Thursday, December 18, 2008

The Promiscuous Browser in a Dangerous World

Microsoft released an urgent patch for a critical Internet Explorer vulnerability yesterday, highlighting the risks our web browsers represent to our online safety. Web browsers in general, and Internet Explorer specifically, are the most promiscuous programs we run on our computers. "Promiscuous" refers to the quantity and diversity of web sites we visit, content we view, programs we download, and sensitive information we exchange when browsing the web. Browser promiscuity also refers to what happens after we type a URL into the address bar. The browser first downloads an HTML page that includes tags and pointers to other content: images, stylesheets, scripts and videos. This content can come from many different web servers operated by many different organizations and can carry harmful data that infect our computers, steal our data or just sit there, undetected, until an online criminal issues remote commands to bring it to life.

Richard Adhikari posted an excellent article on that describes the Internet Explorer patch, why it was necessary and what it means for online safety going forward. The multitude of exploitable features in Internet Explorer make it an excellent target for online criminals seeking to gain control of our computers and our bank accounts.

Simply put, it is not reasonable to use one browser for everything we do on the Internet. It is important for us to segment our web activities into two basic buckets:

Casual Web Use
Casual use includes reading the news, listening to music, researching recipes, and clicking links to the latest must-see Flash video our friends send us in email.

Sensitive Web Use
Sensitive use includes online banking, shopping, applying for a job, or any other transaction that requires information we would not want everyone to know.

Casual use is where we are most likely to get our computer or browser infected. It's easy to visit hundreds of websites a month, clicking from link to link, moving from reasonably safe websites to a dangerous Internet neighborhood where crimeware infections are likely to occur. Sensitive use is where we are most likely to get our money or identity stolen if we are using an infected computer or browser. Moving from one activity to the other with the same browser is just not smart. I like the excerpt from court-ordered wiretaps of Illinois Gov. Rod R. Blagojevich, quoted here from a Department of Justice press release:

"assume everybody’s listening, the whole world is listening."

That is smart advice for Internet users. If you have casually browsed the web for a few weeks or months on your computer, there is a high likelihood you have been infected through a web browser vulnerability. Infections can include "banker trojans," password- and money-stealing programs that listen in to your online banking sessions. So, when you move from casual use to sensitive use, assume the whole world is listening.

Safe Web Use
A new category of web usage that we are pioneering at Authentium is "Safe Web Use." Safe Web Use means we assume "everybody's listening" and still protect your sensitive online transactions. Our SafeCentral service helps to automatically switch between Casual and Sensitive web use and kicks in extra protection to block crimeware that got past your antivirus software during a casual web browsing session. SafeCentral stops keyloggers, screen-stealers, harmful browser plug-ins and many other crimeware components. We also provide a Secure DNS services that protects against another class of threat: DNS redirection.

So, be sure you get yesterday's Internet Explorer patch. But please understand that yesterday's patch will not protect against tomorrow's exploit. In October Microsoft released an unscheduled, critical update for Windows. Chances are the online criminals are already working on exploits we will only hear about in January or February.

Also be sure to check out SafeCentral and be safe even if everybody's listening.

No comments: