Browser security is a big thing these days. No one wants the kind of trouble that comes from using something that is easily hacked, or the subject of attacks, where the poor souls who use it are in for major problems.
That is why Internet Explorer should die a quick death – now.
An article in PCWorld that came out this weekend claims that Chrome is the most secure browser, and backs the claim with the fact that Chrome uses the concept of sandboxing.
All browser makers should take a page from Google’s Chrome and isolate untrusted data from the rest of the operating system, a noted security researcher said today.
Dino Dai Zovi, a security researcher and co-author of The Mac Hacker’s Handbook , believes that the future of security relies on “sandboxing,” the practice of separating application processes from other applications, the operating system and user data.
In a Wednesday entry on Kaspersky Labs’ ThreatPost blog, Dai Zovi described sandboxing, as well as the lesser security technique of “privilege reduction,” as “[moving] the bull (untrusted data) from the china shop (your data) to the outside where it belongs (a sandbox).”
The idea behind sandboxing is to make it harder for attackers to get their malicious software onto machines. Even if an attacker was able to exploit a browser vulnerability and execute malware, he would still have to exploit another vulnerability in the sandbox technology to break into the operating system and, thus, get to the user’s data.
“Sandboxing raises the bar significantly enough that attackers will have to turn to other [types of attacks], like rogue anti-virus software,” Dai Zovi said today in a telephone interview.
The pervasiveness of Web-based attacks calls for browser sandboxing, Dai Zovi argued. “It’s crucially important because, in my opinion, the browser will become the OS,” he said. ” Google is the first to realize that the browser is the operating system, and Chrome is a huge leap forward with its ground-up rewrite.”
While I am skeptical of the “browser is the operating system” concept, I take the point. That is not to say that the concept won’t be there for some, but those who wish to graduate above the level of web-TV, or those not able to have internet access (which will be many until the internet becomes free, as in free like the air) will not be surrendering the computer to a browser just yet.
– and the article goes on later with –
Currently, Mozilla’s Firefox, Apple ’s Safari and Opera Software’s Opera lack any sandboxing or privilege reduction features. “Apple, for example, has implemented some sandboxing in Snow Leopard , but [although] security researchers were hoping to see some of that technology used in Safari, that hasn’t happened,” Dai Zovi said.
Mozilla is working on Chrome-like sandboxing for Firefox — the project’s dubbed “Electrolysis” — but the feature probably won’t make it into the browser until Firefox 4.0, which is now slated to ship in late 2010 or early 2011.
Dai Zovi sees browser sandboxing as an answer to the flood of exploits that have overwhelmed users in the past year. “This isn’t perfect, but it’s the direction we should be heading in,” he said. “The idea of fixing every vulnerability is clearly not working. We can’t always win the race to patch.”
But sandboxing, or at the least, reducing the browser’s ability to affect the rest of the OS, may be the way to block most attacks. “It adds more defense-in-depth and impedes attackers,” Dai Zovi said.
The article also states that the protected mode of IE7 and IE8 is not really a sandboxed setup, and does not offer the same amount of protection that Chrome does.
I’m sure that many are asking how much utility has to be given up, in order to be safe.
As someone that uses Opera most of the time, but also has SR Ware’s Iron on a couple of machines, I can say I have never been compromised while using Opera, or Iron. I have had problems some years ago with Internet Explorer, but that was also back when I was using Windows 98SE. I can’t remember if I was using IE 5.5 or IE6. Either way, in the time I’ve been using Windows XP or higher, which is 2001 to now, I have not had problems.
I must modify that however, because as soon as I had heard about problems with Internet Explorer, I stopped using it whenever possible, substituting Firefox, or Opera, or now Iron, for it.
Though I believe nothing is foolproof (they keep improving the quality of fools) I think I can say that with reasonable precautions, the user can assure no problems as long as Internet Explorer is avoided.
Web Statistics and Trends
Statistics are important information. From the statistics below, you can see that Internet Explorer and Firefox are the most common browsers.
Browser Statistics Month by Month