Scaling back Web browser security expectations

Today, the browser has become one of the most critical and most used pieces of software on everyone's computer,consequently, it has become the focus of attack by the hackers and viruses.Despite the best efforts of the computer security industry, the number of flaws continues to grow; new ones have already been found in Microsoft Internet Explorer 7, and Firefox is coming under increasing scrutiny by industry experts and attackers. Browser vendors are faced with the impossible task of writing flawless code while hackers only have to spot one error in order to find an attack vector. The emergence of the "exploits-as-a-service" business, where malware is sold to organized crime, has helped to increase the cries for better Web browsers and Web browser security.So how would the ideal browser differ from what we have today? Microsoft has certainly eased its software repair process via automatically installed Internet updates, and the introduction of a software "sandbox" will help limit damage even if a malicious program is able to subvert the operation of IE 7. But what more is required? Web browser security is an ongoing issue because a browser cannot distinguish between malicious and non-malicious content. The critical question is, at what point should the browser defer to the user's decision to allow particular content, versus blocking it regardless? With current browsers, the initial settings make many security decisions automatically on behalf of the user. However, we all know how annoying it is when Outlook, for example, decides for us which attachments we can and cannot open. At the other extreme, it is very disconcerting when a desktop firewall asks for your decision on every incoming probe or request. There are so many, productivity collapses and click fatigue sets in.
We need to change our perception of the Internet and accept that there is an element of risk when we use it, since it's unlikely that browsers will ever be able to make all our security decisions for us or protect us from every danger, known and unknown,there will always be some coding flaws that don't get spotted.



July 30, 2007 at 2:02 PM

Internet Explorer cannot open the Internet site, Operation aborted and the Google Local Map API error: