Complexity, though, is often the enemy of security. Numerous bugs hidden in all of that complicated code can lead to exploitable security vulnerabilities. So defenses need to be balanced among the browser, the operating system and the network. It's the old defense-in-depth philosophy. We should not put all of our infosec eggs solely in the browser basket. The browser can help, but it can also be subverted.
That being said, I do not believe that today's browsers are sufficiently equipped to fight malware. Major browser vulnerabilities are discovered on a regular basis, and attackers install a great deal of malware by exploiting these browser holes. That manipulation will likely continue for some time. The browsers have improved, but all the browser-helper applications that play media files, including QuickTime and Acrobat Reader, and render different languages, like Flash, are proving to be a big security concern. The browser doesn't really prevent these third-party tools from being subverted, even though it invokes them.
Some people may say that it's not the browser's job to protect against errant third-party applications, and that's certainly a defendable argument. If everyone had that reasoning, it would be hard to believe that the browser would play "the greatest role in malware protection."
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Ed Skoudis, Contributor
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.