Don’t Blame the Browser

Don’t Blame the Browser
Melih Abdulhayoglu, 2009-02-06

There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.

Expand all | Post comment

Economics says "blame the browser" 2009-02-08
Jim (1 replies)

Re: Economics says "blame the browser" 2009-02-10
Anonymous

Don’t Blame the Browser 2009-02-09
Anonymous (1 replies)

Re: Don?t Blame the Browser 2009-02-09
Anonymous (1 replies)

Re: Re: Don't Blame the Browser 2009-02-17
Anonymous

Don’t Blame the Browser 2009-02-09
Anonymous

Don’t Blame the Browser 2009-02-09
Anonymous (1 replies)

Re: Don?t Blame the Browser 2009-02-11
Anonymous

An ounce of prevention 2009-02-09
mechBgon

The most powerful blanket defense is to use the least-privilege principle. Use a low-rights account to browse the Internet. Anything else is like driving without your seatbelt fastened.

For those versions of Windows that support it, Software Restriction Policy in disallowed-by-default mode will arbitrarily block execution of payloads, even when a successful exploit has occurred. That includes cases where the user has been fooled into running a trojan.

Browser add-ons and extensions are a major source of attack surface, so removing unnecessary add-ons and keeping the remaining ones updated will also help. Do your users really need ______ (QuickTime, RealPlayer, Sun Java, etc) to do their jobs? When's the last time you checked your fleet's Flash Player and Adobe Reader installations to see if they're up-to-date?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/492/35372#35372

Don’t Blame the Browser 2009-02-10
Grenage

Don’t Blame the Browser 2009-02-10
m6a

D i D 2009-02-10
Eric H

Don’t Blame the Browser 2009-02-14
RG (1 replies)

Re: Don?t Blame the Browser 2009-03-11
Anonymous