All the latest UK technology news, reviews and analysis
|
|
|
18 Jun 2008
The re-emergence of the 'browser wars' between Internet Explorer, Firefox, Opera and Safari is changing the security landscape, say experts.
Competition and the newfound variety have created security advantages and disadvantages as attackers and malware writers adjust their attacks.
F-Secure researcher Sean Sullivan pointed out in a recent blog posting that the bevy of IE alternatives is having unexpected benefits for some would-be exploit victims.
"Many of the malware samples and scams that we currently come across are targeting browser applications," he wrote. "So enhancing browser security and an increase in competitiveness is a good thing."
Jamz Yaneza, senior threat researcher at Trend Micro, shared similar thoughts, noting that traditionally one vulnerability for one application was all a hacker needed to infect the overwhelming majority of users.
"I think this is a good thing," Yaneza told vnunet.com. "Given that Microsoft has 95 per cent of the retail desktop market, having a single browser means having a single exploit point."
But there is also a wave of innovation brought by the competition. The latest versions of Opera and Firefox employ new security tools to detect and warn users when known phishing and malware sites are visited.
The upcoming version of Microsoft's Internet Explorer is said to sport similar capabilities.
With the advantages of a more diverse browser base, however, there comes a new crop of security threats.
Latest stories from Security
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
HTML, CSS, Flash - Web Content Editor - Photoshop, Dreamweaver...
Biomass Programme Manager/Engineering/Supply Chain/Heavy...
Head of Compliance My client is currently seeking...
THis role is working for a multi national Financial organisation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
re: operating systems
Mircea: Metasploit, MPack, etc. are not pieces of malware themselves, but web-based systems for delivering the malware. The framework is hosted on a web server, and only the malware payload is installed on the victim's machine.
Posted by: Shaun 19 Jun 2008
...greater variety of operating systems?
"In order to adapt to a greater variety of browsers and operating systems, malware writers have created exploit frameworks such as NeoSploit and MPack....The frameworks are able to identify the browser and operating system a visitor is using and then deliver a customised attack specifically targeted for that user." I don't quite understand the operating system part. I am no expert on this but I think the malware you are talking about only works on Windows. Is it working on Mac or Linux?
Posted by: Mircea 18 Jun 2008