In a technical tip that’s debuting today on SearchSecurity.com, Michael Cobb writes that it may be time to start scaling back our Web browser security expectations, and he’s absolutely right. But perhaps not for the reason you think.
It goes without saying that browsers haven’t been able to keep up with the myriad of flaws that have been discovered in recent years. Whether you place more blame on opportunistic attackers or browser makers who haven’t been able to get the development and repair process right, the result has still been too many data breaches, identity thefts, intellectual property losses and general IT havoc caused by vulnerable browsers.
Cobb writes that “a browser cannot distinguish between malicious and non-malicious content;” yes, this is true, but perhaps an even more obvious problem is that “malicious content” is constantly being redefined.
The perfect historical reference demonstrating this in my mind is the Active X control. Upon realizing the Web development flexibility and functionality that could be enhanced via Web-based Active X controls, Microsoft modified Internet Explorer to support the technology. Yet users quickly discovered that it opened a back door for Microsoft — and, as it was later learned, just about anyone else — to install whatever code it wanted on users’ systems via ActiveX.
Now should Microsoft have known that Web-based Active X controls would represent a security risk for its browser users? In retrospect, perhaps, but key point is that there are undoubtedly dozens if not hundreds of “Active Xs” out there today (though hopefully not on that level of severity) that nobody’s discovered yet, but will eventually endanger browser users. Malicious hackers are always pushing the envelope and inventing new dangers where none were before, so expecting any browser architecture to be advanced enough to detect and thwart these issues before humans can is beyond all reasonable expectations.
It’s best to think of a browser like a car: use it properly and cautiously and it’ll serve you well. But know that there will always be days when we will be affected by hazards of the Internet highway that are beyond our control.