Browsers and vulnerability

Posted by Webmaster on 17 April 2009 | 0 Comments

Tags: browser, hackers, vulnerability

I know I seem to go on about browsers a lot but they are central to most of what I do and are a necessary evil for internet users, hence my interest.

I was reading with interest on http://www.theregister.co.uk/ about the increase in hacking for macs and how 3 of the most popular web browsers, Safari, Firefox and Internet Explorer, were exploited in a few hours by a group of hackers/computer students.

To mirror the thoughts in the article, it seems outrageous that companies with so much resource and skill, can release products that can be compromised so easily? I know there are always bugs and things we miss in software (being a programmer myself) but sometimes I wonder how much time and effort is really put into the more significant aspect of web browsing, our security, compared with the fancy bits that make it all look pretty.

Now don't get me wrong, add-ons in Firefox are really cool, bu they must leave some aspect of vulnerability? Of course they do. And consider the humble browser helper object in IE. Great in theory but small children can break in with that one. The cynic in me would suggest that some providers take the attitude of, 'if you step of the high street into an alleyway, you're on your own...'. After all, there are many decent and one or two great security products out there so why not let them have some of the pie? Ok that's probably a little unfair and I don't have a problem with software providers who don't really care about vulnerabilities helped by software theft.

I don't want a world where we can browse in safety but not interact (AOL have that covered). One where we can add cool things to our browsers (If I couldn't use Firebug, I'd go and retrain to be a plumber). A world where we can flash and silverlight away to impress our colleagues and clients and do really cool things like blogs and social networking that opens a little bit of our vulnerable underbelly to he world.

So how do we keep safe, yet experience the richness of the internet?

Buy a genuine copy of windows or use a free OS. Seriously, it's not that big a deal. Most new computers come with windows anyway. One of the biggest problems with unregistered copies of Windows is that you can't keep it up to date with patches and security releases. Having an unpatched OS is like walking through a minefield with skis on, pushing a wheelbarrow and dragging a lawnmower behind you.

Other systems based on Linux or similar are so tame nowadays that they really do work fine, even for the nervous novice. If you want to play with Linux in a sandbox (where you can break it and it doesn't matter), get a VMWare player (free from http://www.vmware.com/ and a VMware image for Debian or similar and run it in your regular windows PC. I use VMWare for dev and have had no issues at all.

Don't use pirated software. It can be full of all sorts of nasty things. If you want to use office, go and buy a proper version. You can get Student and Home Edition for <£100. Alternatively, try Open Office http://www.openoffice.org/. It Does what it says on the tin.

Use a virus checker, firewall and spam blocker. There are free ones around that are ok, but for <£50 you can get the very best. Also keep it up to date. If you consider the nature of most exploits, the dangerous one will want to get the info it has collected out. A decent software firewall will prevent it from doing so. You still got the virus or trojan but it didn't really do any damage. Most AV/Firewall applications will monitor your PC for dangerous activity but if you get a message about something or are in doubt about something it has asked, check on the internet. There are a lot of advice forums that can tell you what the message means and how to deal with it.

Don't visit 'those' web sites. I know it's tempting but it is a risk.

Never download anything you aren't sure about. Just common sense really.

Hopefully this will stop a few people from getting exploited.

Happy browsing :)