Security Still an Issue in the Browser World (IT Business Edge)



Scott's Take: While browsers are getting more advanced, they aren’t fully secure. The diversity of vendors is increasing and the complexity of what is done in the browser is increasing. This idea of a cloud-based browser might give business significantly more control over how their users use the web. Read the article at IT Business Edge.

Everything about the Internet changes quickly. It is the nature of things, and nowhere truer than in browsers.

It was not too long ago that it could have been called “the Internet Explorer category.” Those days are long gone, of course. A number of competitive browsers from the likes of Mozilla and Google battle on equal terms with Microsoft and IE. Smaller browsers also are available. Moreover, the coming of HTML5, which will dramatically simplify the browsers’ tasks by making the work generally done by plugins part of the native functionality, further promises to change the competitive landscape.

But all browsers are not the same. Michael Muchmore, who apparently is in charge of updating PCMag’s browser ratings, began his latest update by saying that the familiar browsers are getting better. He says they “are fast, secure, compliant with new Web standards” and “sport trim, clear interfaces.”

Muchmore assesses five browsers. He gives Chrome 33 a score of 4.5 out of 5. Firefox 27, Internet Explorer 11, and Maxthon 4.2 all earn 4s and Opera 20 gets a 3.5 rating.

The problem with browsers is that in order to reach out, it essentially is necessary to give smart folks a chance to get in. ExtremeTech reports on the doings at Pwn2Own 2014, a cracker contest that was held in Vancouver. Two takeaways from Sebastian Anthony’s report: Browser security is not great and Firefox, due to its lack of sandboxing, is bringing up the rear. To sum up:

At Pwn2Own 2014, an annual computer hackfest in Vancouver, Mozilla’s Firefox has proven yet again that it’s the least secure major web browser. While all four major web browsers — Chrome, Internet Explorer, Firefox, and Safari — were successfully exploited, for a grand total of $850,000 in prize money awarded to successful security researchers, Firefox was by far the least secure browser, racking up no less than four zero-day vulnerabilities. These vulnerabilities, if they were in the wild, would allow a hacker to do just about anything with your computer if you visited a specially crafted website.

Perhaps the answer is to somehow keep the crackers’ tool, malware, on the sidelines. At Forbes, Adam Tanner writes about a new trend, super secure cloud-based browsers. He mentions four: Silo from Authentic 8, myPOQ from Quarri and products from Maxthon and Spike Security.

He goes into the most depth in his discussion of Silo, which is aimed more at business users than consumers. Essentially, the idea is to make things safer not by improving security but by simply eliminating the danger. Using Authentic 8, for instance, users only can gain access to the browsing capabilities by entering a password. Many familiar functions, such as audio and video, are disabled. Only sites that previously were entered can be accessed again. The bottom line is that the bad code never gets the opportunity to make mischief because the heavy lifting, indeed, just about all the lifting, is happening elsewhere:

It then executes on the cloud and calls up a list of links the user has previously entered, and can store passwords for those sites. All code executes on their remote servers, providing security against malware and privacy against tracking.

Cloud-based browsing sounds like a great idea, but limited. Businesses rightly are concerned with the types of applications used by their employees. Perhaps a deeper concern with their browsers, starting with Firefox, is a good idea as well.

Read the article at IT Business Edge.