Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."

Download it now to read this article plus other related content.

6. Pop-ups
Pop-ups are at best an annoyance, at worst a lure to malicious sites. Each tested browser is generally effective at blocking pop-ups. Netscape's and IE's controls are a little more granular, permitting designated sites to allow pop-ups and storing them as a site security property, while Firefox has a single button to block pop-up windows. However, Firefox has a configurable whitelist of sites that will permit pop-ups, so there's really little difference.

    Requires Free Membership to View

IE 7.0

All three browsers have anti-phishing capabilities, but IE 7.0's and Netscape's functionality is embedded in their native code, while Firefox requires an antiphishing toolbar from Web services provider Netcraft.

Most important is the evolution of the technical controls over pop-up mechanisms, which are launched via Web scripting languages such as ActiveX and Java. All three browsers disable new window calls that use this technique. However, our testing revealed some mysterious and sometimes malicious client-side applications. For example, many P2P programs surreptitiously install a number of applications that can launch new pop-up windows from an underlying system call. The browsers are all susceptible to this technique.

7. Passwords
Password maintenance is a serious security issue: Unencrypted, easily accessible passwords are prime prey for attackers. No worries on that score. All three browsers store application passwords with AES encryption and hide the actual characters from plain-sight view. Nevertheless, password transmission should really be the main concern. We'd love to see the browsers notify users when they are about to send a password in clear text over the Internet.

8. Phishing
Phishing attempts, orchestrated by organized criminals, are a major factor in identity theft and a serious threat to online consumer confidence. Using social engineering, attackers lure users to convincingly fake Web sites, usually on hijacked servers.

All three browsers have taken first steps to help thwart phishing and alert users that they may be on a potentially bogus site, but the jury is still out on how much they really will help.

Firefox users can download a free antiphishing toolbar from Web services provider Netcraft (also available for IE 6.0), while IE 7.0 and Netscape embed this capability in native code. All three rely primarily on a blacklist of known phishing sites. This is helpful, but phishing sites are notoriously moving targets--they're taken down as soon as they're discovered, and the crooks simply move to another hijacked server.

IE 7.0 also uses a parsing engine that can potentially identify threats based on string patterns.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: