From the makers of Outlook, IE and Active-X : Terrarium

From: David Mohring (
Date: 02/07/02

From: (David Mohring)
Date: Thu, 7 Feb 2002 12:21:22 +0000 (UTC)

If ever you needed proof that Microsoft hasn't a clue in terms of
systems security, you need look no further than their lastest
DOT NET "training tool" - Terrarium.

Quoteing the recent .NET show
+Terrarium is a multiplayer ecosystem game developed using the .NET
+Framework. Developers can create their own creatures and add them into the
+game on their own client machine. Teleporters on each client transfer the
+creatures between clients in the Terrarium peer-to-peer (P2P) network.
+Through the experience of programming these "creatures," the participating
+developers gain familiarity with the new development models presented in
+.NET, and how to construct code using Visual Studio .NET.

I saw a demonstration of Terrarium last year. With limited
distribution as a demonstration and testing tool for the sandboxing
in DOT NET it was a very good idea. But as what seems to happen with
all such good ideas at Microsoft, the Marketing section get hold
of it an say "This is a great feature to sell DOT NET to the
developers". So it gets released to the general public ( or at
least those willing to have or forge a Microsoft passport ).

And so ...
"Microsoft game is a code-eating battle"
Which includes the unforgettable phrase "Terrarium is not a virus,
says Microsoft".

Here is a google page to Microsoft's gotdotnet site, which includes
cached versions of the following pages.

The FAQ makes interesting reading.

What raised the hairs on the back of my neck was the was the italicized
statement of the install page.
+Install Terrarium
+Note You must be a local administrator or power user on the computer to
+install and run the Terrarium.
I can understand the need to install as local administrator or power user,
but why has Microsoft completely failed to learn by now that it is not a
good idea to run such a service under Local-system or administrator

See Apache Vs IIS,14179,2792860,00.html
And the views of,14179,2809071,00.html

Microsoft recent history of providing "sandboxed" enviroments is abismal
and even the best professional programmers cannot guarantee that such
a complex system as the DOT NET common runtime environment will be
vulnerability free.

IMO it is only a matter of time before either the code in one of the
"critters" manages to "break the glass" and escape into the system or a
flaw is discovered in the peer to peer server vulnerable to true worm
infestation. At least if the service/application is running with normal
user privilege it would somewhat limit the damage the script could do.

If the management at Microsoft choose to go ahead and relase Terrarium
in a form that requires it run with such high privileges, or worse
still consider running such an application on Win9x/ME, then it shows
that the recent statements about Microsoft's recent converion
over the concerns about security issues in its products is nothing
but pure marketing bull____.

David Mohring - "Dot NET, Got Root, Not NET, Bit Rot"

Relevant Pages

  • From the makers of Outlook, IE and Active-X : Terrarium
    ... DOT NET "training tool" - Terrarium. ... Developers can create their own creatures and add them into the ... all such good ideas at Microsoft, ...
  • generic arithmetic (or the lack thereof)
    ... I love the dot net framework. ... generics, or in some other way allow arithmetic in generics without a ... microsoft today is dominant in most areas of computing. ... floating point arithmetic is slow in the dot net framework. ...
  • Re: Compiling to Unix
    ... > do it for Vfp9 or maybe vfp10. ... Microsoft wants total control. ... Microsoft make dot net? ...