Ten Years of Web Browser Security

Netscape Navigator was a great web browser. It was the first one I had used and it presented web pages very competently. Much of what Netscape Navigator did is largely what web browsers do today. Spin HTML and JavaScript into reading material and interactive experiences. We can augment formatting and function with things like CSS and JQuery, but the core nature of web browsers remains unchanged from the days of Netscape Navigator.

Security has also gone unchanged. Unlike the steady improvements in functionality and presentation, security is elusive. A consensus opinion may be that attempts to turn a web browser into an operating system was an unsound idea. Outsized ambitions in web development both, in the making of web applications and the execution of browser interfaces in web browsers, may run counter to greater security.

Vulnerability is natural. Exploit conditions is inherent to progress in technology. I am sure there is great advice available on how to make progress while lowering exploits. I have seen some of that advice in the form of CERT recommendations and OWASP guidance but it does seem limited in effect. Certainly half a million dollars in rewards to those who have proved the existence of security flaws is a great mitigation accelerant.

Good ideas are out there. I even read advice on the same article that compiling an open source browser like Firefox with custom C++ flags would make it harder for attackers since the code signature of the browser would be unique to some of the malware. Brilliant suggestion. Meanwhile, it is not broadly applicable. Perhaps it will be another ten years before the technology catches up to security wisdom. I am optimistic that it will.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s