NewsDude
07-07-2008, 10:00 PM
A study from the Swiss Federal Institute of Technology, Google and IBM says more than 600 million Internet browsers were at risk this year.
"Insecure Web browsers are of course a critical security problem," the report noted. "But vulnerable plug-ins that are accessible (and exploitable) through the Web browser extend the 'insecurity iceberg' and form the part hidden below the water surface."
The report says browsers need to have auto-update mechanisms that are enabled by default and that cause minimal disruption to users. Though Microsoft's Windows auto-update service includes Internet Explorer, patches are released less frequently in comparison with Mozilla's Firefox, which "can result in a lower short-term patching effectiveness," it said.
Auto Updates
Dave Marcus, McAfee's director of security research and communications, thinks the report is on target about browser and plug-in vulnerabilities. But he added that Microsoft's current method of conducting updates in a controlled manner makes better sense.
"I can certainly understand why they are recommending auto updates, but that's always going to be problematic to enterprise environments, which have a lot of customized applications so you can theoretically break something," Marcus said.
He also warned that malicious scripts are increasingly being embedded into hijacked Web sites.
McAfee's technology "can actually evaluate pages and scan for those scripts to be sure they are not doing something they shouldn't be doing," Marcus said. "It stops the install of the script that the malware is attempting to push out."
Though browsers now incorporate features that warn users when they access risky sites, such warnings depend on lists that must be continuously updated, Marcus noted. "There is a certain amount of truth to saying that they can only warn you about what they already know about," he said.
High Marks For Firefox
According to the study, most users updated to a new version of Firefox within three days of...
More... (http://www.toptechnews.com/story.xhtml?story_id=60648)
"Insecure Web browsers are of course a critical security problem," the report noted. "But vulnerable plug-ins that are accessible (and exploitable) through the Web browser extend the 'insecurity iceberg' and form the part hidden below the water surface."
The report says browsers need to have auto-update mechanisms that are enabled by default and that cause minimal disruption to users. Though Microsoft's Windows auto-update service includes Internet Explorer, patches are released less frequently in comparison with Mozilla's Firefox, which "can result in a lower short-term patching effectiveness," it said.
Auto Updates
Dave Marcus, McAfee's director of security research and communications, thinks the report is on target about browser and plug-in vulnerabilities. But he added that Microsoft's current method of conducting updates in a controlled manner makes better sense.
"I can certainly understand why they are recommending auto updates, but that's always going to be problematic to enterprise environments, which have a lot of customized applications so you can theoretically break something," Marcus said.
He also warned that malicious scripts are increasingly being embedded into hijacked Web sites.
McAfee's technology "can actually evaluate pages and scan for those scripts to be sure they are not doing something they shouldn't be doing," Marcus said. "It stops the install of the script that the malware is attempting to push out."
Though browsers now incorporate features that warn users when they access risky sites, such warnings depend on lists that must be continuously updated, Marcus noted. "There is a certain amount of truth to saying that they can only warn you about what they already know about," he said.
High Marks For Firefox
According to the study, most users updated to a new version of Firefox within three days of...
More... (http://www.toptechnews.com/story.xhtml?story_id=60648)