Browser Security; More About Security Through Obscurity

In a recent survey performed by Opera Software, approximately 32 percent of respondents had no idea whether the browser they choose affects their system's overall security (see the news item below). It's probably safe to assume that those people don't know how any application might affect their system's overall security.

Some people might argue that using any browser other than Microsoft Internet Explorer (IE) is far safer. That might not be true depending on how someone uses IE. For example, if you load the latest patches, stay on top of the latest vulnerabilities and exploits, use add-on tools that increase security, and possibly modify certain registry settings, then IE can become much safer to use than it is in its default configuration. Plus, if you use Windows XP with Service Pack 2 (SP2), IE is much safer.

If you subscribe to our WinInfo Daily UPDATE newsletter, you probably read last Friday's Short Takes edition in which Paul Thurrott mentioned that IE 7.0 is in development. It will undoubtedly be more secure than previous versions, but there's a catch: It will be available only for Windows XP and Windows Server 2003. At this time, it seems that Microsoft won't make the new browser version available for Windows 2000. Mainstream support for that OS ends June 30, but that doesn't mean that no security patches will be available. Since the company will provide free security patches until June 2010, I think we can assume that includes security patches for IE on Win2K.

It's certainly possible to switch from IE to another browser on any Windows platform, but of course doing so presents problems because some application interfaces rely on the use of IE. This means that in many cases, you'll have to use two browsers, which isn't a big deal, but you do incur the added work of managing an additional application on your desktops.

Last week, I wrote about security through obscurity. One reader wrote to say that in his opinion I completely missed the point of what the phrase "security through obscurity" really means. There's no sense arguing semantics. I'll just say that I was advocating adding as much security as possible even if the added amount is trivial. Another reader wrote with a comment that illustrates this point. He said that even though he knows a thief can quickly unlock his car door and steal the vehicle, he locks the car anyway.

That about sums it up. However, there is the notion of cost, which I didn't cover last week. Some might argue that the cost of managing something like MAC address filtering on wireless Access Points (APs) is excessively expensive for the amount of security gained. This could be true depending on the size of your environment, the size of your budget and your ideas about where that money is best spent, and the manner in which you implement network management. Obviously, you have to decide that for yourself.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.