All the latest UK technology news, reviews and analysis
|
|
|
18 Jun 2008
The re-emergence of the 'browser wars' between Internet Explorer, Firefox, Opera and Safari is changing the security landscape, say experts.
Competition and the newfound variety have created security advantages and disadvantages as attackers and malware writers adjust their attacks.
F-Secure researcher Sean Sullivan pointed out in a recent blog posting that the bevy of IE alternatives is having unexpected benefits for some would-be exploit victims.
"Many of the malware samples and scams that we currently come across are targeting browser applications," he wrote. "So enhancing browser security and an increase in competitiveness is a good thing."
Jamz Yaneza, senior threat researcher at Trend Micro, shared similar thoughts, noting that traditionally one vulnerability for one application was all a hacker needed to infect the overwhelming majority of users.
"I think this is a good thing," Yaneza told vnunet.com. "Given that Microsoft has 95 per cent of the retail desktop market, having a single browser means having a single exploit point."
But there is also a wave of innovation brought by the competition. The latest versions of Opera and Firefox employ new security tools to detect and warn users when known phishing and malware sites are visited.
The upcoming version of Microsoft's Internet Explorer is said to sport similar capabilities.
With the advantages of a more diverse browser base, however, there comes a new crop of security threats.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java Developer - Belfast - Banking Skills: Core Java...
I am recruiting for a Shared Accounting Service Manager...
QA Tester/Automation Tester - C# .NET Agile, Epsom, Surrey...
3RD LINE EXCHANGE 2010 / 2003, QUEST, LONDON, GLOBAL...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
re: operating systems
Mircea: Metasploit, MPack, etc. are not pieces of malware themselves, but web-based systems for delivering the malware. The framework is hosted on a web server, and only the malware payload is installed on the victim's machine.
Posted by: Shaun 19 Jun 2008
...greater variety of operating systems?
"In order to adapt to a greater variety of browsers and operating systems, malware writers have created exploit frameworks such as NeoSploit and MPack....The frameworks are able to identify the browser and operating system a visitor is using and then deliver a customised attack specifically targeted for that user." I don't quite understand the operating system part. I am no expert on this but I think the malware you are talking about only works on Windows. Is it working on Mac or Linux?
Posted by: Mircea 18 Jun 2008