There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
Today, vaccination is an established and permanent method of preventing diseases by strengthening the bodys natural defenses against the causal elements. The solution lies in eliminating the threat by shoring up the immune system and creating a wall of defense, and not in just managing the symptoms.
The same principle applies to Internet browsers too. True, browsers do come with a built-in security mechanism. However, it should not be their job to be on watch all the time. Browser are there to perform a function: to browse the Internet. Rather than also attempt to secure the user, they should work together with security products to protect the computer network and data against intruders and prevent attacks.
Internet users remember the Internet Explorer 7 incident last year. The IE XML Heap Corruption Vulnerability — a buffer overflow attack — allowed malicious programs to compromise computer systems by overloading the target applications memory buffer with covertly downloaded code. Web browsers, mail clients and IM programs were particularly vulnerable to these attacks, causing data theft and system crashes.
IE users seemed to panic when they learned of the browsers vulnerability. In media reports, some security experts suggested moving to alternate browsers until a patch was available.
However, the problem is not Microsofts browser, but inadequate prevention of exploitation in browsers in general. Internet Explorer has security flaws, just like any other browser. Unlike other browsers, however, IE is the default browser for millions of users around the world. When a problem occurs, the sheer impact in terms of the affected numbers exacerbates an already bad situation. IEs December 2008 incident was no different.
How do other browsers fare in the risk ratings? True, users of Firefox, Safari and Opera are more likely to surf using the latest version — and generally the most secure version — of the browser. They are safer too, perhaps, but not entirely secure, since all software is a work in progress.
The primary difference is one of impact. While IEs buffer overflow problem had the worlds attention in December, emergency patches were rushed out to fix security holes in Firefox and Opera around the same time. Moreover, Google's Chrome browser underscored that newer technology or being the latest to the market doesnt always guarantee foolproof security.
Browsers are meant for you to browse. Not to secure your computer. Not to protect your files against prowlers on the Web. Not to stop attacks from sundry viruses and Trojans. While all browsers have some forms of protection built in today, no one can rely totally on the default security attributes.
Faster, better processors give us more power in computing. But as we build more evolved software, add more complex code, and introduce more functionality, the more challenging it becomes to test and check for loopholes. Beyond that, technology — no matter how advanced — cannot stop hackers and phishers from developing newer ways to exploit browser vulnerabilities.
Moving to another browser may reduce the vulnerability factor, but cannot negate the threat factor completely — a temporary solution at best. Internet Explorer is the most popular browser in the world, so of course hackers are going to try to exploit it. However, switching browsers is not the answer; preventing threats is.
Whats required on the part of a browser user is not a quick-fix remedy such as a security patch, but a permanent solution that anticipates and eliminates a broad class of threats. Memory firewalls, for example, monitor the memory space of all installed applications and could prevent buffer overflow attacks by blocking all intrusions.
PC security must be based on prevention. A safeguard mechanism will ensure that prospective intruders are kept permanently at bay, regardless of the browser. The solution therefore lies in moving away from traditional detection-based software and stepping up to a prevention-based technology.
Security problems may compromise the average Internet browser. They neednt compromise your networks security, if you prepare wisely.