgated by JavaSoft.