A brief analysis of browser security

Incidents – Security vulnerabilities penetrate user desktops

In February 2009, Microsoft released a widely-watched ms09-002 security vulnerability Bulletin and immediately updated patches for the vulnerability. When a visitor accesses a page of a particular specification using an IE 7 browser, the MS09-002 vulnerability can allow remote malicious code execution to disrupt the visitor's computer system. The typical problem is that browser-oriented malicious attacks have become the most rapidly growing category of desktop security threats in the past year. At the same time, after the threat was released, major anti-virus product vendors intercepted a large number of attacks based on this vulnerability. Even some of the previously popular malware have begun to integrate new variants into the ms09-002 attack mechanism, trying to make a comeback.

Other recent security vulnerabilities that warrant attention

Before ms09-002 vulnerabilities are released, there are some notable security vulnerabilities for browsers. At the end of last year, for example, the Microsoft 0day Vulnerability, the impact of the browser version than ms09-002 more extensive. The latest Adobe security vulnerabilities, however, take advantage of embedded executable browser scripts in PDF documents, which can have a very broad security impact.

Origin – The cycle of safe explosive points

Throughout the 2008 years, the most important issue of desktop security focused on Trojan downloads and so on Web Access as a carrier of the virus program. According to incomplete statistics, in the past three years, web-based virus programs have maintained at least doubling the level of growth every year. More than 20% of the 10 million new viruses that emerged in the year of 2008 as a viral outbreak were downloader programs. In fact, the Downloader program is not a fresh product, there is a very early use of such a mechanism of malicious programs exist. But the reason why it has become so "prosperous" in recent years is that the security environment changes as a result of the wrestling between the two camps. As the oldest and most basic Internet application, Web Access undoubtedly has the largest user community and the highest frequency of use. But as the function of browser software is rich and family members are growing, it becomes a relatively weak link in security protection. Compared to mainstream Internet applications such as email and instant messaging, Web Access Protection tools, while numerous, are difficult to match with other special tools in depth and precision. Because of the simplicity of the Web access surface, it conceals the harm caused by the misuse of the user and the security hidden trouble caused by the numerous technical functions.

Portrait – Security risks on the browser

In order to provide richer functionality, more and more client-side scripting and component technologies are used in Web pages. This brings better functionality and user experience, while also allowing users to face more security issues when using browser software. Wood show Yulin, the wind will destroy, JavaScript client scripting technology has become the standard of fact, nature is also the main object of malicious software. Because JavaScript is more restrictive about the scope and permissions of the operating system, it is difficult to use it to destroy directly. But downloader programs often use JavaScript to download the actual attack code on the Internet. ActiveX, as an important technology of interaction between browser software and other platforms, also has a long history of security issues. Virus programs based on ActiveX components tend to be more disruptive and can attack the operating system directly because of the ability to manipulate systems more than browser scripts. Many enterprise-class software systems use ActiveX components as the core technology to implement client functions, making the security protection system more complex. In addition, you can use the Windows Script host's VBScript and the currently less-used Java applets applet, and so on, to be able to do damage based on your browser. Also noteworthy is that, as the most commonly used application on desktop computers, browsers are now more tightly integrated with the operating system. In addition to IE browsers, which are tightly integrated with Windows operating systems, other browsers also use the underlying components of many operating systems to enhance their functionality. This is why security attacks using browser problems can be so destructive that many vulnerabilities allow attack code to directly destroy or exploit the operating system core. Especially for 0day attacks where vendors have not yet released an update patch, desktop computers will be completely exposed to a few of the attacks, and this is why cloud security technology is now being put in high hopes. Trend technology took only a few minutes to intercept a Microsoft browser's 0day attack, which provided a good precondition for timely release of the bug patch. Cloud-based web address filtering, which has become almost standard, can effectively prevent users from accessing Web sites with security threats, so that even if the computer has a vulnerability, it has a greater chance of surviving against the attack.

Direction – Security changes to the Internet portal

has been relying on, for browsers this most important Internet access, users rely mainly on security vendors to provide software products to obtain security. However, it can be seen that browser vendors are also constantly complementing the security features of their products, which can provide users with more level of protection. The security mechanisms of browser products and the operating system itself are often more important for a variety of security attacks that exploit client-side scripting, especially for malicious programs that can directly implement security attacks using ActiveX. In the new IE8 browser, Microsoft will adjust the traditional ActiveX control mechanism. In a new browser version, the installation of an ActiveX control will no longer require administrator rights, but is installed with the permissions of the currently logged-on user. This allows for a more logical division of permissions, and when a malicious program uses ActiveX to infect the computer, it will not easily gain administrative privileges. And if an ActiveX plugin is not in the white list of the mechanism, its ability to operate the local system will be greatly limited, which can be a good mitigation of the use of ActiveX mechanisms to destroy the operating system. The implication of this change is that users and vendors can better control the popular rich client access plug-ins such as Flex, Silverlight, and so on, to some extent to avoid the security risks posed by the ever-increasing ability to execute on browsers. However, this improvement also has some limitations, such as the current only in Vista or later operating systems to use the mechanism, and the current share of the relatively high number of XP operating systems are not available.

Network fraud, represented by phishing, is also one of the major security threats at present. Browser software is widely integrated to identify deceptive Web site features, the more typical of which is Firefox. As a result of the provision of plug-in development mechanism, users can use Firefox itself to provide the anti-phishing function, but also can download a lot of plug-ins to provide similar functions, so as to obtain a more appropriate protection against fraud. In Microsoft's IE8 browser, a unique feature improvement is also provided. After the user enters the URL in the browser's address bar, IE8 identifies the top-level domain name section of the URL and displays it in a highlighted form. Although this improvement looks very small, the effect in the actual use of the process is not surprisingly effective. This can significantly improve the user's attention, so as to determine whether they have entered the URL correctly. At the same time, the enhanced security filter provided in IE8 can also complete the analysis of the Web site. Most importantly, by setting the security policy, you can increase the protection level of this security filter, thereby shielding the suspicious URLs more greatly.

Pocket Guide to Internet behavior Safety

In fact, in addition to the attention to update operating system vulnerabilities and the use of effective security products such as technical means, want to improve the security of access to the Internet, to focus on the control of user behavior when surfing the Internet. Note that application scenarios are the primary principle, although it is relatively safe to remember passwords on your personal computer, but the habit of not using the memory password function is more secure. If you are surfing the Internet in public, even if you do not use password memory, it is also recommended that you clear the history of the visit. It is another good habit to use the same information when registering an account, so that you can avoid breaking through layers. At the same time, for the network services that do not need to provide real information, they should keep the personal information properly when registering.

Outlook – The browser's tomorrow crisis

With the continuous development of rich client technology, more and more applications use browsers as the access media, including many enterprise applications. As a result of this analysis, browser software security features will continue to increase, new features and Plug-ins may burst the security vulnerabilities will also increase. Because of the pervasive nature of browsers and the lack of uniformity of application specifications, it is difficult to achieve high security through simple means. In addition to working closely with each other, implementing a more robust security model at the system level is enough to allow the browser to gain sufficient security power. The good news is that the current Internet user community has greatly improved the use of habits and vigilance, but also need to be better at the system platform to solidify and manage users online behavior. The upcoming new system platform, such as Windows 7, will bring us a new round of answers.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/