ScheduleWorld

It's Your Data, Your Privacy, Your Life

ScheduleWorld carefully and considerately gives you the ability to ensure your privacy. It has the unique ability to encrypt ICalendar components individually so only the intended recipients can read them. For example:

Free From SpyWare And Viruses

ScheduleWorld does not contain any spyware or viruses. Here is a wonderful fact: you do not have to trust us. You know that ScheduleWorld can not log your surfing habits or read your emails and documents because ScheduleWorld runs in a Java sandbox.

A good introduction to sandbox technology can be found here. If you are new to security holes you may find a quick look at this fascinating: click on the google link outlook security hole and examine a couple of the more than 57,000 links that show up.

Want to know more about why you are safe running ScheduleWorld in the Java sandbox? Read on...

Viruses And SpyWare Can Install Themselves

If you find yourself wondering just how easy it would be for a virus or SpyWare package to install itself on your computer you may want to read these:

• Another Critical Microsoft Hole (Active/X exploit that allows IE and IIS to run any code)
• Shattering Windows (unfix-able exploit)
• Microsoft Exec : "Our products just aren't engineered for security"

A Signed Component Does Not Earn Trust By Being Signed

There is little reason to trust a signed application. The act of signing should not earn your trust. ScheduleWorld is not signed because it does not need your trust to work.

Some people say you might be more sure of who really created the app if it is signed, but that is just not true. How can we even trust a certificate authority (like Verisign) to issue certificates properly 100% of the time?

Recently Verisign:

• Issued a Microsoft certificate to a hacker.
• Issued a certificate with the company name: "click yes to continue".
• Issued a certificate to a company "that subsequently used VeriSign's certification as a necessary step in deceiving users as to the function of and (alleged) need for their programs".

Never Trust Any Network (Your LAN, The Internet)

Anyone capable of a Google search and some time to do some digging can download tools that will allow them to read your email traffic, your instant messaging traffic, track which web sites you surf, subvert your SSL connections, and much more. Some restrictions apply, but you should be aware that these tools exist.

Please note that none of these tools (nor any like them) can read or subvert any encrypted ScheduleWorld information or connection because server and client digital signatures are used. Even non-encrypted public calendars can not be tampered with because of our use of client digital signatures.

Beware the EULA (End User License Agreement)

It is interesting to note that most EULAs contain statements that go something like this:

• The software you are using has no use and is not fit for any purpose
• You agree not to sue the software company for any reason

Many people preach that using signed applications is OK, but how can signing an application offer you any protection when the EULA grants the software company the right to basically do whatever it likes without any fear of the consequences of its actions?

Most EULAs are crafted with wordy mumbo-jumbo that is incredibly vague and hard to understand. Reading it basically causes your eyes to glaze over and cognitive brain functions to stop.

• Again, sandboxed Java applications save you from worrying about this because sandboxed applications can not access anything on your machine outside of the sandbox without your permission (you would have to click "Yes" or "OK" in a window warning you about the risk).

Here are some articles about EULAs that grant the application rights to install spyware or even rights to remotely control your machine.

• Microsoft demands remote admin rights on your PC (Microsoft Media Player)
• Microsoft demands remote admin rights on your PC (Windows 2000 SP3)

• Worm with an EULA
• Online Games Contain Spyware
• Sony Proudly Rolls Out Spyware/Restrictions System
• Nearly unlimited articles on spyware

Conclusion

Your only secure option is to run your applications in the Java sandbox.

We care about your privacy. We have engineered ScheduleWorld to run in the Java sandbox, and we have given you the ability to encrypt your data so your data cannot be viewed by anyone without your permission.

New: Some other software developers seem to be taking the view that normal users do not care about security and that it is easier to build an insecure application. If you are a software developer I'd like you to think about it another way.

If you saw a problem (viruses, spyware, etc) wouldn't you want to fix it (by using the unsigned Java Web Start sandbox)? If you could make the world a better place isn't it worth a little effort? If users have a choice between two products with similar features they will choose a secure product over an unsecure one.

Feedback always welcome: MarkSwanson@ScheduleWorld.com