Browser Competition Good for Security


In a world of highly interactive Web 2.0 applications, browser security is a big issue. This study -- released by Google Switzerland, IBM Internet Security Systems and a firm called Computer Engineering and Networks Laboratory -- drew interesting conclusions about how people are handling Web browser security.


The group was unable to make definitive assertions, but guessed that 45.2 percent of Internet users worldwide are not running the most up-to-date version of their browser of choice, and that Firefox's auto update could be a more effective way than more complex procedures in combating a global browser attack.


The writers acknowledged that their measurements were incomplete and implied that the true situation may be even more dire. They suggest a "best before" date -- like those used to warn of rancid butter and curdled milk -- would be a good idea for browser security software and related processes. It could galvanize awareness among users and help businesses assess the security of their customers' browsers.


The study is analyzed in this eWeek article. The writer did a good job of summarizing the researchers' findings. Perhaps the most intriguing is that Firefox users are more likely to be running the securest version of the browser than Internet Explorer users.


Competition -- which clearly has arrived (or re-arrived) in the browser sector -- promotes better performance. Included in the security upgrades in IE 8 Beta 2 is the SmartScreen malware blocker, which has the same goal as features in Firefox 3.0 and Opera 9.5. The IE8 beta also will feature protection against most cross-site scripting attacks. The new beta will become available some time next month.


A little competition is a good thing. It apparently made Firefox sensitive to security flaws in previous versions of the browser and was one of the leading concerns of Firefox 3.0, which was released last month. It has long been thought that a key reason the mobile space has stayed relatively safe is that there is no overwhelmingly dominant operating system for vandals to target.


That wasn't the case, of course, with the browser. This vnunet.com piece suggests that emergence of Firefox and Opera can have the same positive impact by complicating the life of crackers. The competition also will make each browser pay more attention to security more quickly.