Web browsers are amazing technology, but from the very birth of the World Wide Web, they have never provided enough functionality for web developers. Browsers, after all, are static programs: a browser can only display so many types of information in so many ways. For this reason, from the start, web developers have looked for ways to augment the functionality of browsers by asking users to download and run additional programs. Sun, Microsoft, and Netscape have further developed technologies for automatically downloading and running programs on demand. Programs that move in this fashion are frequently called mobile code .

Most mobile code behaves as expected. But it doesn’t have to. Many programs have bugs in them: running them will occasionally cause your computer to crash. Some programs are downright malicious; they might erase all of the information on your computer’s disk, plant a virus, or seek out confidential information stored on your computer and transmit it to a secret location on the Internet. And some companies have used active content to learn the email addresses or browsing history of people who thought that they were anonymously browsing a web site.

Thus, the purveyors of mobile code systems have had to walk a tightrope. They’ve had to design systems that have tangible benefits for both web publishers and users, while simultaneously limiting the malicious damage that these systems can create. This balance ...